remove all class remaining lines with kernel object classes.

This commit is contained in:
Chris PeBenito 2006-01-30 16:36:00 +00:00
parent 9d5606edf5
commit 6ada253855
41 changed files with 2 additions and 714 deletions

View File

@ -11,9 +11,6 @@
interface(`acct_domtrans',` interface(`acct_domtrans',`
gen_require(` gen_require(`
type acct_t, acct_exec_t; type acct_t, acct_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -72,9 +69,6 @@ interface(`acct_exec_data',`
interface(`acct_manage_data',` interface(`acct_manage_data',`
gen_require(` gen_require(`
type acct_data_t; type acct_data_t;
class dir rw_dir_perms;
class file create_file_perms;
class lnk_file create_lnk_perms;
') ')
files_search_var($1) files_search_var($1)

View File

@ -13,9 +13,6 @@
interface(`consoletype_domtrans',` interface(`consoletype_domtrans',`
gen_require(` gen_require(`
type consoletype_t, consoletype_exec_t; type consoletype_t, consoletype_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)

View File

@ -11,9 +11,6 @@
interface(`kudzu_domtrans',` interface(`kudzu_domtrans',`
gen_require(` gen_require(`
type kudzu_t, kudzu_exec_t; type kudzu_t, kudzu_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,kudzu_exec_t,kudzu_t) domain_auto_trans($1,kudzu_exec_t,kudzu_t)
@ -42,7 +39,6 @@ interface(`kudzu_domtrans',`
interface(`kudzu_run',` interface(`kudzu_run',`
gen_require(` gen_require(`
type kudzu_t; type kudzu_t;
class chr_file rw_term_perms;
') ')
kudzu_domtrans($1) kudzu_domtrans($1)

View File

@ -11,9 +11,6 @@
interface(`netutils_domtrans',` interface(`netutils_domtrans',`
gen_require(` gen_require(`
type netutils_t, netutils_exec_t; type netutils_t, netutils_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,netutils_exec_t,netutils_t) domain_auto_trans($1,netutils_exec_t,netutils_t)
@ -42,7 +39,6 @@ interface(`netutils_domtrans',`
interface(`netutils_run',` interface(`netutils_run',`
gen_require(` gen_require(`
type netutils_t; type netutils_t;
class chr_file rw_term_perms;
') ')
netutils_domtrans($1) netutils_domtrans($1)
@ -77,9 +73,6 @@ interface(`netutils_exec',`
interface(`netutils_domtrans_ping',` interface(`netutils_domtrans_ping',`
gen_require(` gen_require(`
type ping_t, ping_exec_t; type ping_t, ping_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,ping_exec_t,ping_t) domain_auto_trans($1,ping_exec_t,ping_t)
@ -171,9 +164,6 @@ interface(`netutils_exec_ping',`
interface(`netutils_domtrans_traceroute',` interface(`netutils_domtrans_traceroute',`
gen_require(` gen_require(`
type traceroute_t, traceroute_exec_t; type traceroute_t, traceroute_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,traceroute_exec_t,traceroute_t) domain_auto_trans($1,traceroute_exec_t,traceroute_t)
@ -202,7 +192,6 @@ interface(`netutils_domtrans_traceroute',`
interface(`netutils_run_traceroute',` interface(`netutils_run_traceroute',`
gen_require(` gen_require(`
type traceroute_t; type traceroute_t;
class chr_file rw_term_perms;
') ')
netutils_domtrans_traceroute($1) netutils_domtrans_traceroute($1)

View File

@ -11,9 +11,6 @@
interface(`quota_domtrans',` interface(`quota_domtrans',`
gen_require(` gen_require(`
type quota_t, quota_exec_t; type quota_t, quota_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,quota_exec_t,quota_t) domain_auto_trans($1,quota_exec_t,quota_t)
@ -42,7 +39,6 @@ interface(`quota_domtrans',`
interface(`quota_run',` interface(`quota_run',`
gen_require(` gen_require(`
type quota_t; type quota_t;
class chr_file rw_term_perms;
') ')
quota_domtrans($1) quota_domtrans($1)
@ -62,7 +58,6 @@ interface(`quota_run',`
interface(`quota_dontaudit_getattr_db',` interface(`quota_dontaudit_getattr_db',`
gen_require(` gen_require(`
type quota_db_t; type quota_db_t;
class file getattr;
') ')
dontaudit $1 quota_db_t:file getattr; dontaudit $1 quota_db_t:file getattr;
@ -71,8 +66,6 @@ interface(`quota_dontaudit_getattr_db',`
interface(`quota_manage_flags',` interface(`quota_manage_flags',`
gen_require(` gen_require(`
type quota_flag_t; type quota_flag_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
files_search_var_lib($1) files_search_var_lib($1)

View File

@ -11,9 +11,6 @@
interface(`rpm_domtrans',` interface(`rpm_domtrans',`
gen_require(` gen_require(`
type rpm_t, rpm_exec_t; type rpm_t, rpm_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -65,7 +62,6 @@ interface(`rpm_script_domtrans',`
interface(`rpm_run',` interface(`rpm_run',`
gen_require(` gen_require(`
type rpm_t, rpm_script_t; type rpm_t, rpm_script_t;
class chr_file rw_term_perms;
') ')
rpm_domtrans($1) rpm_domtrans($1)
@ -86,7 +82,6 @@ interface(`rpm_run',`
interface(`rpm_use_fd',` interface(`rpm_use_fd',`
gen_require(` gen_require(`
type rpm_t; type rpm_t;
class fd use;
') ')
allow $1 rpm_t:fd use; allow $1 rpm_t:fd use;
@ -103,7 +98,6 @@ interface(`rpm_use_fd',`
interface(`rpm_read_pipe',` interface(`rpm_read_pipe',`
gen_require(` gen_require(`
type rpm_t; type rpm_t;
class fifo_file r_file_perms;
') ')
allow $1 rpm_t:fifo_file r_file_perms; allow $1 rpm_t:fifo_file r_file_perms;
@ -120,7 +114,6 @@ interface(`rpm_read_pipe',`
interface(`rpm_rw_pipe',` interface(`rpm_rw_pipe',`
gen_require(` gen_require(`
type rpm_t; type rpm_t;
class fifo_file rw_file_perms;
') ')
allow $1 rpm_t:fifo_file rw_file_perms; allow $1 rpm_t:fifo_file rw_file_perms;
@ -137,7 +130,6 @@ interface(`rpm_rw_pipe',`
interface(`rpm_manage_log',` interface(`rpm_manage_log',`
gen_require(` gen_require(`
type rpm_log_t; type rpm_log_t;
class file create_file_perms;
') ')
logging_rw_log_dir($1) logging_rw_log_dir($1)
@ -155,7 +147,6 @@ interface(`rpm_manage_log',`
interface(`rpm_use_script_fd',` interface(`rpm_use_script_fd',`
gen_require(` gen_require(`
type rpm_script_t; type rpm_script_t;
class fd use;
') ')
allow $1 rpm_script_t:fd use; allow $1 rpm_script_t:fd use;

View File

@ -11,9 +11,6 @@
interface(`usermanage_domtrans_chfn',` interface(`usermanage_domtrans_chfn',`
gen_require(` gen_require(`
type chfn_t, chfn_exec_t; type chfn_t, chfn_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -44,7 +41,6 @@ interface(`usermanage_domtrans_chfn',`
interface(`usermanage_run_chfn',` interface(`usermanage_run_chfn',`
gen_require(` gen_require(`
type chfn_t; type chfn_t;
class chr_file rw_term_perms;
') ')
usermanage_domtrans_chfn($1) usermanage_domtrans_chfn($1)
@ -63,9 +59,6 @@ interface(`usermanage_run_chfn',`
interface(`usermanage_domtrans_groupadd',` interface(`usermanage_domtrans_groupadd',`
gen_require(` gen_require(`
type groupadd_t, groupadd_exec_t; type groupadd_t, groupadd_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -96,7 +89,6 @@ interface(`usermanage_domtrans_groupadd',`
interface(`usermanage_run_groupadd',` interface(`usermanage_run_groupadd',`
gen_require(` gen_require(`
type groupadd_t; type groupadd_t;
class chr_file rw_term_perms;
') ')
usermanage_domtrans_groupadd($1) usermanage_domtrans_groupadd($1)
@ -115,9 +107,6 @@ interface(`usermanage_run_groupadd',`
interface(`usermanage_domtrans_passwd',` interface(`usermanage_domtrans_passwd',`
gen_require(` gen_require(`
type passwd_t, passwd_exec_t; type passwd_t, passwd_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -148,7 +137,6 @@ interface(`usermanage_domtrans_passwd',`
interface(`usermanage_run_passwd',` interface(`usermanage_run_passwd',`
gen_require(` gen_require(`
type passwd_t; type passwd_t;
class chr_file rw_term_perms;
') ')
usermanage_domtrans_passwd($1) usermanage_domtrans_passwd($1)
@ -217,9 +205,6 @@ interface(`usermanage_run_admin_passwd',`
interface(`usermanage_domtrans_useradd',` interface(`usermanage_domtrans_useradd',`
gen_require(` gen_require(`
type useradd_t, useradd_exec_t; type useradd_t, useradd_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -250,7 +235,6 @@ interface(`usermanage_domtrans_useradd',`
interface(`usermanage_run_useradd',` interface(`usermanage_run_useradd',`
gen_require(` gen_require(`
type useradd_t; type useradd_t;
class chr_file rw_term_perms;
') ')
usermanage_domtrans_useradd($1) usermanage_domtrans_useradd($1)
@ -269,7 +253,6 @@ interface(`usermanage_run_useradd',`
interface(`usermanage_read_crack_db',` interface(`usermanage_read_crack_db',`
gen_require(` gen_require(`
type crack_db_t; type crack_db_t;
class file r_file_perms;
') ')
allow $1 crack_db_t:file r_file_perms; allow $1 crack_db_t:file r_file_perms;

View File

@ -59,7 +59,6 @@ interface(`corecmd_shell_entry_type',`
interface(`corecmd_search_bin',` interface(`corecmd_search_bin',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class dir search;
') ')
allow $1 bin_t:dir search; allow $1 bin_t:dir search;
@ -72,7 +71,6 @@ interface(`corecmd_search_bin',`
interface(`corecmd_list_bin',` interface(`corecmd_list_bin',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class dir r_dir_perms;
') ')
allow $1 bin_t:dir r_dir_perms; allow $1 bin_t:dir r_dir_perms;
@ -89,7 +87,6 @@ interface(`corecmd_list_bin',`
interface(`corecmd_getattr_bin_file',` interface(`corecmd_getattr_bin_file',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class file getattr;
') ')
allow $1 bin_t:file getattr; allow $1 bin_t:file getattr;
@ -106,8 +103,6 @@ interface(`corecmd_getattr_bin_file',`
interface(`corecmd_read_bin_file',` interface(`corecmd_read_bin_file',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class dir search;
class file r_file_perms;
') ')
allow $1 bin_t:dir search; allow $1 bin_t:dir search;
@ -125,8 +120,6 @@ interface(`corecmd_read_bin_file',`
interface(`corecmd_read_bin_symlink',` interface(`corecmd_read_bin_symlink',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class dir search;
class lnk_file r_file_perms;
') ')
allow $1 bin_t:dir search; allow $1 bin_t:dir search;
@ -144,8 +137,6 @@ interface(`corecmd_read_bin_symlink',`
interface(`corecmd_read_bin_pipe',` interface(`corecmd_read_bin_pipe',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class dir search;
class fifo_file r_file_perms;
') ')
allow $1 bin_t:dir search; allow $1 bin_t:dir search;
@ -163,8 +154,6 @@ interface(`corecmd_read_bin_pipe',`
interface(`corecmd_read_bin_socket',` interface(`corecmd_read_bin_socket',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class dir search;
class sock_file r_file_perms;
') ')
allow $1 bin_t:dir search; allow $1 bin_t:dir search;
@ -178,8 +167,6 @@ interface(`corecmd_read_bin_socket',`
interface(`corecmd_exec_bin',` interface(`corecmd_exec_bin',`
gen_require(` gen_require(`
type bin_t; type bin_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
allow $1 bin_t:dir r_dir_perms; allow $1 bin_t:dir r_dir_perms;
@ -357,7 +344,6 @@ interface(`corecmd_dontaudit_search_sbin',`
interface(`corecmd_list_sbin',` interface(`corecmd_list_sbin',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class dir r_dir_perms;
') ')
allow $1 sbin_t:dir r_dir_perms; allow $1 sbin_t:dir r_dir_perms;
@ -370,7 +356,6 @@ interface(`corecmd_list_sbin',`
interface(`corecmd_getattr_sbin_file',` interface(`corecmd_getattr_sbin_file',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class file getattr;
') ')
allow $1 sbin_t:file getattr; allow $1 sbin_t:file getattr;
@ -383,7 +368,6 @@ interface(`corecmd_getattr_sbin_file',`
interface(`corecmd_dontaudit_getattr_sbin_file',` interface(`corecmd_dontaudit_getattr_sbin_file',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class file getattr;
') ')
dontaudit $1 sbin_t:file getattr; dontaudit $1 sbin_t:file getattr;
@ -400,8 +384,6 @@ interface(`corecmd_dontaudit_getattr_sbin_file',`
interface(`corecmd_read_sbin_file',` interface(`corecmd_read_sbin_file',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class dir search;
class file r_file_perms;
') ')
allow $1 sbin_t:dir search; allow $1 sbin_t:dir search;
@ -419,8 +401,6 @@ interface(`corecmd_read_sbin_file',`
interface(`corecmd_read_sbin_symlink',` interface(`corecmd_read_sbin_symlink',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class dir search;
class lnk_file r_file_perms;
') ')
allow $1 sbin_t:dir search; allow $1 sbin_t:dir search;
@ -438,8 +418,6 @@ interface(`corecmd_read_sbin_symlink',`
interface(`corecmd_read_sbin_pipe',` interface(`corecmd_read_sbin_pipe',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class dir search;
class fifo_file r_file_perms;
') ')
allow $1 sbin_t:dir search; allow $1 sbin_t:dir search;
@ -457,8 +435,6 @@ interface(`corecmd_read_sbin_pipe',`
interface(`corecmd_read_sbin_socket',` interface(`corecmd_read_sbin_socket',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class dir search;
class sock_file r_file_perms;
') ')
allow $1 sbin_t:dir search; allow $1 sbin_t:dir search;
@ -472,8 +448,6 @@ interface(`corecmd_read_sbin_socket',`
interface(`corecmd_exec_sbin',` interface(`corecmd_exec_sbin',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
allow $1 sbin_t:dir r_dir_perms; allow $1 sbin_t:dir r_dir_perms;
@ -568,8 +542,6 @@ interface(`corecmd_mmap_sbin_files',`
interface(`corecmd_sbin_domtrans',` interface(`corecmd_sbin_domtrans',`
gen_require(` gen_require(`
type sbin_t; type sbin_t;
class dir search;
class lnk_file { getattr read };
') ')
allow $1 sbin_t:dir search; allow $1 sbin_t:dir search;
@ -740,7 +712,6 @@ interface(`corecmd_shell_domtrans',`
interface(`corecmd_exec_chroot',` interface(`corecmd_exec_chroot',`
gen_require(` gen_require(`
type chroot_exec_t; type chroot_exec_t;
class capability sys_chroot;
') ')
can_exec($1,chroot_exec_t) can_exec($1,chroot_exec_t)

