a few missed renames, and start fixing up tunables

2005-06-13 20:27:32 +00:00 · 2005-06-13 20:27:32 +00:00 · 31908be07f
commit 31908be07f
parent 94670f292b
13 changed files with 32 additions and 30 deletions
--- a/refpolicy/policy/global_tunables
+++ b/refpolicy/policy/global_tunables
@ -2,9 +2,15 @@
 ##	Enable extra rules in the cron domain
 ##	to support fcron.
 ## </tunable>
-tunable_def(fcron_crond,false)
+gen_tunable(fcron_crond,false)
 ## <tunable name="use_dns" dftval="false">
 ##	Allow the use of DNS for name resolution.
 ## </tunable>
-tunable_def(use_dns,false)
+gen_tunable(use_dns,false)
 ## <tunable name="cron_can_relabel" dftval="false">
 ##	Allow system cron jobs to relabel filesystem
 ##	for restoring file contexts.
 ## </tunable>
 gen_tunable(cron_can_relabel,false)
--- a/refpolicy/policy/modules/admin/dmesg.te
+++ b/refpolicy/policy/modules/admin/dmesg.te
@ -51,7 +51,7 @@ userdom_dontaudit_use_unpriv_user_fd(dmesg_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(dmesg_t)
-	terminal_ignore_use_general_pseudoterminal(dmesg_t)
+	term_dontaudit_use_generic_pty(dmesg_t)
 	files_dontaudit_read_root_file(dmesg_t)
 ')
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@ -6,9 +6,6 @@ policy_module(cron, 1.0)
 # Declarations
 #
 # Allow system cron jobs to relabel filesystem for restoring file contexts.
 bool cron_can_relabel false;
 type anacron_exec_t;
 files_file_type(anacron_exec_t)
@ -126,7 +123,7 @@ tunable_policy(`fcron_crond', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(crond_t)
-	terminal_ignore_use_general_pseudoterminal(crond_t)
+	term_dontaudit_use_generic_pty(crond_t)
 	files_dontaudit_read_root_file(crond_t)
 ')
@ -292,9 +289,9 @@ miscfiles_rw_man_cache(system_crond_t)
 selinux_read_config(system_crond_t)
-if (cron_can_relabel) {
+tunable_policy(`cron_can_relabel',`
 	selinux_domtrans_setfiles(system_crond_t)
-} else {
+',`
 	kernel_get_selinuxfs_mount_point(system_crond_t)
 	kernel_validate_context(system_crond_t)
 	kernel_compute_access_vector(system_crond_t)
@ -302,7 +299,7 @@ if (cron_can_relabel) {
 	kernel_compute_relabel_context(system_crond_t)
 	kernel_compute_reachable_user_contexts(system_crond_t)
 	selinux_read_file_contexts(system_crond_t)
-}
+')
 ifdef(`TODO',`
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@ -90,7 +90,7 @@ sysnet_read_config(sendmail_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(sendmail_t)
-	terminal_ignore_use_general_pseudoterminal(sendmail_t)
+	term_dontaudit_use_generic_pty(sendmail_t)
 	files_dontaudit_read_root_file(sendmail_t)
 ')
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@ -151,7 +151,6 @@ term_use_console(pam_console_t)
 term_getattr_unallocated_ttys(pam_console_t)
 term_setattr_unallocated_ttys(pam_console_t)
 init_use_fd(pam_console_t)
 init_use_fd(pam_console_t)
 init_use_script_pty(pam_console_t)
@ -176,7 +175,7 @@ ifdef(`direct_sysadm_daemon', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(pam_console_t)
-	terminal_ignore_use_general_pseudoterminal(pam_console_t)
+	term_dontaudit_use_generic_pty(pam_console_t)
 	files_dontaudit_read_root_file(pam_console_t)
 ')
--- a/refpolicy/policy/modules/system/clock.te
+++ b/refpolicy/policy/modules/system/clock.te
@ -59,7 +59,7 @@ miscfiles_read_localization(hwclock_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(hwclock_t)
-	terminal_ignore_use_general_pseudoterminal(hwclock_t)
+	term_dontaudit_use_generic_pty(hwclock_t)
 	files_dontaudit_read_root_file(hwclock_t)
 ')
--- a/refpolicy/policy/modules/system/hostname.te
+++ b/refpolicy/policy/modules/system/hostname.te
@ -29,8 +29,6 @@ kernel_read_kernel_sysctl(hostname_t)
