From 08690c84ad829246ed1eec18cda3e42326b38114 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Wed, 7 Jul 2010 09:31:57 -0400 Subject: [PATCH] Remove ethereal module since the application was renamed to wireshark due to trademark issues. --- Changelog | 1 + policy/modules/apps/ethereal.fc | 4 - policy/modules/apps/ethereal.if | 96 ----------------- policy/modules/apps/ethereal.te | 167 ----------------------------- policy/modules/apps/userhelper.if | 4 - policy/modules/apps/userhelper.te | 2 +- policy/modules/roles/staff.te | 6 +- policy/modules/roles/sysadm.te | 7 +- policy/modules/roles/unprivuser.te | 6 +- 9 files changed, 5 insertions(+), 288 deletions(-) delete mode 100644 policy/modules/apps/ethereal.fc delete mode 100644 policy/modules/apps/ethereal.if delete mode 100644 policy/modules/apps/ethereal.te diff --git a/Changelog b/Changelog index 6a7d362b..9ebdae9d 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,4 @@ +- Remove ethereal module since the application was renamed to wireshark. - Remove duplicate/redundant rules, from Russell Coker. - Increased default number of categories to 1024, from Russell Coker. - Added modules: diff --git a/policy/modules/apps/ethereal.fc b/policy/modules/apps/ethereal.fc deleted file mode 100644 index b489cae9..00000000 --- a/policy/modules/apps/ethereal.fc +++ /dev/null @@ -1,4 +0,0 @@ -HOME_DIR/\.ethereal(/.*)? gen_context(system_u:object_r:ethereal_home_t,s0) - -/usr/sbin/ethereal.* -- gen_context(system_u:object_r:ethereal_exec_t,s0) -/usr/sbin/tethereal.* -- gen_context(system_u:object_r:tethereal_exec_t,s0) diff --git a/policy/modules/apps/ethereal.if b/policy/modules/apps/ethereal.if deleted file mode 100644 index 23d5b859..00000000 --- a/policy/modules/apps/ethereal.if +++ /dev/null @@ -1,96 +0,0 @@ -## Ethereal packet capture tool. - -######################################## -## -## Role access for ethereal -## -## -## -## Role allowed access -## -## -## -## -## User domain for the role -## -## -# -interface(`ethereal_role',` - gen_require(` - type ethereal_t, ethereal_exec_t, ethereal_home_t; - ') - - role $1 types ethereal_t; - - domain_auto_trans($2, ethereal_exec_t, ethereal_t) - allow ethereal_t $2:fd use; - allow ethereal_t $2:process sigchld; - - manage_dirs_pattern($2, ethereal_home_t, ethereal_home_t) - manage_files_pattern($2, ethereal_home_t, ethereal_home_t) - manage_lnk_files_pattern($2, ethereal_home_t, ethereal_home_t) - relabel_dirs_pattern($2, ethereal_home_t, ethereal_home_t) - relabel_files_pattern($2, ethereal_home_t, ethereal_home_t) - relabel_lnk_files_pattern($2, ethereal_home_t, ethereal_home_t) -') - -######################################## -## -## Run ethereal in ethereal domain. -## -## -## -## Domain allowed access. -## -## -# -interface(`ethereal_domtrans',` - gen_require(` - type ethereal_t, ethereal_exec_t; - ') - - domtrans_pattern($1, ethereal_exec_t, ethereal_t) -') - -######################################## -## -## Run tethereal in the tethereal domain. -## -## -## -## Domain allowed access. -## -## -# -interface(`ethereal_domtrans_tethereal',` - gen_require(` - type tethereal_t, tethereal_exec_t; - ') - - domtrans_pattern($1, tethereal_exec_t, tethereal_t) -') - -######################################## -## -## Execute tethereal in the tethereal domain, and -## allow the specified role the tethereal domain. -## -## -## -## Domain allowed access. -## -## -## -## -## The role to be allowed the tethereal domain. -## -## -# -interface(`ethereal_run_tethereal',` - gen_require(` - type tethereal_t; - ') - - ethereal_domtrans_tethereal($1) - role $2 types tethereal_t; -') diff --git a/policy/modules/apps/ethereal.te b/policy/modules/apps/ethereal.te deleted file mode 100644 index c102195b..00000000 --- a/policy/modules/apps/ethereal.te +++ /dev/null @@ -1,167 +0,0 @@ -policy_module(ethereal, 