View File

@ -24,10 +24,6 @@
interface(`domain_base_type',` interface(`domain_base_type',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class dir r_dir_perms;
class lnk_file r_file_perms;
class file rw_file_perms;
class process { fork sigchld };
') ')
# mark as a domain # mark as a domain
@ -121,7 +117,6 @@ interface(`domain_type',`
interface(`domain_entry_file',` interface(`domain_entry_file',`
gen_require(` gen_require(`
attribute entry_type; attribute entry_type;
class file entrypoint;
') ')
files_type($2) files_type($2)
@ -331,7 +326,6 @@ interface(`domain_cron_exemption_target',`
interface(`domain_use_wide_inherit_fd',` interface(`domain_use_wide_inherit_fd',`
gen_require(` gen_require(`
attribute privfd; attribute privfd;
class fd use;
') ')
allow $1 privfd:fd use; allow $1 privfd:fd use;
@ -344,7 +338,6 @@ interface(`domain_use_wide_inherit_fd',`
interface(`domain_dontaudit_use_wide_inherit_fd',` interface(`domain_dontaudit_use_wide_inherit_fd',`
gen_require(` gen_require(`
attribute privfd; attribute privfd;
class fd use;
') ')
dontaudit $1 privfd:fd use; dontaudit $1 privfd:fd use;
@ -375,7 +368,6 @@ interface(`domain_sigchld_wide_inherit_fd',`
interface(`domain_setpriority_all_domains',` interface(`domain_setpriority_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process setsched;
') ')
allow $1 domain:process setsched; allow $1 domain:process setsched;
@ -392,7 +384,6 @@ interface(`domain_setpriority_all_domains',`
interface(`domain_signal_all_domains',` interface(`domain_signal_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process signal;
') ')
allow $1 domain:process signal; allow $1 domain:process signal;
@ -409,7 +400,6 @@ interface(`domain_signal_all_domains',`
interface(`domain_signull_all_domains',` interface(`domain_signull_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process signull;
') ')
allow $1 domain:process signull; allow $1 domain:process signull;
@ -426,7 +416,6 @@ interface(`domain_signull_all_domains',`
interface(`domain_sigstop_all_domains',` interface(`domain_sigstop_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process sigstop;
') ')
allow $1 domain:process sigstop; allow $1 domain:process sigstop;
@ -443,7 +432,6 @@ interface(`domain_sigstop_all_domains',`
interface(`domain_sigchld_all_domains',` interface(`domain_sigchld_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process sigchld;
') ')
allow $1 domain:process sigchld; allow $1 domain:process sigchld;
@ -460,8 +448,6 @@ interface(`domain_sigchld_all_domains',`
interface(`domain_kill_all_domains',` interface(`domain_kill_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process sigkill;
class capability kill;
') ')
allow $1 domain:process sigkill; allow $1 domain:process sigkill;
@ -479,7 +465,6 @@ interface(`domain_kill_all_domains',`
interface(`domain_search_all_domains_state',` interface(`domain_search_all_domains_state',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class dir search;
') ')
kernel_search_proc($1) kernel_search_proc($1)
@ -514,9 +499,6 @@ interface(`domain_dontaudit_search_all_domains_state',`
interface(`domain_read_all_domains_state',` interface(`domain_read_all_domains_state',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class dir r_dir_perms;
class lnk_file r_file_perms;
class file r_file_perms;
') ')
kernel_search_proc($1) kernel_search_proc($1)
@ -536,7 +518,6 @@ interface(`domain_read_all_domains_state',`
interface(`domain_getattr_all_domains',` interface(`domain_getattr_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process getattr;
') ')
allow $1 domain:process getattr; allow $1 domain:process getattr;
@ -591,7 +572,6 @@ interface(`domain_read_confined_domains_state',`
interface(`domain_getattr_confined_domains',` interface(`domain_getattr_confined_domains',`
gen_require(` gen_require(`
attribute domain, unconfined_domain; attribute domain, unconfined_domain;
class process getattr;
') ')
allow $1 { domain -unconfined_domain }:process getattr; allow $1 { domain -unconfined_domain }:process getattr;
@ -661,7 +641,6 @@ interface(`domain_dontaudit_ptrace_all_domains',`
interface(`domain_dontaudit_ptrace_confined_domains',` interface(`domain_dontaudit_ptrace_confined_domains',`
gen_require(` gen_require(`
attribute domain, unconfined_domain; attribute domain, unconfined_domain;
class process ptrace;
') ')
dontaudit $1 { domain -unconfined_domain }:process ptrace; dontaudit $1 { domain -unconfined_domain }:process ptrace;
@ -702,7 +681,6 @@ interface(`domain_dontaudit_read_all_domains_state',`
interface(`domain_dontaudit_list_all_domains_proc',` interface(`domain_dontaudit_list_all_domains_proc',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class dir r_dir_perms;
') ')
dontaudit $1 domain:dir r_dir_perms; dontaudit $1 domain:dir r_dir_perms;
@ -719,7 +697,6 @@ interface(`domain_dontaudit_list_all_domains_proc',`
interface(`domain_getsession_all_domains',` interface(`domain_getsession_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process getsession;
') ')
allow $1 domain:process getsession; allow $1 domain:process getsession;
@ -737,7 +714,6 @@ interface(`domain_getsession_all_domains',`
interface(`domain_dontaudit_getsession_all_domains',` interface(`domain_dontaudit_getsession_all_domains',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class process getsession;
') ')
dontaudit $1 domain:process getsession; dontaudit $1 domain:process getsession;
@ -809,7 +785,6 @@ interface(`domain_dontaudit_getattr_all_sockets',`
interface(`domain_dontaudit_getattr_all_tcp_sockets',` interface(`domain_dontaudit_getattr_all_tcp_sockets',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class tcp_socket getattr;
') ')
dontaudit $1 domain:tcp_socket getattr; dontaudit $1 domain:tcp_socket getattr;
@ -827,7 +802,6 @@ interface(`domain_dontaudit_getattr_all_tcp_sockets',`
interface(`domain_dontaudit_getattr_all_udp_sockets',` interface(`domain_dontaudit_getattr_all_udp_sockets',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class udp_socket getattr;
') ')
dontaudit $1 domain:udp_socket getattr; dontaudit $1 domain:udp_socket getattr;
@ -845,7 +819,6 @@ interface(`domain_dontaudit_getattr_all_udp_sockets',`
interface(`domain_dontaudit_rw_all_udp_sockets',` interface(`domain_dontaudit_rw_all_udp_sockets',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class udp_socket { read write };
') ')
dontaudit $1 domain:udp_socket { read write }; dontaudit $1 domain:udp_socket { read write };
@ -914,7 +887,6 @@ interface(`domain_dontaudit_getattr_all_raw_sockets',`
interface(`domain_dontaudit_rw_all_key_sockets',` interface(`domain_dontaudit_rw_all_key_sockets',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class key_socket { read write };
') ')
dontaudit $1 domain:key_socket { read write }; dontaudit $1 domain:key_socket { read write };
@ -966,7 +938,6 @@ interface(`domain_dontaudit_getattr_all_stream_sockets',`
interface(`domain_dontaudit_getattr_all_pipes',` interface(`domain_dontaudit_getattr_all_pipes',`
gen_require(` gen_require(`
attribute domain; attribute domain;
class fifo_file getattr;
') ')
dontaudit $1 domain:fifo_file getattr; dontaudit $1 domain:fifo_file getattr;
@ -984,8 +955,6 @@ interface(`domain_dontaudit_getattr_all_pipes',`
interface(`domain_getattr_all_entry_files',` interface(`domain_getattr_all_entry_files',`
gen_require(` gen_require(`
attribute entry_type; attribute entry_type;
class file getattr;
class lnk_file r_file_perms;
') ')
allow $1 entry_type:lnk_file getattr; allow $1 entry_type:lnk_file getattr;
@ -999,8 +968,6 @@ interface(`domain_getattr_all_entry_files',`
interface(`domain_read_all_entry_files',` interface(`domain_read_all_entry_files',`
gen_require(` gen_require(`
attribute entry_type; attribute entry_type;
class file r_file_perms;
class lnk_file r_file_perms;
') ')
allow $1 entry_type:lnk_file r_file_perms; allow $1 entry_type:lnk_file r_file_perms;

