fix dupe interfaces

refpolicy/policy/modules/kernel/devices.if

@@ -251,24 +251,6 @@ interface(`dev_dontaudit_setattr_generic_blk_file',`
 	dontaudit $1 device_t:blk_file setattr;
 ')
 
-########################################
-## <summary>
-##	Allow read, write, create, and delete for generic
-##	block files.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`dev_manage_generic_blk_file',`
-	gen_require(`
-		type device_t;
-	')
-
-	allow $1 device_t:dir rw_dir_perms;
-	allow $1 device_t:blk_file create_file_perms;
-')
-
 ########################################
 ## <summary>
 ##	Allow read, write, and create for generic character device files.

refpolicy/policy/modules/kernel/files.if

@@ -300,10 +300,9 @@ interface(`files_search_all',`
 ##	Domain allowed access.
 ## </param>
 #
-interface(`files_list_all_dirs',`
+interface(`files_list_all',`
 	gen_require(`
 		attribute file_type;
-		class dir r_dir_perms;
 	')
 
 	allow $1 file_type:dir r_dir_perms;
@@ -2044,23 +2043,6 @@ interface(`files_dontaudit_getattr_tmp_dir',`
 	dontaudit $1 tmp_t:dir getattr;
 ')
 
-########################################
-## <summary>
-##	Allow domain to getattr on /tmp directory.
-## </summary>
-## <param name="domain">
-##	The type of the process performing this action.
-## </param>
-#
-interface(`files_getattr_tmp_dir',`
-	gen_require(`
-		type tmp_t;
-		class dir getattr;
-	')
-
-	allow $1 tmp_t:dir getattr;
-')
-
 ########################################
 ## <summary>
 ##	Search the tmp directory (/tmp).

refpolicy/policy/modules/kernel/filesystem.if

@@ -651,24 +651,6 @@ interface(`fs_execute_cifs_files',`
 	can_exec($1, cifs_t)
 ')
 
-########################################
-## <summary>
-##	Do not audit attempts to read or
-##	write files on a CIFS or SMB filesystems.
-## </summary>
-## <param name="domain">
-##	The type of the domain to not audit.
-## </param>
-#
-interface(`fs_dontaudit_read_cifs_files',`
-	gen_require(`
-		type cifs_t;
-		class file { read write };
-	')
-
-	dontaudit $1 cifs_t:file { read write };
-')
-
 ########################################
 ## <summary>
 ##	Create, read, write, and delete directories

refpolicy/policy/modules/kernel/kernel.if

@@ -1817,24 +1817,6 @@ interface(`kernel_read_file_from',`
 	allow kernel_t $1:file r_file_perms;
 ')
 
-########################################
-## <summary>
-##	Allow the kernel to search the
-##	specified directory.
-## </summary>
-## <param name="dir_type">
-##	Directory type to search.
-## </param>
-#
-interface(`kernel_search_from',`
-	gen_require(`
-		type kernel_t;
-		class dir search;
-	')
-
-	allow kernel_t $1:dir search;
-')
-
 ########################################
 ## <summary>
 ##	Use the specified types for /lib directory

refpolicy/policy/modules/kernel/storage.if

@@ -361,24 +361,6 @@ interface(`storage_write_scsi_generic',`
 	typeattribute $1 scsi_generic_write;
 ')
 
-########################################
-## <summary>
-##	Get attributes of the device nodes
-##	for the SCSI generic inerface.
-## </summary>
-## <param name="domain">
-##	The type of the process performing this action.
-## </param>
-#
-interface(`storage_getattr_scsi_generic',`
-	gen_require(`
-		type scsi_generic_device_t;
-	')
-
-	dev_list_all_dev_nodes($1)
-	allow $1 scsi_generic_device_t:chr_file getattr;
-')
-
 ########################################
 ## <summary>
 ##	Set attributes of the device nodes

refpolicy/policy/modules/kernel/terminal.if

@@ -640,23 +640,6 @@ interface(`term_reset_tty_labels',`
 	allow $1 tty_device_t:chr_file relabelto;
 ')
 
-########################################
-## <summary>
-##	Do not audit attempts to get the attributes
-##	of unallocated ttys.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`term_dontaudit_getattr_unallocated_ttys',`
-	gen_require(`
-		type tty_device_t;
-	')
-
-	dontaudit $1 tty_device_t:chr_file getattr;
-')
-
 ########################################
 ## <summary>
 ##	Write to unallocated ttys.