 kernel_read_hardware_state(hostname_t)
 kernel_dontaudit_use_fd(hostname_t)
 files_read_generic_etc_files(hostname_t)
 files_dontaudit_search_var(hostname_t)
 fs_getattr_xattr_fs(hostname_t)
 term_dontaudit_use_console(hostname_t)
@ -42,6 +40,8 @@ init_use_script_pty(hostname_t)
 domain_use_wide_inherit_fd(hostname_t)
 files_read_generic_etc_files(hostname_t)
 files_dontaudit_search_var(hostname_t)
 # for when /usr is not mounted:
 files_dontaudit_search_isid_type_dir(hostname_t)
@ -60,7 +60,7 @@ ifdef(`distro_redhat', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(hostname_t)
-	terminal_ignore_use_general_pseudoterminal(hostname_t)
+	term_dontaudit_use_generic_pty(hostname_t)
 	files_dontaudit_read_root_file(hostname_t)
 ')
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@ -119,7 +119,7 @@ ifdef(`distro_redhat', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(hotplug_t)
-	terminal_ignore_use_general_pseudoterminal(hotplug_t)
+	term_dontaudit_use_generic_pty(hotplug_t)
 	files_dontaudit_read_root_file(hotplug_t)
 ')
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@ -98,7 +98,7 @@ optional_policy(`udev.te', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(iptables_t)
-	terminal_ignore_use_general_pseudoterminal(iptables_t)
+	term_dontaudit_use_generic_pty(iptables_t)
 	files_dontaudit_read_root_file(iptables_t)
 ')
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@ -81,7 +81,7 @@ miscfiles_read_localization(auditd_t)
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(auditd_t)
-	terminal_ignore_use_general_pseudoterminal(auditd_t)
+	term_dontaudit_use_generic_pty(auditd_t)
 	files_dontaudit_read_root_file(auditd_t)
 ')
@ -245,7 +245,7 @@ ifdef(`klogd.te', `', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(syslogd_t)
-	terminal_ignore_use_general_pseudoterminal(syslogd_t)
+	term_dontaudit_use_generic_pty(syslogd_t)
 	files_dontaudit_read_root_file(syslogd_t)
 ')
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@ -143,7 +143,7 @@ ifdef(`distro_redhat',`
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(lvm_t)
-	terminal_ignore_use_general_pseudoterminal(lvm_t)
+	term_dontaudit_use_generic_pty(lvm_t)
 	files_dontaudit_read_root_file(lvm_t)
 ')
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@ -139,7 +139,7 @@ ifdef(`distro_redhat', `
 ifdef(`targeted_policy', `
 	term_dontaudit_use_unallocated_tty(dhcpc_t)
-	terminal_ignore_use_general_pseudoterminal(dhcpc_t)
+	term_dontaudit_use_generic_pty(dhcpc_t)
 	files_dontaudit_read_root_file(dhcpc_t)
 ')
@ -153,7 +153,7 @@ optional_policy(`hostname.te',`
 ')
 optional_policy(`nscd.te',`
-	nscd_transition(dhcpc_t)
+	nscd_domtrans(dhcpc_t)
 ')
 optional_policy(`selinux.te',`
@ -173,10 +173,10 @@ optional_policy(`userdomain.te',`
 #
 init_exec_script(dhcpc_t)
 optional_policy(`ypbind.te',`
-	ypbind_transition(dhcpc_t)
+	ypbind_domtrans(dhcpc_t)
 ')
 optional_policy(`ntpd.te',`
-	ntpd_transition(dhcpc_t)
+	ntpd_domtrans(dhcpc_t)
 ')
 ifdef(`TODO',`
--- a/refpolicy/policy/support/loadable_module.spt
+++ b/refpolicy/policy/support/loadable_module.spt
@ -61,15 +61,15 @@ define(`optional_policy',`
 # tunable value as specified by the policy
 # or if the override value should be used
 #
-define(`deflt_or_overr',`ifdef(`$1',$1,$2)')
+define(`dflt_or_overr',`ifdef(`$1',$1,$2)')
 ##############################
 #
 # Tunable declaration
 #
-define(`tunable_def',`
+define(`gen_tunable',`
 	ifdef(`monolithic_policy',`
-		bool $1 deflt_or_overr(`$1'_conf,$2);
+		bool $1 dflt_or_overr(`$1'_conf,$2);
 	',`
 		# loadable module tunable
 		# declaration will go here