View File

@ -252,7 +252,6 @@ interface(`files_tmpfs_file',`
interface(`files_getattr_all_dirs',` interface(`files_getattr_all_dirs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir { getattr search };
') ')
allow $1 file_type:dir { getattr search }; allow $1 file_type:dir { getattr search };
@ -270,7 +269,6 @@ interface(`files_getattr_all_dirs',`
interface(`files_dontaudit_getattr_all_dirs',` interface(`files_dontaudit_getattr_all_dirs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir getattr;
') ')
dontaudit $1 file_type:dir getattr; dontaudit $1 file_type:dir getattr;
@ -423,8 +421,6 @@ interface(`files_dontaudit_getattr_non_security_files',`
interface(`files_read_all_files',` interface(`files_read_all_files',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir search;
class file r_file_perms;
') ')
allow $1 file_type:dir search; allow $1 file_type:dir search;
@ -531,8 +527,6 @@ interface(`files_read_all_symlinks_except',`
interface(`files_getattr_all_symlinks',` interface(`files_getattr_all_symlinks',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir search;
class lnk_file getattr;
') ')
allow $1 file_type:dir search; allow $1 file_type:dir search;
@ -551,7 +545,6 @@ interface(`files_getattr_all_symlinks',`
interface(`files_dontaudit_getattr_all_symlinks',` interface(`files_dontaudit_getattr_all_symlinks',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class lnk_file getattr;
') ')
dontaudit $1 file_type:lnk_file getattr; dontaudit $1 file_type:lnk_file getattr;
@ -619,8 +612,6 @@ interface(`files_dontaudit_getattr_non_security_chr_dev',`
interface(`files_read_all_symlinks',` interface(`files_read_all_symlinks',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir search;
class lnk_file { getattr read };
') ')
allow $1 file_type:dir search; allow $1 file_type:dir search;
@ -638,8 +629,6 @@ interface(`files_read_all_symlinks',`
interface(`files_getattr_all_pipes',` interface(`files_getattr_all_pipes',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir search;
class fifo_file getattr;
') ')
allow $1 file_type:dir search; allow $1 file_type:dir search;
@ -658,7 +647,6 @@ interface(`files_getattr_all_pipes',`
interface(`files_dontaudit_getattr_all_pipes',` interface(`files_dontaudit_getattr_all_pipes',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class fifo_file getattr;
') ')
dontaudit $1 file_type:fifo_file getattr; dontaudit $1 file_type:fifo_file getattr;
@ -692,8 +680,6 @@ interface(`files_dontaudit_getattr_non_security_pipes',`
interface(`files_getattr_all_sockets',` interface(`files_getattr_all_sockets',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir search;
class sock_file getattr;
') ')
allow $1 file_type:dir search; allow $1 file_type:dir search;
@ -712,7 +698,6 @@ interface(`files_getattr_all_sockets',`
interface(`files_dontaudit_getattr_all_sockets',` interface(`files_dontaudit_getattr_all_sockets',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class sock_file getattr;
') ')
dontaudit $1 file_type:sock_file getattr; dontaudit $1 file_type:sock_file getattr;
@ -785,13 +770,6 @@ interface(`files_read_all_chr_nodes',`
interface(`files_relabel_all_files',` interface(`files_relabel_all_files',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir { r_dir_perms relabelfrom relabelto };
class file { relabelfrom relabelto };
class lnk_file { relabelfrom relabelto };
class fifo_file { relabelfrom relabelto };
class sock_file { relabelfrom relabelto };
class blk_file relabelfrom;
class chr_file relabelfrom;
') ')
allow $1 { file_type $2 }:dir { r_dir_perms relabelfrom relabelto }; allow $1 { file_type $2 }:dir { r_dir_perms relabelfrom relabelto };
@ -822,11 +800,6 @@ interface(`files_relabel_all_files',`
interface(`files_manage_all_files',` interface(`files_manage_all_files',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir create_dir_perms;
class file create_file_perms;
class lnk_file create_lnk_perms;
class fifo_file create_file_perms;
class sock_file create_file_perms;
') ')
allow $1 { file_type $2 }:dir create_dir_perms; allow $1 { file_type $2 }:dir create_dir_perms;
@ -847,7 +820,6 @@ interface(`files_manage_all_files',`
interface(`files_search_all_dirs',` interface(`files_search_all_dirs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir search;
') ')
allow $1 file_type:dir search; allow $1 file_type:dir search;
@ -860,7 +832,6 @@ interface(`files_search_all_dirs',`
interface(`files_list_all_dirs',` interface(`files_list_all_dirs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir r_dir_perms;
') ')
allow $1 file_type:dir r_dir_perms; allow $1 file_type:dir r_dir_perms;
@ -873,7 +844,6 @@ interface(`files_list_all_dirs',`
interface(`files_dontaudit_search_all_dirs',` interface(`files_dontaudit_search_all_dirs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class dir search;
') ')
dontaudit $1 file_type:dir search; dontaudit $1 file_type:dir search;
@ -886,7 +856,6 @@ interface(`files_dontaudit_search_all_dirs',`
interface(`files_relabelto_all_file_type_fs',` interface(`files_relabelto_all_file_type_fs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class filesystem relabelto;
') ')
allow $1 file_type:filesystem relabelto; allow $1 file_type:filesystem relabelto;
@ -899,7 +868,6 @@ interface(`files_relabelto_all_file_type_fs',`
interface(`files_mount_all_file_type_fs',` interface(`files_mount_all_file_type_fs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class filesystem mount;
') ')
allow $1 file_type:filesystem mount; allow $1 file_type:filesystem mount;
@ -912,7 +880,6 @@ interface(`files_mount_all_file_type_fs',`
interface(`files_unmount_all_file_type_fs',` interface(`files_unmount_all_file_type_fs',`
gen_require(` gen_require(`
attribute file_type; attribute file_type;
class filesystem unmount;
') ')
allow $1 file_type:filesystem unmount; allow $1 file_type:filesystem unmount;
@ -925,8 +892,6 @@ interface(`files_unmount_all_file_type_fs',`
interface(`files_mounton_all_mountpoints',` interface(`files_mounton_all_mountpoints',`
gen_require(` gen_require(`
attribute mountpoint; attribute mountpoint;
class dir { getattr search mounton };
class file { getattr mounton };
') ')
allow $1 mountpoint:dir { getattr search mounton }; allow $1 mountpoint:dir { getattr search mounton };
@ -940,8 +905,6 @@ interface(`files_mounton_all_mountpoints',`
interface(`files_list_root',` interface(`files_list_root',`
gen_require(` gen_require(`
type root_t; type root_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
allow $1 root_t:dir r_dir_perms; allow $1 root_t:dir r_dir_perms;
@ -967,7 +930,6 @@ interface(`files_list_root',`
interface(`files_filetrans_root',` interface(`files_filetrans_root',`
gen_require(` gen_require(`
type root_t; type root_t;
class dir create_dir_perms;
') ')
allow $1 root_t:dir rw_dir_perms; allow $1 root_t:dir rw_dir_perms;
@ -998,7 +960,6 @@ interface(`files_dontaudit_read_root_file',`
interface(`files_dontaudit_rw_root_file',` interface(`files_dontaudit_rw_root_file',`
gen_require(` gen_require(`
type root_t; type root_t;
class file { read write };
') ')
dontaudit $1 root_t:file { read write }; dontaudit $1 root_t:file { read write };
@ -1011,7 +972,6 @@ interface(`files_dontaudit_rw_root_file',`
interface(`files_dontaudit_rw_root_chr_dev',` interface(`files_dontaudit_rw_root_chr_dev',`
gen_require(` gen_require(`
type root_t; type root_t;
class chr_file { read write };
') ')
dontaudit $1 root_t:chr_file { read write }; dontaudit $1 root_t:chr_file { read write };
@ -1024,7 +984,6 @@ interface(`files_dontaudit_rw_root_chr_dev',`
interface(`files_delete_root_dir_entry',` interface(`files_delete_root_dir_entry',`
gen_require(` gen_require(`
type root_t; type root_t;
class dir rw_dir_perms;
') ')
allow $1 root_t:dir rw_dir_perms; allow $1 root_t:dir rw_dir_perms;
@ -1037,7 +996,6 @@ interface(`files_delete_root_dir_entry',`
interface(`files_unmount_rootfs',` interface(`files_unmount_rootfs',`
gen_require(` gen_require(`
type root_t; type root_t;
class filesystem unmount;
') ')
allow $1 root_t:filesystem unmount; allow $1 root_t:filesystem unmount;
@ -1202,7 +1160,6 @@ interface(`files_dontaudit_read_default_files',`
interface(`files_read_default_symlinks',` interface(`files_read_default_symlinks',`
gen_require(` gen_require(`
type default_t; type default_t;
class lnk_file r_file_perms;
') ')
allow $1 default_t:lnk_file r_file_perms; allow $1 default_t:lnk_file r_file_perms;
@ -1219,7 +1176,6 @@ interface(`files_read_default_symlinks',`
interface(`files_read_default_sockets',` interface(`files_read_default_sockets',`
gen_require(` gen_require(`
type default_t; type default_t;
class sock_file r_file_perms;
') ')
allow $1 default_t:sock_file r_file_perms; allow $1 default_t:sock_file r_file_perms;
@ -1236,7 +1192,6 @@ interface(`files_read_default_sockets',`
interface(`files_read_default_pipes',` interface(`files_read_default_pipes',`
gen_require(` gen_require(`
type default_t; type default_t;
class fifo_file r_file_perms;
') ')
allow $1 default_t:fifo_file r_file_perms; allow $1 default_t:fifo_file r_file_perms;
@ -1249,7 +1204,6 @@ interface(`files_read_default_pipes',`
interface(`files_search_etc',` interface(`files_search_etc',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir search;
') ')
allow $1 etc_t:dir search; allow $1 etc_t:dir search;
@ -1266,7 +1220,6 @@ interface(`files_search_etc',`
interface(`files_setattr_etc_dir',` interface(`files_setattr_etc_dir',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir setattr;
') ')
allow $1 etc_t:dir setattr; allow $1 etc_t:dir setattr;
@ -1279,7 +1232,6 @@ interface(`files_setattr_etc_dir',`
interface(`files_list_etc',` interface(`files_list_etc',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir r_dir_perms;
') ')
allow $1 etc_t:dir r_dir_perms; allow $1 etc_t:dir r_dir_perms;
@ -1292,9 +1244,6 @@ interface(`files_list_etc',`
interface(`files_read_etc_files',` interface(`files_read_etc_files',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir r_dir_perms;
class file r_file_perms;
class lnk_file r_file_perms;
') ')
allow $1 etc_t:dir r_dir_perms; allow $1 etc_t:dir r_dir_perms;
@ -1309,9 +1258,6 @@ interface(`files_read_etc_files',`
interface(`files_rw_etc_files',` interface(`files_rw_etc_files',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir r_dir_perms;
class file rw_file_perms;
class lnk_file r_file_perms;
') ')
allow $1 etc_t:dir r_dir_perms; allow $1 etc_t:dir r_dir_perms;
@ -1326,9 +1272,6 @@ interface(`files_rw_etc_files',`
interface(`files_manage_etc_files',` interface(`files_manage_etc_files',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir rw_dir_perms;
class file create_file_perms;
class lnk_file r_file_perms;
') ')
allow $1 etc_t:dir rw_dir_perms; allow $1 etc_t:dir rw_dir_perms;
@ -1347,8 +1290,6 @@ interface(`files_manage_etc_files',`
interface(`files_delete_etc_files',` interface(`files_delete_etc_files',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir rw_dir_perms;
class file unlink;
') ')
allow $1 etc_t:dir rw_dir_perms; allow $1 etc_t:dir rw_dir_perms;
@ -1362,8 +1303,6 @@ interface(`files_delete_etc_files',`
interface(`files_exec_etc_files',` interface(`files_exec_etc_files',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
allow $1 etc_t:dir r_dir_perms; allow $1 etc_t:dir r_dir_perms;
@ -1398,8 +1337,6 @@ interface(`files_relabel_etc_files',`
interface(`files_create_boot_flag',` interface(`files_create_boot_flag',`
gen_require(` gen_require(`
type root_t, etc_runtime_t; type root_t, etc_runtime_t;
class dir rw_dir_perms;
class file { create read write setattr unlink};
') ')
allow $1 root_t:dir rw_dir_perms; allow $1 root_t:dir rw_dir_perms;
@ -1439,7 +1376,6 @@ interface(`files_read_etc_runtime_files',`
interface(`files_dontaudit_read_etc_runtime_files',` interface(`files_dontaudit_read_etc_runtime_files',`
gen_require(` gen_require(`
type etc_runtime_t; type etc_runtime_t;
class file { getattr read };
') ')
dontaudit $1 etc_runtime_t:file { getattr read }; dontaudit $1 etc_runtime_t:file { getattr read };
@ -1457,8 +1393,6 @@ interface(`files_dontaudit_read_etc_runtime_files',`
interface(`files_rw_etc_runtime_files',` interface(`files_rw_etc_runtime_files',`
gen_require(` gen_require(`
type etc_t, etc_runtime_t; type etc_t, etc_runtime_t;
class dir r_dir_perms;
class file rw_file_perms;
') ')
allow $1 etc_t:dir r_dir_perms; allow $1 etc_t:dir r_dir_perms;
@ -1478,8 +1412,6 @@ interface(`files_rw_etc_runtime_files',`
interface(`files_manage_etc_runtime_files',` interface(`files_manage_etc_runtime_files',`
gen_require(` gen_require(`
type etc_t, etc_runtime_t; type etc_t, etc_runtime_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 etc_t:dir rw_dir_perms; allow $1 etc_t:dir rw_dir_perms;
@ -1494,7 +1426,6 @@ interface(`files_manage_etc_runtime_files',`
interface(`files_filetrans_etc',` interface(`files_filetrans_etc',`
gen_require(` gen_require(`
type etc_t; type etc_t;
class dir rw_dir_perms;
') ')
allow $1 etc_t:dir rw_dir_perms; allow $1 etc_t:dir rw_dir_perms;
@ -1551,7 +1482,6 @@ interface(`files_dontaudit_search_isid_type_dir',`
interface(`files_list_isid_type_dir',` interface(`files_list_isid_type_dir',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir r_dir_perms;
') ')
allow $1 file_t:dir r_dir_perms; allow $1 file_t:dir r_dir_perms;
@ -1569,7 +1499,6 @@ interface(`files_list_isid_type_dir',`
interface(`files_rw_isid_type_dir',` interface(`files_rw_isid_type_dir',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir rw_dir_perms;
') ')
allow $1 file_t:dir rw_dir_perms; allow $1 file_t:dir rw_dir_perms;
@ -1587,7 +1516,6 @@ interface(`files_rw_isid_type_dir',`
interface(`files_manage_isid_type_dir',` interface(`files_manage_isid_type_dir',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir create_dir_perms;
') ')
allow $1 file_t:dir create_dir_perms; allow $1 file_t:dir create_dir_perms;
@ -1605,7 +1533,6 @@ interface(`files_manage_isid_type_dir',`