refpolicy/policy/modules/services/ppp.if

@@ -35,7 +35,7 @@ interface(`ppp_dontaudit_use_fd',`
 
 ########################################
 ## <summary>
-##	Allow domain to send sigchld to parent of PPP domain type.
+##	Send a SIGCHLD signal to PPP.
 ## </summary>
 ## <param name="domain">
 ##	Domain allowed access.
@@ -66,22 +66,6 @@ interface(`ppp_signal',`
 	allow $1 pppd_t:process signal;
 ')
 
-########################################
-## <summary>
-##	Send a SIGCHLD signal to PPP.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`ppp_sigchld',`
-	gen_require(`
-		type pppd_t;
-	')
-
-	allow $1 pppd_t:process sigchld;
-')
-
 ########################################
 ## <summary>
 ##	 Execute domain in the ppp domain.

refpolicy/policy/modules/services/samba.if

@@ -327,23 +327,6 @@ interface(`samba_read_winbind_pid',`
 	allow $1 winbind_var_run_t:file r_file_perms;
 ')
 
-########################################
-## <summary>
-##	Allow the specified domain to read the winbind pid files.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`samba_read_winbind_pid',`
-	gen_require(`
-		type winbind_var_run_t;
-	')
-
-	files_search_pids($1)
-	allow $1 winbind_var_run_t:file r_file_perms;
-')
-
 ########################################
 ## <summary>
 ##	Connect to winbind.

refpolicy/policy/modules/services/squid.if

@@ -11,9 +11,6 @@
 interface(`squid_domtrans',`
 	gen_require(`
 		type squid_t, squid_exec_t;
-		class process sigchld;
-		class fd use;
-		class fifo_file rw_file_perms;
 	')
 
 	corecmd_search_sbin($1)
@@ -36,34 +33,12 @@ interface(`squid_domtrans',`
 interface(`squid_read_config',`
 	gen_require(`
 		type squid_conf_t;
-		class file r_file_perms;
 	')
 
 	files_search_etc($1)
 	allow $1 squid_conf_t:file r_file_perms;
 ')
 
-########################################
-## <summary>
-##	Create, read, write, and delete
-##	squid logs.
-## </summary>
-## <param name="domain">
-##	Domain allowed access.
-## </param>
-#
-interface(`squid_manage_logs',`
-	gen_require(`
-		type squid_log_t;
-		class dir rw_dir_perms;
-		class file create_file_perms;
-	')
-
-	logging_search_logs($1)
-	allow $1 squid_log_t:dir rw_dir_perms;
-	allow $1 squid_log_t:file create_file_perms;
-')
-
 ########################################
 ## <summary>
 ##	Append squid logs.
@@ -112,8 +87,6 @@ interface(`squid_append_log',`
 interface(`squid_manage_logs',`
 	gen_require(`
 		type squid_log_t;
-		class dir rw_dir_perms;
-		class file create_file_perms;
 	')
 
 	logging_search_logs($1)
@@ -132,7 +105,6 @@ interface(`squid_manage_logs',`
 interface(`squid_use',`
 	gen_require(`
 		type squid_t;
-		class tcp_socket { connectto acceptfrom recvfrom };
 	')
 
 	allow $1 squid_t:tcp_socket { connectto recvfrom };

refpolicy/policy/modules/system/init.if

@@ -440,40 +440,6 @@ interface(`init_write_script_pipe',`
 	allow $1 initrc_t:fifo_file write;
 ')
 
-########################################
-## <summary>
-##	Allow the specified domain to connect to
-##	init scripts with a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##      Domain allowed access.
-## </param>
-#
-interface(`init_unix_connect_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	allow $1 initrc_t:unix_stream_socket connectto;
-')
-
-########################################
-## <summary>
-##	Dont audit the specified domain connecting to
-##	init scripts with a unix domain stream socket.
-## </summary>
-## <param name="domain">
-##      Domain allowed access.
-## </param>
-#
-interface(`init_dontaudit_unix_connect_script',`
-	gen_require(`
-		type initrc_t;
-	')
-
-	dontaudit $1 initrc_t:unix_stream_socket connectto;
-')
-
 ########################################
 ## <summary>
 ##	Get the attribute of init script entrypoint files.
@@ -690,6 +656,23 @@ interface(`init_unix_connect_script',`
 	allow $1 initrc_t:unix_stream_socket connectto;
 ')
 
+########################################
+## <summary>
+##	Dont audit the specified domain connecting to
+##	init scripts with a unix domain stream socket.
+## </summary>
+## <param name="domain">
+##      Domain allowed access.
+## </param>
+#
+interface(`init_dontaudit_unix_connect_script',`
+	gen_require(`
+		type initrc_t;
+	')
+
+	dontaudit $1 initrc_t:unix_stream_socket connectto;
+')
+
 ########################################
 ## <summary>
 ##	Send and receive messages from