2.0.0) - -######################################## -# -# Declarations -# - -type ethereal_t; -type ethereal_exec_t; -typealias ethereal_t alias { user_ethereal_t staff_ethereal_t sysadm_ethereal_t }; -typealias ethereal_t alias { auditadm_ethereal_t secadm_ethereal_t }; -application_domain(ethereal_t, ethereal_exec_t) -ubac_constrained(ethereal_t) - -type ethereal_home_t; -typealias ethereal_home_t alias { user_ethereal_home_t staff_ethereal_home_t sysadm_ethereal_home_t }; -typealias ethereal_home_t alias { auditadm_ethereal_home_t secadm_ethereal_home_t }; -files_poly_member(ethereal_home_t) -userdom_user_home_content(ethereal_home_t) - -type ethereal_tmp_t; -typealias ethereal_tmp_t alias { user_ethereal_tmp_t staff_ethereal_tmp_t sysadm_ethereal_tmp_t }; -typealias ethereal_tmp_t alias { auditadm_ethereal_tmp_t secadm_ethereal_tmp_t }; -files_tmp_file(ethereal_tmp_t) -ubac_constrained(ethereal_tmp_t) - -type ethereal_tmpfs_t; -typealias ethereal_tmpfs_t alias { user_ethereal_tmpfs_t staff_ethereal_tmpfs_t sysadm_ethereal_tmpfs_t }; -typealias ethereal_tmpfs_t alias { auditadm_ethereal_tmpfs_t secadm_ethereal_tmpfs_t }; -files_tmpfs_file(ethereal_tmpfs_t) -ubac_constrained(ethereal_tmpfs_t) - -type tethereal_t; -type tethereal_exec_t; -application_domain(tethereal_t, tethereal_exec_t) - -type tethereal_tmp_t; -files_tmp_file(tethereal_tmp_t) - -############################## -# -# Local Policy -# - -allow ethereal_t self:capability { net_admin net_raw setgid }; -allow ethereal_t self:process { signal getsched }; -allow ethereal_t self:fifo_file { getattr read write }; -allow ethereal_t self:shm destroy; -allow ethereal_t self:shm create_shm_perms; -allow ethereal_t self:netlink_route_socket { nlmsg_read create_socket_perms }; -allow ethereal_t self:packet_socket { setopt bind ioctl getopt create read }; -allow ethereal_t self:tcp_socket create_socket_perms; -allow ethereal_t self:udp_socket create_socket_perms; - -# Re-execute itself (why?) -can_exec(ethereal_t, ethereal_exec_t) -corecmd_search_bin(ethereal_t) - -# /home/.ethereal -manage_dirs_pattern(ethereal_t, ethereal_home_t, ethereal_home_t) -manage_files_pattern(ethereal_t, ethereal_home_t, ethereal_home_t) -manage_lnk_files_pattern(ethereal_t, ethereal_home_t, ethereal_home_t) -userdom_user_home_dir_filetrans(ethereal_t, ethereal_home_t, dir) - -# Store temporary files -manage_dirs_pattern(ethereal_t, ethereal_tmp_t, ethereal_tmp_t) -manage_files_pattern(ethereal_t, ethereal_tmp_t, ethereal_tmp_t) -files_tmp_filetrans(ethereal_t, ethereal_tmp_t, { dir file }) - -manage_dirs_pattern(ethereal_t, ethereal_tmpfs_t, ethereal_tmpfs_t) -manage_files_pattern(ethereal_t, ethereal_tmpfs_t, ethereal_tmpfs_t) -manage_lnk_files_pattern(ethereal_t, ethereal_tmpfs_t, ethereal_tmpfs_t) -manage_sock_files_pattern(ethereal_t, ethereal_tmpfs_t, ethereal_tmpfs_t) -manage_fifo_files_pattern(ethereal_t, ethereal_tmpfs_t, ethereal_tmpfs_t) -fs_tmpfs_filetrans(ethereal_t, ethereal_tmpfs_t, { dir file lnk_file sock_file fifo_file }) - -kernel_read_kernel_sysctls(ethereal_t) -kernel_read_system_state(ethereal_t) -kernel_read_sysctl(ethereal_t) - -corenet_tcp_connect_generic_port(ethereal_t) -corenet_tcp_sendrecv_generic_if(ethereal_t) - -dev_read_urand(ethereal_t) - -files_read_etc_files(ethereal_t) -files_read_usr_files(ethereal_t) - -fs_list_inotifyfs(ethereal_t) -fs_search_auto_mountpoints(ethereal_t) - -libs_read_lib_files(ethereal_t) - -miscfiles_read_fonts(ethereal_t) -miscfiles_read_localization(ethereal_t) - -seutil_use_newrole_fds(ethereal_t) - -sysnet_read_config(ethereal_t) - -userdom_manage_user_home_content_files(ethereal_t) -userdom_use_user_terminals(ethereal_t) - -tunable_policy(`use_nfs_home_dirs',` - fs_manage_nfs_dirs(ethereal_t) - fs_manage_nfs_files(ethereal_t) - fs_manage_nfs_symlinks(ethereal_t) -') - -tunable_policy(`use_samba_home_dirs',` - fs_manage_cifs_dirs(ethereal_t) - fs_manage_cifs_files(ethereal_t) - fs_manage_cifs_symlinks(ethereal_t) -') - -optional_policy(` - nscd_socket_use(ethereal_t) -') - -# Manual