interface(`files_mounton_isid_type_dir',` interface(`files_mounton_isid_type_dir',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir { getattr search mounton };
') ')
allow $1 file_t:dir { getattr search mounton }; allow $1 file_t:dir { getattr search mounton };
@ -1623,8 +1550,6 @@ interface(`files_mounton_isid_type_dir',`
interface(`files_read_isid_type_file',` interface(`files_read_isid_type_file',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir search;
class file r_file_perms;
') ')
allow $1 file_t:dir search; allow $1 file_t:dir search;
@ -1643,8 +1568,6 @@ interface(`files_read_isid_type_file',`
interface(`files_manage_isid_type_file',` interface(`files_manage_isid_type_file',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 file_t:dir rw_dir_perms; allow $1 file_t:dir rw_dir_perms;
@ -1663,8 +1586,6 @@ interface(`files_manage_isid_type_file',`
interface(`files_manage_isid_type_symlink',` interface(`files_manage_isid_type_symlink',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir rw_dir_perms;
class lnk_file create_lnk_perms;
') ')
allow $1 file_t:dir rw_dir_perms; allow $1 file_t:dir rw_dir_perms;
@ -1683,8 +1604,6 @@ interface(`files_manage_isid_type_symlink',`
interface(`files_rw_isid_type_blk_node',` interface(`files_rw_isid_type_blk_node',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir search;
class blk_file rw_file_perms;
') ')
allow $1 file_t:dir search; allow $1 file_t:dir search;
@ -1703,8 +1622,6 @@ interface(`files_rw_isid_type_blk_node',`
interface(`files_manage_isid_type_blk_node',` interface(`files_manage_isid_type_blk_node',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir rw_dir_perms;
class blk_file create_file_perms;
') ')
allow $1 file_t:dir rw_dir_perms; allow $1 file_t:dir rw_dir_perms;
@ -1723,8 +1640,6 @@ interface(`files_manage_isid_type_blk_node',`
interface(`files_manage_isid_type_chr_node',` interface(`files_manage_isid_type_chr_node',`
gen_require(` gen_require(`
type file_t; type file_t;
class dir rw_dir_perms;
class chr_file create_file_perms;
') ')
allow $1 file_t:dir rw_dir_perms; allow $1 file_t:dir rw_dir_perms;
@ -1827,7 +1742,6 @@ interface(`files_dontaudit_list_home',`
interface(`files_list_home',` interface(`files_list_home',`
gen_require(` gen_require(`
type home_root_t; type home_root_t;
class dir r_dir_perms;
') ')
allow $1 home_root_t:dir r_dir_perms; allow $1 home_root_t:dir r_dir_perms;
@ -1875,11 +1789,6 @@ interface(`files_filetrans_home',`
interface(`files_manage_lost_found',` interface(`files_manage_lost_found',`
gen_require(` gen_require(`
type lost_found_t; type lost_found_t;
class dir create_dir_perms;
class file create_file_perms;
class sock_file create_file_perms;
class fifo_file create_file_perms;
class lnk_file create_lnk_perms;
') ')
allow $1 lost_found_t:dir create_dir_perms; allow $1 lost_found_t:dir create_dir_perms;
@ -1908,7 +1817,6 @@ interface(`files_search_mnt',`
interface(`files_list_mnt',` interface(`files_list_mnt',`
gen_require(` gen_require(`
type mnt_t; type mnt_t;
class dir r_dir_perms;
') ')
allow $1 mnt_t:dir r_dir_perms; allow $1 mnt_t:dir r_dir_perms;
@ -1925,7 +1833,6 @@ interface(`files_list_mnt',`
interface(`files_mounton_mnt',` interface(`files_mounton_mnt',`
gen_require(` gen_require(`
type mnt_t; type mnt_t;
class dir { search mounton };
') ')
allow $1 mnt_t:dir { search mounton }; allow $1 mnt_t:dir { search mounton };
@ -1942,7 +1849,6 @@ interface(`files_mounton_mnt',`
interface(`files_manage_mnt_dirs',` interface(`files_manage_mnt_dirs',`
gen_require(` gen_require(`
type mnt_t; type mnt_t;
class dir create_dir_perms;
') ')
allow $1 mnt_t:dir create_dir_perms; allow $1 mnt_t:dir create_dir_perms;
@ -1959,8 +1865,6 @@ interface(`files_manage_mnt_dirs',`
interface(`files_manage_mnt_files',` interface(`files_manage_mnt_files',`
gen_require(` gen_require(`
type mnt_t; type mnt_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 mnt_t:dir rw_dir_perms; allow $1 mnt_t:dir rw_dir_perms;
@ -1978,8 +1882,6 @@ interface(`files_manage_mnt_files',`
interface(`files_manage_mnt_symlinks',` interface(`files_manage_mnt_symlinks',`
gen_require(` gen_require(`
type mnt_t; type mnt_t;
class dir rw_dir_perms;
class lnk_file create_lnk_perms;
') ')
allow $1 mnt_t:dir rw_dir_perms; allow $1 mnt_t:dir rw_dir_perms;
@ -1997,7 +1899,6 @@ interface(`files_manage_mnt_symlinks',`
interface(`files_list_world_readable',` interface(`files_list_world_readable',`
gen_require(` gen_require(`
type readable_t; type readable_t;
class dir r_dir_perms;
') ')
allow $1 readable_t:dir r_dir_perms; allow $1 readable_t:dir r_dir_perms;
@ -2014,7 +1915,6 @@ interface(`files_list_world_readable',`
interface(`files_read_world_readable_files',` interface(`files_read_world_readable_files',`
gen_require(` gen_require(`
type readable_t; type readable_t;
class file r_file_perms;
') ')
allow $1 readable_t:file r_file_perms; allow $1 readable_t:file r_file_perms;
@ -2031,7 +1931,6 @@ interface(`files_read_world_readable_files',`
interface(`files_read_world_readable_symlinks',` interface(`files_read_world_readable_symlinks',`
gen_require(` gen_require(`
type readable_t; type readable_t;
class lnk_file r_file_perms;
') ')
allow $1 readable_t:lnk_file r_file_perms; allow $1 readable_t:lnk_file r_file_perms;
@ -2048,7 +1947,6 @@ interface(`files_read_world_readable_symlinks',`
interface(`files_read_world_readable_pipes',` interface(`files_read_world_readable_pipes',`
gen_require(` gen_require(`
type readable_t; type readable_t;
class fifo_file r_file_perms;
') ')
allow $1 readable_t:fifo_file r_file_perms; allow $1 readable_t:fifo_file r_file_perms;
@ -2065,7 +1963,6 @@ interface(`files_read_world_readable_pipes',`
interface(`files_read_world_readable_sockets',` interface(`files_read_world_readable_sockets',`
gen_require(` gen_require(`
type readable_t; type readable_t;
class sock_file r_file_perms;
') ')
allow $1 readable_t:sock_file r_file_perms; allow $1 readable_t:sock_file r_file_perms;
@ -2117,7 +2014,6 @@ interface(`files_getattr_tmp_dir',`
interface(`files_dontaudit_getattr_tmp_dir',` interface(`files_dontaudit_getattr_tmp_dir',`
gen_require(` gen_require(`
type tmp_t; type tmp_t;
class dir getattr;
') ')
dontaudit $1 tmp_t:dir getattr; dontaudit $1 tmp_t:dir getattr;
@ -2233,7 +2129,6 @@ interface(`files_rw_generic_tmp_sockets',`
interface(`files_setattr_all_tmp_dirs',` interface(`files_setattr_all_tmp_dirs',`
gen_require(` gen_require(`
attribute tmpfile; attribute tmpfile;
class dir { search setattr };
') ')
allow $1 tmpfile:dir { search getattr }; allow $1 tmpfile:dir { search getattr };
@ -2246,7 +2141,6 @@ interface(`files_setattr_all_tmp_dirs',`
interface(`files_filetrans_tmp',` interface(`files_filetrans_tmp',`
gen_require(` gen_require(`
type tmp_t; type tmp_t;
class dir rw_dir_perms;
') ')
allow $1 tmp_t:dir rw_dir_perms; allow $1 tmp_t:dir rw_dir_perms;
@ -2265,7 +2159,6 @@ interface(`files_filetrans_tmp',`
interface(`files_purge_tmp',` interface(`files_purge_tmp',`
gen_require(` gen_require(`
attribute tmpfile; attribute tmpfile;
class dir { rw_dir_perms rmdir };
gen_require_set({ getattr unlink },notdevfile_class_set) gen_require_set({ getattr unlink },notdevfile_class_set)
') ')
@ -2280,7 +2173,6 @@ interface(`files_purge_tmp',`
interface(`files_search_usr',` interface(`files_search_usr',`
gen_require(` gen_require(`
type usr_t; type usr_t;
class dir search;
') ')
allow $1 usr_t:dir search; allow $1 usr_t:dir search;
@ -2298,7 +2190,6 @@ interface(`files_search_usr',`
interface(`files_list_usr',` interface(`files_list_usr',`
gen_require(` gen_require(`
type usr_t; type usr_t;
class dir r_dir_perms;
') ')
allow $1 usr_t:dir r_dir_perms; allow $1 usr_t:dir r_dir_perms;
@ -2315,8 +2206,6 @@ interface(`files_list_usr',`
interface(`files_getattr_usr_files',` interface(`files_getattr_usr_files',`
gen_require(` gen_require(`
type usr_t; type usr_t;
class dir search;
class file getattr;
') ')
allow $1 usr_t:dir search; allow $1 usr_t:dir search;
@ -2330,9 +2219,6 @@ interface(`files_getattr_usr_files',`
interface(`files_read_usr_files',` interface(`files_read_usr_files',`
gen_require(` gen_require(`
type usr_t; type usr_t;
class dir r_dir_perms;
class file r_file_perms;
class lnk_file r_file_perms;
') ')
allow $1 usr_t:dir r_dir_perms; allow $1 usr_t:dir r_dir_perms;
@ -2369,7 +2255,6 @@ interface(`files_exec_usr_files',`
interface(`files_relabelto_usr_files',` interface(`files_relabelto_usr_files',`
gen_require(` gen_require(`
type usr_t; type usr_t;
class file relabelto;
') ')
allow $1 usr_t:file relabelto; allow $1 usr_t:file relabelto;
@ -2386,8 +2271,6 @@ interface(`files_relabelto_usr_files',`
interface(`files_read_usr_symlinks',` interface(`files_read_usr_symlinks',`
gen_require(` gen_require(`
type usr_t; type usr_t;
class dir search;
class file r_file_perms;
') ')
allow $1 usr_t:dir search; allow $1 usr_t:dir search;
@ -2411,7 +2294,6 @@ interface(`files_read_usr_symlinks',`
interface(`files_filetrans_usr',` interface(`files_filetrans_usr',`
gen_require(` gen_require(`
type usr_t; type usr_t;
class dir rw_dir_perms;
') ')
allow $1 usr_t:dir rw_dir_perms; allow $1 usr_t:dir rw_dir_perms;
@ -2545,7 +2427,6 @@ interface(`files_list_var',`
interface(`files_manage_var_dirs',` interface(`files_manage_var_dirs',`
gen_require(` gen_require(`
type var_t; type var_t;
class dir create_dir_perms;
') ')
allow $1 var_t:dir create_dir_perms; allow $1 var_t:dir create_dir_perms;
@ -2579,8 +2460,6 @@ interface(`files_read_var_files',`
interface(`files_manage_var_files',` interface(`files_manage_var_files',`
gen_require(` gen_require(`
type var_t; type var_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 var_t:dir rw_dir_perms; allow $1 var_t:dir rw_dir_perms;
@ -2639,7 +2518,6 @@ interface(`files_manage_var_symlinks',`
interface(`files_filetrans_var',` interface(`files_filetrans_var',`
gen_require(` gen_require(`
type var_t; type var_t;
class dir rw_dir_perms;
') ')
allow $1 var_t:dir rw_dir_perms; allow $1 var_t:dir rw_dir_perms;
@ -2662,7 +2540,6 @@ interface(`files_filetrans_var',`
interface(`files_search_var_lib_dir',` interface(`files_search_var_lib_dir',`
gen_require(` gen_require(`
type var_t, var_lib_t; type var_t, var_lib_t;
class dir search;
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;
@ -2736,7 +2613,6 @@ interface(`files_list_var_lib',`
interface(`files_filetrans_var_lib',` interface(`files_filetrans_var_lib',`
gen_require(` gen_require(`
type var_t, var_lib_t; type var_t, var_lib_t;
class dir rw_dir_perms;
') ')
allow $1 var_t:dir search_dir_perms; allow $1 var_t:dir search_dir_perms;
@ -2900,8 +2776,6 @@ interface(`files_manage_generic_locks',`
interface(`files_delete_all_locks',` interface(`files_delete_all_locks',`
gen_require(` gen_require(`
attribute lockfile; attribute lockfile;
class dir rw_dir_perms;
class file { getattr unlink };
') ')
allow $1 lockfile:dir rw_dir_perms; allow $1 lockfile:dir rw_dir_perms;
@ -2935,7 +2809,6 @@ interface(`files_read_all_locks',`
interface(`files_filetrans_lock',` interface(`files_filetrans_lock',`
gen_require(` gen_require(`
type var_t, var_lock_t; type var_t, var_lock_t;
class dir rw_dir_perms;
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;
@ -2960,7 +2833,6 @@ interface(`files_filetrans_lock',`
interface(`files_dontaudit_getattr_pid_dir',` interface(`files_dontaudit_getattr_pid_dir',`
gen_require(` gen_require(`
type var_run_t; type var_run_t;
class dir getattr;
') ')
dontaudit $1 var_run_t:dir getattr; dontaudit $1 var_run_t:dir getattr;
@ -3003,7 +2875,6 @@ interface(`files_dontaudit_search_pids',`
interface(`files_list_pids',` interface(`files_list_pids',`
gen_require(` gen_require(`
type var_t, var_run_t; type var_t, var_run_t;
class dir r_dir_perms;
') ')
allow $1 var_t:dir search_dir_perms; allow $1 var_t:dir search_dir_perms;
@ -3017,7 +2888,6 @@ interface(`files_list_pids',`
interface(`files_filetrans_pid',` interface(`files_filetrans_pid',`
gen_require(` gen_require(`
type var_t, var_run_t; type var_t, var_run_t;
class dir rw_dir_perms;
') ')
allow $1 var_t:dir search_dir_perms; allow $1 var_t:dir search_dir_perms;
@ -3037,8 +2907,6 @@ interface(`files_filetrans_pid',`
interface(`files_rw_generic_pids',` interface(`files_rw_generic_pids',`
gen_require(` gen_require(`
type var_t, var_run_t; type var_t, var_run_t;
class dir r_dir_perms;
class file rw_file_perms;
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;
@ -3118,10 +2986,6 @@ interface(`files_delete_all_pids',`
gen_require(` gen_require(`
attribute pidfile; attribute pidfile;
type var_t, var_run_t; type var_t, var_run_t;
class dir rw_dir_perms;
class file { getattr unlink };
class lnk_file { getattr unlink };
class sock_file { getattr unlink };
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;
@ -3166,7 +3030,6 @@ interface(`files_search_spool',`
interface(`files_list_spool',` interface(`files_list_spool',`
gen_require(` gen_require(`
type var_t, var_spool_t; type var_t, var_spool_t;
class dir r_dir_perms;
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;
@ -3180,7 +3043,6 @@ interface(`files_list_spool',`
interface(`files_manage_generic_spool_dirs',` interface(`files_manage_generic_spool_dirs',`
gen_require(` gen_require(`
type var_t, var_spool_t; type var_t, var_spool_t;
class dir create_dir_perms;
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;
@ -3194,8 +3056,6 @@ interface(`files_manage_generic_spool_dirs',`
interface(`files_read_generic_spools',` interface(`files_read_generic_spools',`
gen_require(` gen_require(`
type var_t, var_spool_t; type var_t, var_spool_t;
class dir r_dir_perms;
class file r_file_perms;
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;
@ -3210,8 +3070,6 @@ interface(`files_read_generic_spools',`
interface(`files_manage_generic_spools',` interface(`files_manage_generic_spools',`
gen_require(` gen_require(`
type var_t, var_spool_t; type var_t, var_spool_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 var_t:dir search; allow $1 var_t:dir search;

View File

@ -55,7 +55,6 @@ interface(`fs_make_noxattr_fs',`
interface(`fs_associate',` interface(`fs_associate',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem associate;
') ')
allow $1 fs_t:filesystem associate; allow $1 fs_t:filesystem associate;
@ -76,7 +75,6 @@ interface(`fs_associate',`
interface(`fs_associate_noxattr',` interface(`fs_associate_noxattr',`
gen_require(` gen_require(`
attribute noxattrfs; attribute noxattrfs;
class filesystem associate;
') ')
allow $1 noxattrfs:filesystem associate; allow $1 noxattrfs:filesystem associate;
@ -112,7 +110,6 @@ interface(`fs_exec_noxattr',`
interface(`fs_mount_xattr_fs',` interface(`fs_mount_xattr_fs',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem mount;
') ')
allow $1 fs_t:filesystem mount; allow $1 fs_t:filesystem mount;
@ -132,7 +129,6 @@ interface(`fs_mount_xattr_fs',`
interface(`fs_remount_xattr_fs',` interface(`fs_remount_xattr_fs',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem remount;
') ')
allow $1 fs_t:filesystem remount; allow $1 fs_t:filesystem remount;
@ -151,7 +147,6 @@ interface(`fs_remount_xattr_fs',`
interface(`fs_unmount_xattr_fs',` interface(`fs_unmount_xattr_fs',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem unmount;
') ')
allow $1 fs_t:filesystem mount; allow $1 fs_t:filesystem mount;
@ -171,7 +166,6 @@ interface(`fs_unmount_xattr_fs',`
interface(`fs_getattr_xattr_fs',` interface(`fs_getattr_xattr_fs',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem getattr;
') ')
allow $1 fs_t:filesystem getattr; allow $1 fs_t:filesystem getattr;
@ -209,7 +203,6 @@ interface(`fs_get_xattr_fs_quotas',`
interface(`fs_dontaudit_getattr_xattr_fs',` interface(`fs_dontaudit_getattr_xattr_fs',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem getattr;
') ')
dontaudit $1 fs_t:filesystem getattr; dontaudit $1 fs_t:filesystem getattr;
@ -228,7 +221,6 @@ interface(`fs_dontaudit_getattr_xattr_fs',`
interface(`fs_relabelfrom_xattr_fs',` interface(`fs_relabelfrom_xattr_fs',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem relabelfrom;
') ')
allow $1 fs_t:filesystem relabelfrom; allow $1 fs_t:filesystem relabelfrom;
@ -246,7 +238,6 @@ interface(`fs_relabelfrom_xattr_fs',`
interface(`fs_get_xattr_fs_quota',` interface(`fs_get_xattr_fs_quota',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem quotaget;
') ')
allow $1 fs_t:filesystem quotaget; allow $1 fs_t:filesystem quotaget;
@ -264,7 +255,6 @@ interface(`fs_get_xattr_fs_quota',`
interface(`fs_set_xattr_fs_quota',` interface(`fs_set_xattr_fs_quota',`
gen_require(` gen_require(`
type fs_t; type fs_t;
class filesystem quotamod;
') ')
allow $1 fs_t:filesystem quotamod; allow $1 fs_t:filesystem quotamod;
@ -281,7 +271,6 @@ interface(`fs_set_xattr_fs_quota',`
interface(`fs_mount_autofs',` interface(`fs_mount_autofs',`
gen_require(` gen_require(`
type autofs_t; type autofs_t;
class filesystem mount;
') ')
allow $1 autofs_t:filesystem mount; allow $1 autofs_t:filesystem mount;
@ -300,7 +289,6 @@ interface(`fs_mount_autofs',`
interface(`fs_remount_autofs',` interface(`fs_remount_autofs',`
gen_require(` gen_require(`
type autofs_t; type autofs_t;
class filesystem remount;
') ')
allow $1 autofs_t:filesystem remount; allow $1 autofs_t:filesystem remount;
@ -317,7 +305,6 @@ interface(`fs_remount_autofs',`
interface(`fs_unmount_autofs',` interface(`fs_unmount_autofs',`
gen_require(` gen_require(`
type autofs_t; type autofs_t;
class filesystem unmount;
') ')
allow $1 autofs_t:filesystem mount; allow $1 autofs_t:filesystem mount;
@ -336,7 +323,6 @@ interface(`fs_unmount_autofs',`
interface(`fs_getattr_autofs',` interface(`fs_getattr_autofs',`
gen_require(` gen_require(`
type autofs_t; type autofs_t;
class filesystem getattr;
') ')
allow $1 autofs_t:filesystem getattr; allow $1 autofs_t:filesystem getattr;
@ -354,7 +340,6 @@ interface(`fs_getattr_autofs',`
interface(`fs_search_auto_mountpoints',` interface(`fs_search_auto_mountpoints',`
gen_require(` gen_require(`
type autofs_t; type autofs_t;
class dir { getattr search };
') ')
allow $1 autofs_t:dir { getattr search }; allow $1 autofs_t:dir { getattr search };
@ -412,8 +397,6 @@ interface(`fs_dontaudit_list_auto_mountpoints',`
interface(`fs_register_binary_executable_type',` interface(`fs_register_binary_executable_type',`
gen_require(` gen_require(`
type binfmt_misc_fs_t; type binfmt_misc_fs_t;
class dir { getattr search };
class file { getattr ioctl write };
') ')
allow $1 binfmt_misc_fs_t:dir { getattr search }; allow $1 binfmt_misc_fs_t:dir { getattr search };
@ -431,7 +414,6 @@ interface(`fs_register_binary_executable_type',`
interface(`fs_mount_cifs',` interface(`fs_mount_cifs',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class filesystem mount;
') ')
allow $1 cifs_t:filesystem mount; allow $1 cifs_t:filesystem mount;
@ -449,7 +431,6 @@ interface(`fs_mount_cifs',`
interface(`fs_remount_cifs',` interface(`fs_remount_cifs',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class filesystem remount;
') ')
allow $1 cifs_t:filesystem remount; allow $1 cifs_t:filesystem remount;
@ -466,7 +447,6 @@ interface(`fs_remount_cifs',`
interface(`fs_unmount_cifs',` interface(`fs_unmount_cifs',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class filesystem unmount;
') ')
allow $1 cifs_t:filesystem unmount; allow $1 cifs_t:filesystem unmount;
@ -485,7 +465,6 @@ interface(`fs_unmount_cifs',`
interface(`fs_getattr_cifs',` interface(`fs_getattr_cifs',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class filesystem getattr;
') ')
allow $1 cifs_t:filesystem getattr; allow $1 cifs_t:filesystem getattr;
@ -502,7 +481,6 @@ interface(`fs_getattr_cifs',`
interface(`fs_search_cifs',` interface(`fs_search_cifs',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir search;
') ')
allow $1 cifs_t:dir search; allow $1 cifs_t:dir search;
@ -520,7 +498,6 @@ interface(`fs_search_cifs',`
interface(`fs_list_cifs',` interface(`fs_list_cifs',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir r_dir_perms;
') ')
allow $1 cifs_t:dir r_dir_perms; allow $1 cifs_t:dir r_dir_perms;
@ -657,8 +634,6 @@ interface(`fs_dontaudit_rw_cifs_files',`
interface(`fs_read_cifs_symlinks',` interface(`fs_read_cifs_symlinks',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
allow $1 cifs_t:dir r_dir_perms; allow $1 cifs_t:dir r_dir_perms;
@ -678,7 +653,6 @@ interface(`fs_read_cifs_symlinks',`
interface(`fs_execute_cifs_files',` interface(`fs_execute_cifs_files',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir r_dir_perms;
') ')
allow $1 cifs_t:dir r_dir_perms; allow $1 cifs_t:dir r_dir_perms;
@ -732,8 +706,6 @@ interface(`fs_dontaudit_manage_cifs_dirs',`
interface(`fs_manage_cifs_files',` interface(`fs_manage_cifs_files',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 cifs_t:dir rw_dir_perms; allow $1 cifs_t:dir rw_dir_perms;
@ -770,8 +742,6 @@ interface(`fs_dontaudit_manage_cifs_files',`
interface(`fs_manage_cifs_symlinks',` interface(`fs_manage_cifs_symlinks',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir rw_dir_perms;
class lnk_file create_lnk_perms;
') ')
allow $1 cifs_t:dir rw_dir_perms; allow $1 cifs_t:dir rw_dir_perms;
@ -790,8 +760,6 @@ interface(`fs_manage_cifs_symlinks',`
interface(`fs_manage_cifs_named_pipes',` interface(`fs_manage_cifs_named_pipes',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir rw_dir_perms;
class fifo_file create_file_perms;
') ')
allow $1 cifs_t:dir rw_dir_perms; allow $1 cifs_t:dir rw_dir_perms;
@ -810,8 +778,6 @@ interface(`fs_manage_cifs_named_pipes',`
interface(`fs_manage_cifs_named_sockets',` interface(`fs_manage_cifs_named_sockets',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir rw_dir_perms;
class sock_file create_file_perms;
') ')
allow $1 cifs_t:dir rw_file_perms; allow $1 cifs_t:dir rw_file_perms;
@ -852,7 +818,6 @@ interface(`fs_manage_cifs_named_sockets',`
interface(`fs_cifs_domtrans',` interface(`fs_cifs_domtrans',`
gen_require(` gen_require(`
type cifs_t; type cifs_t;
class dir search;
') ')
allow $1 cifs_t:dir search; allow $1 cifs_t:dir search;
@ -872,7 +837,6 @@ interface(`fs_cifs_domtrans',`
interface(`fs_mount_dos_fs',` interface(`fs_mount_dos_fs',`
gen_require(` gen_require(`
type dosfs_t; type dosfs_t;
class filesystem mount;
') ')
allow $1 dosfs_t:filesystem mount; allow $1 dosfs_t:filesystem mount;
@ -891,7 +855,6 @@ interface(`fs_mount_dos_fs',`
interface(`fs_remount_dos_fs',` interface(`fs_remount_dos_fs',`
gen_require(` gen_require(`
type dosfs_t; type dosfs_t;
class filesystem remount;
') ')
allow $1 dosfs_t:filesystem remount; allow $1 dosfs_t:filesystem remount;
@ -909,7 +872,6 @@ interface(`fs_remount_dos_fs',`
interface(`fs_unmount_dos_fs',` interface(`fs_unmount_dos_fs',`
gen_require(` gen_require(`
type dosfs_t; type dosfs_t;
class filesystem unmount;
') ')
allow $1 dosfs_t:filesystem mount; allow $1 dosfs_t:filesystem mount;
@ -928,7 +890,6 @@ interface(`fs_unmount_dos_fs',`
interface(`fs_getattr_dos_fs',` interface(`fs_getattr_dos_fs',`
gen_require(` gen_require(`
type dosfs_t; type dosfs_t;
class filesystem getattr;
') ')
allow $1 dosfs_t:filesystem getattr; allow $1 dosfs_t:filesystem getattr;
@ -946,7 +907,6 @@ interface(`fs_getattr_dos_fs',`
interface(`fs_relabelfrom_dos_fs',` interface(`fs_relabelfrom_dos_fs',`
gen_require(` gen_require(`
type dosfs_t; type dosfs_t;
class filesystem relabelfrom;
') ')
allow $1 dosfs_t:filesystem relabelfrom; allow $1 dosfs_t:filesystem relabelfrom;
@ -997,7 +957,6 @@ interface(`fs_search_inotifyfs',`
interface(`fs_mount_iso9660_fs',` interface(`fs_mount_iso9660_fs',`
gen_require(` gen_require(`
type iso9660_t; type iso9660_t;
class filesystem mount;
') ')
allow $1 iso9660_t:filesystem mount; allow $1 iso9660_t:filesystem mount;
@ -1016,7 +975,6 @@ interface(`fs_mount_iso9660_fs',`
interface(`fs_remount_iso9660_fs',` interface(`fs_remount_iso9660_fs',`
gen_require(` gen_require(`
type iso9660_t; type iso9660_t;
class filesystem remount;
') ')
allow $1 iso9660_t:filesystem remount; allow $1 iso9660_t:filesystem remount;
@ -1034,7 +992,6 @@ interface(`fs_remount_iso9660_fs',`
interface(`fs_unmount_iso9660_fs',` interface(`fs_unmount_iso9660_fs',`
gen_require(` gen_require(`
type iso9660_t; type iso9660_t;
class filesystem unmount;
') ')
allow $1 iso9660_t:filesystem mount; allow $1 iso9660_t:filesystem mount;
@ -1053,7 +1010,6 @@ interface(`fs_unmount_iso9660_fs',`
interface(`fs_getattr_iso9660_fs',` interface(`fs_getattr_iso9660_fs',`
gen_require(` gen_require(`
type iso9660_t; type iso9660_t;
class filesystem getattr;
') ')
allow $1 iso9660_t:filesystem getattr; allow $1 iso9660_t:filesystem getattr;
@ -1070,7 +1026,6 @@ interface(`fs_getattr_iso9660_fs',`
interface(`fs_mount_nfs',` interface(`fs_mount_nfs',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class filesystem mount;
') ')
allow $1 nfs_t:filesystem mount; allow $1 nfs_t:filesystem mount;
@ -1088,7 +1043,6 @@ interface(`fs_mount_nfs',`
interface(`fs_remount_nfs',` interface(`fs_remount_nfs',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class filesystem remount;
') ')
allow $1 nfs_t:filesystem remount; allow $1 nfs_t:filesystem remount;
@ -1105,7 +1059,6 @@ interface(`fs_remount_nfs',`
interface(`fs_unmount_nfs',` interface(`fs_unmount_nfs',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class filesystem unmount;
') ')
allow $1 nfs_t:filesystem mount; allow $1 nfs_t:filesystem mount;
@ -1123,7 +1076,6 @@ interface(`fs_unmount_nfs',`
interface(`fs_getattr_nfs',` interface(`fs_getattr_nfs',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class filesystem getattr;
') ')
allow $1 nfs_t:filesystem getattr; allow $1 nfs_t:filesystem getattr;
@ -1140,7 +1092,6 @@ interface(`fs_getattr_nfs',`
interface(`fs_search_nfs',` interface(`fs_search_nfs',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir search;
') ')
allow $1 nfs_t:dir search; allow $1 nfs_t:dir search;
@ -1190,8 +1141,6 @@ interface(`fs_dontaudit_list_nfs',`
interface(`fs_read_nfs_files',` interface(`fs_read_nfs_files',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir r_dir_perms;
class file r_file_perms;
') ')
allow $1 nfs_t:dir r_dir_perms; allow $1 nfs_t:dir r_dir_perms;
@ -1243,7 +1192,6 @@ interface(`fs_write_nfs_files',`
interface(`fs_execute_nfs_files',` interface(`fs_execute_nfs_files',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir r_dir_perms;
') ')
allow $1 nfs_t:dir r_dir_perms; allow $1 nfs_t:dir r_dir_perms;
@ -1278,8 +1226,6 @@ interface(`fs_dontaudit_rw_nfs_files',`
interface(`fs_read_nfs_symlinks',` interface(`fs_read_nfs_symlinks',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
allow $1 nfs_t:dir r_dir_perms; allow $1 nfs_t:dir r_dir_perms;
@ -1428,7 +1374,6 @@ interface(`fs_read_rpc_dirs',`
interface(`fs_read_rpc_files',` interface(`fs_read_rpc_files',`
gen_require(` gen_require(`
type rpc_pipefs_t; type rpc_pipefs_t;
class file { read getattr };
') ')
allow $1 rpc_pipefs_t:file { read getattr }; allow $1 rpc_pipefs_t:file { read getattr };
@ -1446,7 +1391,6 @@ interface(`fs_read_rpc_files',`
interface(`fs_read_rpc_symlinks',` interface(`fs_read_rpc_symlinks',`
gen_require(` gen_require(`
type rpc_pipefs_t; type rpc_pipefs_t;
class lnk_file { getattr read };
') ')
allow $1 rpc_pipefs_t:lnk_file { getattr read }; allow $1 rpc_pipefs_t:lnk_file { getattr read };
@ -1464,7 +1408,6 @@ interface(`fs_read_rpc_symlinks',`
interface(`fs_read_rpc_sockets',` interface(`fs_read_rpc_sockets',`
gen_require(` gen_require(`
type rpc_pipefs_t; type rpc_pipefs_t;
class sock_file { read write };
') ')
allow $1 rpc_pipefs_t:sock_file { read write }; allow $1 rpc_pipefs_t:sock_file { read write };
@ -1483,7 +1426,6 @@ interface(`fs_read_rpc_sockets',`
interface(`fs_manage_nfs_dirs',` interface(`fs_manage_nfs_dirs',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir create_dir_perms;
') ')
allow $1 nfs_t:dir create_dir_perms; allow $1 nfs_t:dir create_dir_perms;
@ -1519,8 +1461,6 @@ interface(`fs_dontaudit_manage_nfs_dirs',`
interface(`fs_manage_nfs_files',` interface(`fs_manage_nfs_files',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 nfs_t:dir rw_dir_perms; allow $1 nfs_t:dir rw_dir_perms;
@ -1557,8 +1497,6 @@ interface(`fs_dontaudit_manage_nfs_files',`
interface(`fs_manage_nfs_symlinks',` interface(`fs_manage_nfs_symlinks',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir r_dir_perms;
class lnk_file create_lnk_perms;
') ')
allow $1 nfs_t:dir rw_dir_perms; allow $1 nfs_t:dir rw_dir_perms;
@ -1577,8 +1515,6 @@ interface(`fs_manage_nfs_symlinks',`