transition from userhelper -optional_policy(` - userhelper_use_fd(ethereal_t) - userhelper_sigchld(ethereal_t) -') - -optional_policy(` - xserver_user_x_domain_template(ethereal, ethereal_t, ethereal_tmpfs_t) - xserver_create_xdm_tmp_sockets(ethereal_t) -') - -######################################## -# -# Tethereal policy -# - -allow tethereal_t tethereal_t : capability { dac_override dac_read_search setgid setuid net_raw }; -allow tethereal_t self:unix_stream_socket create_stream_socket_perms; -allow tethereal_t self:netlink_route_socket create_netlink_socket_perms; -allow tethereal_t self:packet_socket create_socket_perms; -allow tethereal_t self:tcp_socket create_socket_perms; -allow tethereal_t self:udp_socket create_socket_perms; - -# Store temporary files -manage_dirs_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t) -manage_files_pattern(tethereal_t, tethereal_tmp_t, tethereal_tmp_t) -files_tmp_filetrans(tethereal_t, tethereal_tmp_t, { dir file }) - -# /proc -kernel_read_all_sysctls(tethereal_t) -kernel_read_system_state(tethereal_t) - -# Read ethereal files in /usr -files_read_usr_files(tethereal_t) -# /etc/nsswitch.conf -files_read_etc_files(tethereal_t) - -miscfiles_read_localization(tethereal_t) - -seutil_use_newrole_fds(tethereal_t) - -sysnet_dns_name_resolve(tethereal_t) - -userdom_use_user_terminals(tethereal_t) - -optional_policy(` - nscd_socket_use(tethereal_t) -') diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if index ec011f98..eee69e3d 100644 --- a/policy/modules/apps/userhelper.if +++ b/policy/modules/apps/userhelper.if @@ -145,10 +145,6 @@ template(`userhelper_role_template',` ') ') - optional_policy(` - ethereal_domtrans($1_userhelper_t) - ') - optional_policy(` logging_send_syslog_msg($1_userhelper_t) ') diff --git a/policy/modules/apps/userhelper.te b/policy/modules/apps/userhelper.te index ec031a31..d584dff8 100644 --- a/policy/modules/apps/userhelper.te +++ b/policy/modules/apps/userhelper.te @@ -1,4 +1,4 @@ -policy_module(userhelper, 1.5.0) +policy_module(userhelper, 1.5.1) ######################################## # diff --git a/policy/modules/roles/staff.te b/policy/modules/roles/staff.te index 5ad84de8..30754e49 100644 --- a/policy/modules/roles/staff.te +++ b/policy/modules/roles/staff.te @@ -1,4 +1,4 @@ -policy_module(staff, 2.1.0) +policy_module(staff, 2.1.1) ######################################## # @@ -42,10 +42,6 @@ optional_policy(` dbus_role_template(staff, staff_r, staff_t) ') -optional_policy(` - ethereal_role(staff_r, staff_t) -') - optional_policy(` evolution_role(staff_r, staff_t) ') diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te index 5ff2890d..794e06fb 100644 --- a/policy/modules/roles/sysadm.te +++ b/policy/modules/roles/sysadm.te @@ -1,4 +1,4 @@ -policy_module(sysadm, 2.1.0) +policy_module(sysadm, 2.1.1) ######################################## # @@ -159,11 +159,6 @@ optional_policy(` dpkg_run(sysadm_t, sysadm_r) ') -optional_policy(` - ethereal_role(sysadm_r, sysadm_t) - ethereal_run_tethereal(sysadm_t, sysadm_r) -') - optional_policy(` evolution_role(sysadm_r, sysadm_t) ') diff --git a/policy/modules/roles/unprivuser.te b/policy/modules/roles/unprivuser.te index 2462d578..d5d50422 100644 --- a/policy/modules/roles/unprivuser.te +++ b/policy/modules/roles/unprivuser.te @@ -1,4 +1,4 @@ -policy_module(unprivuser, 2.1.0) +policy_module(unprivuser, 2.1.1) # this module should be named user, but that is # a compile error since user is a keyword. @@ -36,10 +36,6 @@ optional_policy(` dbus_role_template(user, user_r, user_t) ') -optional_policy(` - ethereal_role(user_r, user_t) -') - optional_policy(` evolution_role(user_r, user_t) ')