interface(`fs_manage_nfs_named_pipes',` interface(`fs_manage_nfs_named_pipes',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir rw_dir_perms;
class fifo_file create_file_perms;
') ')
allow $1 nfs_t:dir rw_dir_perms; allow $1 nfs_t:dir rw_dir_perms;
@ -1597,8 +1533,6 @@ interface(`fs_manage_nfs_named_pipes',`
interface(`fs_manage_nfs_named_sockets',` interface(`fs_manage_nfs_named_sockets',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir rw_dir_perms;
class sock_file create_file_perms;
') ')
allow $1 nfs_t:dir rw_dir_perms; allow $1 nfs_t:dir rw_dir_perms;
@ -1639,7 +1573,6 @@ interface(`fs_manage_nfs_named_sockets',`
interface(`fs_nfs_domtrans',` interface(`fs_nfs_domtrans',`
gen_require(` gen_require(`
type nfs_t; type nfs_t;
class dir search;
') ')
allow $1 nfs_t:dir search; allow $1 nfs_t:dir search;
@ -1658,7 +1591,6 @@ interface(`fs_nfs_domtrans',`
interface(`fs_mount_nfsd_fs',` interface(`fs_mount_nfsd_fs',`
gen_require(` gen_require(`
type nfsd_fs_t; type nfsd_fs_t;
class filesystem mount;
') ')
allow $1 nfsd_fs_t:filesystem mount; allow $1 nfsd_fs_t:filesystem mount;
@ -1676,7 +1608,6 @@ interface(`fs_mount_nfsd_fs',`
interface(`fs_remount_nfsd_fs',` interface(`fs_remount_nfsd_fs',`
gen_require(` gen_require(`
type nfsd_fs_t; type nfsd_fs_t;
class filesystem remount;
') ')
allow $1 nfsd_fs_t:filesystem remount; allow $1 nfsd_fs_t:filesystem remount;
@ -1693,7 +1624,6 @@ interface(`fs_remount_nfsd_fs',`
interface(`fs_unmount_nfsd_fs',` interface(`fs_unmount_nfsd_fs',`
gen_require(` gen_require(`
type nfsd_fs_t; type nfsd_fs_t;
class filesystem unmount;
') ')
allow $1 nfsd_fs_t:filesystem mount; allow $1 nfsd_fs_t:filesystem mount;
@ -1712,7 +1642,6 @@ interface(`fs_unmount_nfsd_fs',`
interface(`fs_getattr_nfsd_fs',` interface(`fs_getattr_nfsd_fs',`
gen_require(` gen_require(`
type nfsd_fs_t; type nfsd_fs_t;
class filesystem getattr;
') ')
allow $1 nfsd_fs_t:filesystem getattr; allow $1 nfsd_fs_t:filesystem getattr;
@ -1730,7 +1659,6 @@ interface(`fs_getattr_nfsd_fs',`
interface(`fs_search_nfsd_fs',` interface(`fs_search_nfsd_fs',`
gen_require(` gen_require(`
type nfsd_fs_t; type nfsd_fs_t;
class dir search;
') ')
allow $1 nfsd_fs_t:dir search; allow $1 nfsd_fs_t:dir search;
@ -1748,7 +1676,6 @@ interface(`fs_search_nfsd_fs',`
interface(`fs_rw_nfsd_fs',` interface(`fs_rw_nfsd_fs',`
gen_require(` gen_require(`
type nfsd_fs_t; type nfsd_fs_t;
class file rw_file_perms;
') ')
allow $1 nfsd_fs_t:file rw_file_perms; allow $1 nfsd_fs_t:file rw_file_perms;
@ -1765,7 +1692,6 @@ interface(`fs_rw_nfsd_fs',`
interface(`fs_mount_ramfs',` interface(`fs_mount_ramfs',`
gen_require(` gen_require(`
type ramfs_t; type ramfs_t;
class filesystem mount;
') ')
allow $1 ramfs_t:filesystem mount; allow $1 ramfs_t:filesystem mount;
@ -1783,7 +1709,6 @@ interface(`fs_mount_ramfs',`
interface(`fs_remount_ramfs',` interface(`fs_remount_ramfs',`
gen_require(` gen_require(`
type ramfs_t; type ramfs_t;
class filesystem remount;
') ')
allow $1 ramfs_t:filesystem remount; allow $1 ramfs_t:filesystem remount;
@ -1800,7 +1725,6 @@ interface(`fs_remount_ramfs',`
interface(`fs_unmount_ramfs',` interface(`fs_unmount_ramfs',`
gen_require(` gen_require(`
type ramfs_t; type ramfs_t;
class filesystem unmount;
') ')
allow $1 ramfs_t:filesystem mount; allow $1 ramfs_t:filesystem mount;
@ -1818,7 +1742,6 @@ interface(`fs_unmount_ramfs',`
interface(`fs_getattr_ramfs',` interface(`fs_getattr_ramfs',`
gen_require(` gen_require(`
type ramfs_t; type ramfs_t;
class filesystem getattr;
') ')
allow $1 ramfs_t:filesystem getattr; allow $1 ramfs_t:filesystem getattr;
@ -1915,7 +1838,6 @@ interface(`fs_write_ramfs_socket',`
interface(`fs_mount_romfs',` interface(`fs_mount_romfs',`
gen_require(` gen_require(`
type romfs_t; type romfs_t;
class filesystem mount;
') ')
allow $1 romfs_t:filesystem mount; allow $1 romfs_t:filesystem mount;
@ -1933,7 +1855,6 @@ interface(`fs_mount_romfs',`
interface(`fs_remount_romfs',` interface(`fs_remount_romfs',`
gen_require(` gen_require(`
type romfs_t; type romfs_t;
class filesystem remount;
') ')
allow $1 romfs_t:filesystem remount; allow $1 romfs_t:filesystem remount;
@ -1950,7 +1871,6 @@ interface(`fs_remount_romfs',`
interface(`fs_unmount_romfs',` interface(`fs_unmount_romfs',`
gen_require(` gen_require(`
type romfs_t; type romfs_t;
class filesystem unmount;
') ')
allow $1 romfs_t:filesystem mount; allow $1 romfs_t:filesystem mount;
@ -1969,7 +1889,6 @@ interface(`fs_unmount_romfs',`
interface(`fs_getattr_romfs',` interface(`fs_getattr_romfs',`
gen_require(` gen_require(`
type romfs_t; type romfs_t;
class filesystem getattr;
') ')
allow $1 romfs_t:filesystem getattr; allow $1 romfs_t:filesystem getattr;
@ -1986,7 +1905,6 @@ interface(`fs_getattr_romfs',`
interface(`fs_mount_rpc_pipefs',` interface(`fs_mount_rpc_pipefs',`
gen_require(` gen_require(`
type rpc_pipefs_t; type rpc_pipefs_t;
class filesystem mount;
') ')
allow $1 rpc_pipefs_t:filesystem mount; allow $1 rpc_pipefs_t:filesystem mount;
@ -2004,7 +1922,6 @@ interface(`fs_mount_rpc_pipefs',`
interface(`fs_remount_rpc_pipefs',` interface(`fs_remount_rpc_pipefs',`
gen_require(` gen_require(`
type rpc_pipefs_t; type rpc_pipefs_t;
class filesystem remount;
') ')
allow $1 rpc_pipefs_t:filesystem remount; allow $1 rpc_pipefs_t:filesystem remount;
@ -2021,7 +1938,6 @@ interface(`fs_remount_rpc_pipefs',`
interface(`fs_unmount_rpc_pipefs',` interface(`fs_unmount_rpc_pipefs',`
gen_require(` gen_require(`
type rpc_pipefs_t; type rpc_pipefs_t;
class filesystem unmount;
') ')
allow $1 rpc_pipefs_t:filesystem mount; allow $1 rpc_pipefs_t:filesystem mount;
@ -2040,7 +1956,6 @@ interface(`fs_unmount_rpc_pipefs',`
interface(`fs_getattr_rpc_pipefs',` interface(`fs_getattr_rpc_pipefs',`
gen_require(` gen_require(`
type rpc_pipefs_t; type rpc_pipefs_t;
class filesystem getattr;
') ')
allow $1 rpc_pipefs_t:filesystem getattr; allow $1 rpc_pipefs_t:filesystem getattr;
@ -2057,7 +1972,6 @@ interface(`fs_getattr_rpc_pipefs',`
interface(`fs_mount_tmpfs',` interface(`fs_mount_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class filesystem mount;
') ')
allow $1 tmpfs_t:filesystem mount; allow $1 tmpfs_t:filesystem mount;
@ -2074,7 +1988,6 @@ interface(`fs_mount_tmpfs',`
interface(`fs_remount_tmpfs',` interface(`fs_remount_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class filesystem remount;
') ')
allow $1 tmpfs_t:filesystem remount; allow $1 tmpfs_t:filesystem remount;
@ -2091,7 +2004,6 @@ interface(`fs_remount_tmpfs',`
interface(`fs_unmount_tmpfs',` interface(`fs_unmount_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class filesystem unmount;
') ')
allow $1 tmpfs_t:filesystem mount; allow $1 tmpfs_t:filesystem mount;
@ -2110,7 +2022,6 @@ interface(`fs_unmount_tmpfs',`
interface(`fs_getattr_tmpfs',` interface(`fs_getattr_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class filesystem getattr;
') ')
allow $1 tmpfs_t:filesystem getattr; allow $1 tmpfs_t:filesystem getattr;
@ -2127,7 +2038,6 @@ interface(`fs_getattr_tmpfs',`
interface(`fs_associate_tmpfs',` interface(`fs_associate_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class filesystem associate;
') ')
allow $1 tmpfs_t:filesystem associate; allow $1 tmpfs_t:filesystem associate;
@ -2144,7 +2054,6 @@ interface(`fs_associate_tmpfs',`
interface(`fs_getattr_tmpfs_dir',` interface(`fs_getattr_tmpfs_dir',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir getattr;
') ')
allow $1 tmpfs_t:dir getattr; allow $1 tmpfs_t:dir getattr;
@ -2161,7 +2070,6 @@ interface(`fs_getattr_tmpfs_dir',`
interface(`fs_setattr_tmpfs_dir',` interface(`fs_setattr_tmpfs_dir',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir setattr;
') ')
allow $1 tmpfs_t:dir setattr; allow $1 tmpfs_t:dir setattr;
@ -2178,7 +2086,6 @@ interface(`fs_setattr_tmpfs_dir',`
interface(`fs_search_tmpfs',` interface(`fs_search_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir search;
') ')
allow $1 tmpfs_t:dir search; allow $1 tmpfs_t:dir search;
@ -2195,7 +2102,6 @@ interface(`fs_search_tmpfs',`
interface(`fs_list_tmpfs',` interface(`fs_list_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir r_dir_perms;
') ')
allow $1 tmpfs_t:dir r_dir_perms; allow $1 tmpfs_t:dir r_dir_perms;
@ -2213,7 +2119,6 @@ interface(`fs_list_tmpfs',`
interface(`fs_dontaudit_list_tmpfs',` interface(`fs_dontaudit_list_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir r_dir_perms;
') ')
dontaudit $1 tmpfs_t:dir r_dir_perms; dontaudit $1 tmpfs_t:dir r_dir_perms;
@ -2231,7 +2136,6 @@ interface(`fs_dontaudit_list_tmpfs',`
interface(`fs_manage_tmpfs_dirs',` interface(`fs_manage_tmpfs_dirs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir create_dir_perms;
') ')
allow $1 tmpfs_t:dir create_dir_perms; allow $1 tmpfs_t:dir create_dir_perms;
@ -2244,8 +2148,6 @@ interface(`fs_manage_tmpfs_dirs',`
interface(`fs_filetrans_tmpfs',` interface(`fs_filetrans_tmpfs',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class filesystem associate;
class dir rw_dir_perms;
') ')
allow $2 tmpfs_t:filesystem associate; allow $2 tmpfs_t:filesystem associate;
@ -2337,8 +2239,6 @@ interface(`fs_read_tmpfs_symlinks',`
interface(`fs_use_tmpfs_chr_dev',` interface(`fs_use_tmpfs_chr_dev',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir r_dir_perms;
class chr_file rw_file_perms;
') ')
allow $1 tmpfs_t:dir r_dir_perms; allow $1 tmpfs_t:dir r_dir_perms;
@ -2356,8 +2256,6 @@ interface(`fs_use_tmpfs_chr_dev',`
interface(`fs_dontaudit_use_tmpfs_chr_dev',` interface(`fs_dontaudit_use_tmpfs_chr_dev',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir r_dir_perms;
class chr_file rw_file_perms;
') ')
dontaudit $1 tmpfs_t:dir r_dir_perms; dontaudit $1 tmpfs_t:dir r_dir_perms;
@ -2375,8 +2273,6 @@ interface(`fs_dontaudit_use_tmpfs_chr_dev',`
interface(`fs_relabel_tmpfs_chr_dev',` interface(`fs_relabel_tmpfs_chr_dev',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir r_dir_perms;
class chr_file { getattr relabelfrom relabelto };
') ')
allow $1 tmpfs_t:dir r_dir_perms; allow $1 tmpfs_t:dir r_dir_perms;
@ -2394,8 +2290,6 @@ interface(`fs_relabel_tmpfs_chr_dev',`
interface(`fs_use_tmpfs_blk_dev',` interface(`fs_use_tmpfs_blk_dev',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir r_dir_perms;
class blk_file rw_file_perms;
') ')
allow $1 tmpfs_t:dir r_dir_perms; allow $1 tmpfs_t:dir r_dir_perms;
@ -2413,8 +2307,6 @@ interface(`fs_use_tmpfs_blk_dev',`
interface(`fs_relabel_tmpfs_blk_dev',` interface(`fs_relabel_tmpfs_blk_dev',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir r_dir_perms;
class blk_file { getattr relabelfrom relabelto };
') ')
allow $1 tmpfs_t:dir r_dir_perms; allow $1 tmpfs_t:dir r_dir_perms;
@ -2433,8 +2325,6 @@ interface(`fs_relabel_tmpfs_blk_dev',`
interface(`fs_manage_tmpfs_files',` interface(`fs_manage_tmpfs_files',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
allow $1 tmpfs_t:dir rw_dir_perms; allow $1 tmpfs_t:dir rw_dir_perms;
@ -2453,8 +2343,6 @@ interface(`fs_manage_tmpfs_files',`
interface(`fs_manage_tmpfs_symlinks',` interface(`fs_manage_tmpfs_symlinks',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir rw_dir_perms;
class chr_file create_lnk_perms;
') ')
allow $1 tmpfs_t:dir rw_dir_perms; allow $1 tmpfs_t:dir rw_dir_perms;
@ -2473,8 +2361,6 @@ interface(`fs_manage_tmpfs_symlinks',`
interface(`fs_manage_tmpfs_sockets',` interface(`fs_manage_tmpfs_sockets',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir rw_dir_perms;
class sock_file create_file_perms;
') ')
allow $1 tmpfs_t:dir rw_dir_perms; allow $1 tmpfs_t:dir rw_dir_perms;
@ -2493,8 +2379,6 @@ interface(`fs_manage_tmpfs_sockets',`
interface(`fs_manage_tmpfs_chr_dev',` interface(`fs_manage_tmpfs_chr_dev',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir rw_dir_perms;
class chr_file create_file_perms;
') ')
allow $1 tmpfs_t:dir rw_dir_perms; allow $1 tmpfs_t:dir rw_dir_perms;
@ -2513,8 +2397,6 @@ interface(`fs_manage_tmpfs_chr_dev',`
interface(`fs_manage_tmpfs_blk_dev',` interface(`fs_manage_tmpfs_blk_dev',`
gen_require(` gen_require(`
type tmpfs_t; type tmpfs_t;
class dir rw_dir_perms;
class blk_file create_file_perms;
') ')
allow $1 tmpfs_t:dir rw_dir_perms; allow $1 tmpfs_t:dir rw_dir_perms;
@ -2532,7 +2414,6 @@ interface(`fs_manage_tmpfs_blk_dev',`
interface(`fs_mount_all_fs',` interface(`fs_mount_all_fs',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class filesystem mount;
') ')
allow $1 filesystem_type:filesystem mount; allow $1 filesystem_type:filesystem mount;
@ -2550,7 +2431,6 @@ interface(`fs_mount_all_fs',`
interface(`fs_remount_all_fs',` interface(`fs_remount_all_fs',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class filesystem remount;
') ')
allow $1 filesystem_type:filesystem remount; allow $1 filesystem_type:filesystem remount;
@ -2567,7 +2447,6 @@ interface(`fs_remount_all_fs',`
interface(`fs_unmount_all_fs',` interface(`fs_unmount_all_fs',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class filesystem unmount;
') ')
allow $1 filesystem_type:filesystem unmount; allow $1 filesystem_type:filesystem unmount;
@ -2586,7 +2465,6 @@ interface(`fs_unmount_all_fs',`
interface(`fs_getattr_all_fs',` interface(`fs_getattr_all_fs',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class filesystem getattr;
') ')
allow $1 filesystem_type:filesystem getattr; allow $1 filesystem_type:filesystem getattr;
@ -2604,7 +2482,6 @@ interface(`fs_getattr_all_fs',`
interface(`fs_dontaudit_getattr_all_fs',` interface(`fs_dontaudit_getattr_all_fs',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class filesystem getattr;
') ')
dontaudit $1 filesystem_type:filesystem getattr; dontaudit $1 filesystem_type:filesystem getattr;
@ -2621,7 +2498,6 @@ interface(`fs_dontaudit_getattr_all_fs',`
interface(`fs_get_all_fs_quotas',` interface(`fs_get_all_fs_quotas',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class filesystem quotaget;
') ')
allow $1 filesystem_type:filesystem quotaget; allow $1 filesystem_type:filesystem quotaget;
@ -2638,7 +2514,6 @@ interface(`fs_get_all_fs_quotas',`
interface(`fs_set_all_quotas',` interface(`fs_set_all_quotas',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class filesystem quotamod;
') ')
allow $1 filesystem_type:filesystem quotamod; allow $1 filesystem_type:filesystem quotamod;
@ -2705,7 +2580,6 @@ interface(`fs_search_all',`
interface(`fs_list_all',` interface(`fs_list_all',`
gen_require(` gen_require(`
attribute filesystem_type; attribute filesystem_type;
class dir r_dir_perms;
') ')
allow $1 filesystem_type:dir r_dir_perms; allow $1 filesystem_type:dir r_dir_perms;

View File

@ -139,8 +139,8 @@ sid any_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid file_labels gen_context(system_u:object_r:unlabeled_t,s0) sid file_labels gen_context(system_u:object_r:unlabeled_t,s0)
sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255) sid icmp_socket gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255) sid igmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid init gen_context(system_u:object_r:unlabeled_t,s0) sid init gen_context(system_u:object_r:unlabeled_t,s0)
sid kmod gen_context(system_u:object_r:unlabeled_t,s15:c0.c255) sid kmod gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid netmsg gen_context(system_u:object_r:unlabeled_t,s15:c0.c255) sid netmsg gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid policy gen_context(system_u:object_r:unlabeled_t,s15:c0.c255) sid policy gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)
sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255) sid scmp_packet gen_context(system_u:object_r:unlabeled_t,s15:c0.c255)

View File

@ -12,7 +12,6 @@
interface(`storage_getattr_fixed_disk',` interface(`storage_getattr_fixed_disk',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -31,7 +30,6 @@ interface(`storage_getattr_fixed_disk',`
interface(`storage_dontaudit_getattr_fixed_disk',` interface(`storage_dontaudit_getattr_fixed_disk',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file getattr;
') ')
dontaudit $1 fixed_disk_device_t:blk_file getattr; dontaudit $1 fixed_disk_device_t:blk_file getattr;
@ -49,7 +47,6 @@ interface(`storage_dontaudit_getattr_fixed_disk',`
interface(`storage_setattr_fixed_disk',` interface(`storage_setattr_fixed_disk',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -88,7 +85,6 @@ interface(`storage_raw_read_fixed_disk',`
gen_require(` gen_require(`
attribute fixed_disk_raw_read; attribute fixed_disk_raw_read;
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file r_file_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -166,7 +162,6 @@ interface(`storage_create_fixed_disk',`
gen_require(` gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write; attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file create_file_perms;
') ')
allow $1 fixed_disk_device_t:blk_file create_file_perms; allow $1 fixed_disk_device_t:blk_file create_file_perms;
@ -186,7 +181,6 @@ interface(`storage_manage_fixed_disk',`
gen_require(` gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write; attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file create_file_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -206,7 +200,6 @@ interface(`storage_create_fixed_disk_tmpfs',`
gen_require(` gen_require(`
attribute fixed_disk_raw_read, fixed_disk_raw_write; attribute fixed_disk_raw_read, fixed_disk_raw_write;
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file create_file_perms;
') ')
allow $1 fixed_disk_device_t:blk_file create_file_perms; allow $1 fixed_disk_device_t:blk_file create_file_perms;
@ -226,7 +219,6 @@ interface(`storage_create_fixed_disk_tmpfs',`
interface(`storage_relabel_fixed_disk',` interface(`storage_relabel_fixed_disk',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file { relabelfrom relabelto };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -244,7 +236,6 @@ interface(`storage_relabel_fixed_disk',`
interface(`storage_swapon_fixed_disk',` interface(`storage_swapon_fixed_disk',`
gen_require(` gen_require(`
type fixed_disk_device_t; type fixed_disk_device_t;
class blk_file { getattr swapon };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -266,7 +257,6 @@ interface(`storage_raw_read_lvm_volume',`
gen_require(` gen_require(`
attribute fixed_disk_raw_read; attribute fixed_disk_raw_read;
type lvm_vg_t; type lvm_vg_t;
class blk_file r_file_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -289,7 +279,6 @@ interface(`storage_raw_write_lvm_volume',`
gen_require(` gen_require(`
attribute fixed_disk_raw_write; attribute fixed_disk_raw_write;
type lvm_vg_t; type lvm_vg_t;
class blk_file { getattr write ioctl };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -426,7 +415,6 @@ interface(`storage_dontaudit_rw_scsi_generic',`
interface(`storage_getattr_removable_device',` interface(`storage_getattr_removable_device',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
class blk_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -445,7 +433,6 @@ interface(`storage_getattr_removable_device',`
interface(`storage_dontaudit_getattr_removable_device',` interface(`storage_dontaudit_getattr_removable_device',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
class blk_file getattr;
') ')
dontaudit $1 removable_device_t:blk_file getattr; dontaudit $1 removable_device_t:blk_file getattr;
@ -463,7 +450,6 @@ interface(`storage_dontaudit_getattr_removable_device',`
interface(`storage_dontaudit_read_removable_device',` interface(`storage_dontaudit_read_removable_device',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
class blk_file { getattr ioctl read };
') ')
@ -482,7 +468,6 @@ interface(`storage_dontaudit_read_removable_device',`
interface(`storage_setattr_removable_device',` interface(`storage_setattr_removable_device',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
class blk_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -501,7 +486,6 @@ interface(`storage_setattr_removable_device',`
interface(`storage_dontaudit_setattr_removable_device',` interface(`storage_dontaudit_setattr_removable_device',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
class blk_file setattr;
') ')
dontaudit $1 removable_device_t:blk_file setattr; dontaudit $1 removable_device_t:blk_file setattr;
@ -522,7 +506,6 @@ interface(`storage_dontaudit_setattr_removable_device',`
interface(`storage_raw_read_removable_device',` interface(`storage_raw_read_removable_device',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
class blk_file r_file_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -560,7 +543,6 @@ interface(`storage_dontaudit_raw_read_removable_device',`
interface(`storage_raw_write_removable_device',` interface(`storage_raw_write_removable_device',`
gen_require(` gen_require(`
type removable_device_t; type removable_device_t;
class blk_file { getattr write ioctl };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)

View File

@ -240,7 +240,6 @@ interface(`term_setattr_console',`
interface(`term_dontaudit_getattr_pty_dir',` interface(`term_dontaudit_getattr_pty_dir',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
class dir getattr;
') ')
dontaudit $1 devpts_t:dir getattr; dontaudit $1 devpts_t:dir getattr;
@ -293,7 +292,6 @@ interface(`term_dontaudit_search_ptys',`
interface(`term_list_ptys',` interface(`term_list_ptys',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
class dir r_dir_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -312,7 +310,6 @@ interface(`term_list_ptys',`
interface(`term_dontaudit_list_ptys',` interface(`term_dontaudit_list_ptys',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
class dir { getattr search read };
') ')
dontaudit $1 devpts_t:dir { getattr search read }; dontaudit $1 devpts_t:dir { getattr search read };
@ -330,7 +327,6 @@ interface(`term_dontaudit_list_ptys',`
interface(`term_dontaudit_manage_pty_dir',` interface(`term_dontaudit_manage_pty_dir',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
class dir create_dir_perms;
') ')
dontaudit $1 devpts_t:dir create_dir_perms; dontaudit $1 devpts_t:dir create_dir_perms;
@ -388,7 +384,6 @@ interface(`term_use_generic_pty',`
interface(`term_dontaudit_use_generic_pty',` interface(`term_dontaudit_use_generic_pty',`
gen_require(` gen_require(`
type devpts_t; type devpts_t;
class chr_file { read write };
') ')
dontaudit $1 devpts_t:chr_file { read write }; dontaudit $1 devpts_t:chr_file { read write };
@ -440,7 +435,6 @@ interface(`term_use_ptmx',`
interface(`term_dontaudit_use_ptmx',` interface(`term_dontaudit_use_ptmx',`
gen_require(` gen_require(`
type ptmx_t; type ptmx_t;
class chr_file { getattr read write };
') ')
dontaudit $1 ptmx_t:chr_file { getattr read write }; dontaudit $1 ptmx_t:chr_file { getattr read write };
@ -458,8 +452,6 @@ interface(`term_dontaudit_use_ptmx',`
interface(`term_getattr_all_user_ptys',` interface(`term_getattr_all_user_ptys',`
gen_require(` gen_require(`
attribute ptynode; attribute ptynode;
class dir r_dir_perms;
class chr_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -480,7 +472,6 @@ interface(`term_getattr_all_user_ptys',`
interface(`term_dontaudit_getattr_all_user_ptys',` interface(`term_dontaudit_getattr_all_user_ptys',`
gen_require(` gen_require(`
attribute ptynode; attribute ptynode;
class chr_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -500,8 +491,6 @@ interface(`term_dontaudit_getattr_all_user_ptys',`
interface(`term_setattr_all_user_ptys',` interface(`term_setattr_all_user_ptys',`
gen_require(` gen_require(`
attribute ptynode; attribute ptynode;
class dir r_dir_perms;
class chr_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -520,7 +509,6 @@ interface(`term_setattr_all_user_ptys',`
interface(`term_relabelto_all_user_ptys',` interface(`term_relabelto_all_user_ptys',`
gen_require(` gen_require(`
attribute ptynode; attribute ptynode;
class chr_file relabelto;
') ')
allow $1 ptynode:chr_file relabelto; allow $1 ptynode:chr_file relabelto;
@ -575,7 +563,6 @@ interface(`term_relabel_all_user_ptys',`
gen_require(` gen_require(`
attribute ptynode; attribute ptynode;
type devpts_t; type devpts_t;
class chr_file { relabelfrom relabelto };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -595,7 +582,6 @@ interface(`term_relabel_all_user_ptys',`
interface(`term_getattr_unallocated_ttys',` interface(`term_getattr_unallocated_ttys',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
class chr_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -614,7 +600,6 @@ interface(`term_getattr_unallocated_ttys',`
interface(`term_dontaudit_getattr_unallocated_ttys',` interface(`term_dontaudit_getattr_unallocated_ttys',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
class chr_file getattr;
') ')
dontaudit $1 tty_device_t:chr_file getattr; dontaudit $1 tty_device_t:chr_file getattr;
@ -632,7 +617,6 @@ interface(`term_dontaudit_getattr_unallocated_ttys',`
interface(`term_setattr_unallocated_ttys',` interface(`term_setattr_unallocated_ttys',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
class chr_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -668,7 +652,6 @@ interface(`term_dontaudit_ioctl_unallocated_ttys',`
interface(`term_relabel_unallocated_ttys',` interface(`term_relabel_unallocated_ttys',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
class chr_file { relabelfrom relabelto };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -688,7 +671,6 @@ interface(`term_reset_tty_labels',`
gen_require(` gen_require(`
attribute ttynode; attribute ttynode;
type tty_device_t; type tty_device_t;
class chr_file { relabelfrom relabelto };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -707,7 +689,6 @@ interface(`term_reset_tty_labels',`
interface(`term_write_unallocated_ttys',` interface(`term_write_unallocated_ttys',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
class chr_file { getattr write };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -743,7 +724,6 @@ interface(`term_use_unallocated_tty',`
interface(`term_dontaudit_use_unallocated_tty',` interface(`term_dontaudit_use_unallocated_tty',`
gen_require(` gen_require(`
type tty_device_t; type tty_device_t;
class chr_file { read write };
') ')
dontaudit $1 tty_device_t:chr_file { read write }; dontaudit $1 tty_device_t:chr_file { read write };
@ -761,7 +741,6 @@ interface(`term_dontaudit_use_unallocated_tty',`
interface(`term_getattr_all_user_ttys',` interface(`term_getattr_all_user_ttys',`
gen_require(` gen_require(`
attribute ttynode; attribute ttynode;
class chr_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -781,7 +760,6 @@ interface(`term_getattr_all_user_ttys',`
interface(`term_dontaudit_getattr_all_user_ttys',` interface(`term_dontaudit_getattr_all_user_ttys',`
gen_require(` gen_require(`
attribute ttynode; attribute ttynode;
class chr_file getattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -800,7 +778,6 @@ interface(`term_dontaudit_getattr_all_user_ttys',`
interface(`term_setattr_all_user_ttys',` interface(`term_setattr_all_user_ttys',`
gen_require(` gen_require(`
attribute ttynode; attribute ttynode;
class chr_file setattr;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -819,7 +796,6 @@ interface(`term_setattr_all_user_ttys',`
interface(`term_relabel_all_user_ttys',` interface(`term_relabel_all_user_ttys',`
gen_require(` gen_require(`
attribute ttynode; attribute ttynode;
class chr_file { relabelfrom relabelto };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -837,7 +813,6 @@ interface(`term_relabel_all_user_ttys',`
interface(`term_write_all_user_ttys',` interface(`term_write_all_user_ttys',`
gen_require(` gen_require(`
attribute ttynode; attribute ttynode;
class chr_file { getattr write };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -873,7 +848,6 @@ interface(`term_use_all_user_ttys',`
interface(`term_dontaudit_use_all_user_ttys',` interface(`term_dontaudit_use_all_user_ttys',`
gen_require(` gen_require(`
attribute ttynode; attribute ttynode;
class chr_file { read write };
') ')
dontaudit $1 ttynode:chr_file { read write }; dontaudit $1 ttynode:chr_file { read write };

View File

@ -77,7 +77,6 @@ interface(`arpwatch_manage_tmp_files',`
interface(`arpwatch_dontaudit_rw_packet_socket',` interface(`arpwatch_dontaudit_rw_packet_socket',`
gen_require(` gen_require(`
type arpwatch_t; type arpwatch_t;
class packet_socket { read write };
') ')
dontaudit $1 arpwatch_t:packet_socket { read write }; dontaudit $1 arpwatch_t:packet_socket { read write };

View File

@ -313,9 +313,6 @@ template(`cron_admin_template',`
interface(`cron_system_entry',` interface(`cron_system_entry',`
gen_require(` gen_require(`
type crond_t, system_crond_t; type crond_t, system_crond_t;
class fd use;
class fifo_file rw_file_perms;
class process sigchld;
') ')
domain_auto_trans(system_crond_t, $2, $1) domain_auto_trans(system_crond_t, $2, $1)
@ -344,7 +341,6 @@ interface(`cron_system_entry',`
interface(`cron_use_fd',` interface(`cron_use_fd',`
gen_require(` gen_require(`
type crond_t; type crond_t;
class fd use;
') ')
allow $1 crond_t:fd use; allow $1 crond_t:fd use;
@ -361,7 +357,6 @@ interface(`cron_use_fd',`
interface(`cron_sigchld',` interface(`cron_sigchld',`
gen_require(` gen_require(`
type crond_t; type crond_t;
class process sigchld;
') ')
allow $1 crond_t:process sigchld; allow $1 crond_t:process sigchld;
@ -443,7 +438,6 @@ interface(`cron_crw_tcp_socket',`
interface(`cron_search_spool',` interface(`cron_search_spool',`
gen_require(` gen_require(`
type cron_spool_t; type cron_spool_t;
class dir search;
') ')
files_search_spool($1) files_search_spool($1)
@ -499,7 +493,6 @@ interface(`cron_use_system_job_fd',`
interface(`cron_write_system_job_pipe',` interface(`cron_write_system_job_pipe',`
gen_require(` gen_require(`
type system_crond_t; type system_crond_t;
class file write;
') ')
allow $1 system_crond_t:file write; allow $1 system_crond_t:file write;
@ -532,7 +525,6 @@ interface(`cron_rw_system_job_pipe',`
interface(`cron_read_system_job_tmp_files',` interface(`cron_read_system_job_tmp_files',`
gen_require(` gen_require(`
type system_crond_tmp_t; type system_crond_tmp_t;
class file r_file_perms;
') ')
files_search_tmp($1) files_search_tmp($1)

View File

@ -12,7 +12,6 @@
interface(`dhcpd_setattr_state_files',` interface(`dhcpd_setattr_state_files',`
gen_require(` gen_require(`
type dhcpd_state_t; type dhcpd_state_t;
class file setattr;
') ')
sysnet_search_dhcp_state($1) sysnet_search_dhcp_state($1)

View File

@ -12,7 +12,6 @@
interface(`dictd_use',` interface(`dictd_use',`
gen_require(` gen_require(`
type dictd_t; type dictd_t;
class tcp_socket { connectto acceptfrom recvfrom };
') ')
allow $1 dictd_t:tcp_socket { connectto recvfrom }; allow $1 dictd_t:tcp_socket { connectto recvfrom };

View File

@ -11,9 +11,6 @@
interface(`dovecot_manage_spool',` interface(`dovecot_manage_spool',`
gen_require(` gen_require(`
type dovecot_spool_t; type dovecot_spool_t;
class dir rw_dir_perms;
class file create_file_perms;
class lnk_file create_lnk_perms;
') ')
allow $1 dovecot_spool_t:dir rw_dir_perms; allow $1 dovecot_spool_t:dir rw_dir_perms;

View File

@ -24,9 +24,6 @@ interface(`inetd_core_service_domain',`
gen_require(` gen_require(`
type inetd_t; type inetd_t;
role system_r; role system_r;
class fd use;
class fifo_file rw_file_perms;
class process { sigchld sigkill };
') ')
domain_type($1) domain_type($1)
@ -92,7 +89,6 @@ interface(`inetd_tcp_service_domain',`
gen_require(` gen_require(`
type inetd_t; type inetd_t;
class tcp_socket rw_stream_socket_perms;
') ')
inetd_core_service_domain($1,$2) inetd_core_service_domain($1,$2)
@ -114,7 +110,6 @@ interface(`inetd_tcp_service_domain',`
interface(`inetd_udp_service_domain',` interface(`inetd_udp_service_domain',`
gen_require(` gen_require(`
type inetd_t; type inetd_t;
class udp_socket rw_socket_perms;
') ')
inetd_core_service_domain($1,$2) inetd_core_service_domain($1,$2)
@ -136,8 +131,6 @@ interface(`inetd_udp_service_domain',`
interface(`inetd_service_domain',` interface(`inetd_service_domain',`
gen_require(` gen_require(`
type inetd_t; type inetd_t;
class tcp_socket rw_stream_socket_perms;
class udp_socket rw_socket_perms;
') ')
inetd_core_service_domain($1,$2) inetd_core_service_domain($1,$2)
@ -157,7 +150,6 @@ interface(`inetd_service_domain',`
interface(`inetd_use_fd',` interface(`inetd_use_fd',`
gen_require(` gen_require(`
type inetd_t; type inetd_t;
class fd use;
') ')
allow $1 inetd_t:fd use; allow $1 inetd_t:fd use;
@ -174,7 +166,6 @@ interface(`inetd_use_fd',`
interface(`inetd_tcp_connect',` interface(`inetd_tcp_connect',`
gen_require(` gen_require(`
type inetd_t; type inetd_t;
class tcp_socket { connectto acceptfrom recvfrom };
') ')
allow $1 inetd_t:tcp_socket { connectto recvfrom }; allow $1 inetd_t:tcp_socket { connectto recvfrom };
@ -193,9 +184,6 @@ interface(`inetd_tcp_connect',`
interface(`inetd_domtrans_child',` interface(`inetd_domtrans_child',`
gen_require(` gen_require(`
type inetd_child_t, inetd_child_exec_t; type inetd_child_t, inetd_child_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)

View File

@ -45,7 +45,6 @@ interface(`inn_exec_config',`
interface(`inn_manage_log',` interface(`inn_manage_log',`
gen_require(` gen_require(`
type innd_log_t; type innd_log_t;
class file create_file_perms;
') ')
logging_rw_log_dir($1) logging_rw_log_dir($1)
@ -64,8 +63,6 @@ interface(`inn_manage_log',`
interface(`inn_manage_pid',` interface(`inn_manage_pid',`
gen_require(` gen_require(`
type innd_var_run_t; type innd_var_run_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
files_search_pids($1) files_search_pids($1)
@ -85,9 +82,6 @@ interface(`inn_manage_pid',`
interface(`inn_read_config',` interface(`inn_read_config',`
gen_require(` gen_require(`
type innd_etc_t; type innd_etc_t;
class dir { getattr read search };
class file { read getattr };
class lnk_file { getattr read };
') ')
allow $1 innd_etc_t:dir { getattr read search }; allow $1 innd_etc_t:dir { getattr read search };
@ -106,9 +100,6 @@ interface(`inn_read_config',`
interface(`inn_read_news_lib',` interface(`inn_read_news_lib',`
gen_require(` gen_require(`
type innd_var_lib_t; type innd_var_lib_t;
class dir { getattr read search };
class file { read getattr };
class lnk_file { getattr read };
') ')
allow $1 innd_var_lib_t:dir { getattr read search }; allow $1 innd_var_lib_t:dir { getattr read search };
@ -127,9 +118,6 @@ interface(`inn_read_news_lib',`
interface(`inn_read_news_spool',` interface(`inn_read_news_spool',`
gen_require(` gen_require(`
type news_spool_t; type news_spool_t;
class dir { getattr read search };
class file { read getattr };
class lnk_file { getattr read };
') ')
allow $1 news_spool_t:dir { getattr read search }; allow $1 news_spool_t:dir { getattr read search };
@ -148,7 +136,6 @@ interface(`inn_read_news_spool',`
interface(`inn_sendto_unix_dgram_socket',` interface(`inn_sendto_unix_dgram_socket',`
gen_require(` gen_require(`
type innd_t; type innd_t;
class unix_dgram_socket sendto;
') ')
allow $1 innd_t:unix_dgram_socket sendto; allow $1 innd_t:unix_dgram_socket sendto;

View File

@ -12,7 +12,6 @@
interface(`ldap_list_db_dir',` interface(`ldap_list_db_dir',`
gen_require(` gen_require(`
type slapd_db_t; type slapd_db_t;
class dir r_dir_perms;
') ')
allow $1 slapd_db_t:dir r_dir_perms; allow $1 slapd_db_t:dir r_dir_perms;
@ -29,7 +28,6 @@ interface(`ldap_list_db_dir',`
interface(`ldap_read_config',` interface(`ldap_read_config',`
gen_require(` gen_require(`
type slapd_etc_t; type slapd_etc_t;
class file { getattr read };
') ')
files_search_etc($1) files_search_etc($1)

View File

@ -492,7 +492,6 @@ interface(`mta_read_config',`
interface(`mta_read_aliases',` interface(`mta_read_aliases',`
gen_require(` gen_require(`
type etc_aliases_t; type etc_aliases_t;
class file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)
@ -523,7 +522,6 @@ interface(`mta_filetrans_etc_aliases',`
interface(`mta_rw_aliases',` interface(`mta_rw_aliases',`
gen_require(` gen_require(`
type etc_aliases_t; type etc_aliases_t;
class file { rw_file_perms setattr };
') ')
files_search_etc($1) files_search_etc($1)
@ -577,7 +575,6 @@ interface(`mta_tcp_connect_all_mailservers',`
interface(`mta_dontaudit_read_spool_symlink',` interface(`mta_dontaudit_read_spool_symlink',`
gen_require(` gen_require(`
type mail_spool_t; type mail_spool_t;
class lnk_file read;
') ')
dontaudit $1 mail_spool_t:lnk_file read; dontaudit $1 mail_spool_t:lnk_file read;
@ -590,9 +587,6 @@ interface(`mta_dontaudit_read_spool_symlink',`
interface(`mta_getattr_spool',` interface(`mta_getattr_spool',`
gen_require(` gen_require(`
type mail_spool_t; type mail_spool_t;
class dir r_dir_perms;
class file getattr;
class lnk_file read;
') ')
files_search_spool($1) files_search_spool($1)
@ -639,9 +633,6 @@ interface(`mta_filetrans_spool',`
interface(`mta_rw_spool',` interface(`mta_rw_spool',`
gen_require(` gen_require(`
type mail_spool_t; type mail_spool_t;
class dir r_dir_perms;
class lnk_file { getattr read };
class file { rw_file_perms setattr };
') ')
files_search_spool($1) files_search_spool($1)
@ -661,9 +652,6 @@ interface(`mta_rw_spool',`
interface(`mta_append_spool',` interface(`mta_append_spool',`
gen_require(` gen_require(`
type mail_spool_t; type mail_spool_t;
class dir ra_dir_perms;
class lnk_file { getattr read };
class file create_file_perms;
') ')
files_search_spool($1) files_search_spool($1)
@ -729,8 +717,6 @@ interface(`mta_dontaudit_rw_queue',`
interface(`mta_manage_queue',` interface(`mta_manage_queue',`
gen_require(` gen_require(`
type mqueue_spool_t; type mqueue_spool_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
files_search_spool($1) files_search_spool($1)

View File

@ -25,9 +25,6 @@ interface(`ntp_stub',`
interface(`ntp_domtrans',` interface(`ntp_domtrans',`
gen_require(` gen_require(`
type ntpd_t, ntpd_exec_t; type ntpd_t, ntpd_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -50,9 +47,6 @@ interface(`ntp_domtrans',`
interface(`ntp_domtrans_ntpdate',` interface(`ntp_domtrans_ntpdate',`
gen_require(` gen_require(`
type ntpd_t, ntpdate_exec_t; type ntpd_t, ntpdate_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)

View File

@ -11,9 +11,6 @@
interface(`portmap_domtrans_helper',` interface(`portmap_domtrans_helper',`
gen_require(` gen_require(`
type portmap_helper_t, portmap_helper_exec_t; type portmap_helper_t, portmap_helper_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_bin($1) corecmd_search_bin($1)
@ -44,7 +41,6 @@ interface(`portmap_domtrans_helper',`
interface(`portmap_run_helper',` interface(`portmap_run_helper',`
gen_require(` gen_require(`
type portmap_t, portmap_helper_t; type portmap_t, portmap_helper_t;
class chr_file { getattr read write ioctl };
') ')
portmap_domtrans_helper($1) portmap_domtrans_helper($1)
@ -71,7 +67,6 @@ interface(`portmap_run_helper',`
interface(`portmap_udp_sendto',` interface(`portmap_udp_sendto',`
gen_require(` gen_require(`
type portmap_t; type portmap_t;
class udp_socket { sendto recvfrom };
') ')
allow $1 portmap_t:udp_socket sendto; allow $1 portmap_t:udp_socket sendto;

View File

@ -11,9 +11,6 @@
interface(`rshd_domtrans',` interface(`rshd_domtrans',`
gen_require(` gen_require(`
type rshd_exec_t, rshd_t; type rshd_exec_t, rshd_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)

View File

@ -11,9 +11,6 @@
interface(`zebra_read_config',` interface(`zebra_read_config',`
gen_require(` gen_require(`
type zebra_conf_t; type zebra_conf_t;
class file r_file_perms;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)

View File

@ -210,9 +210,6 @@ interface(`auth_login_entry_type',`
interface(`auth_domtrans_login_program',` interface(`auth_domtrans_login_program',`
gen_require(` gen_require(`
type login_exec_t; type login_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_bin($1) corecmd_search_bin($1)
@ -235,10 +232,6 @@ interface(`auth_domtrans_login_program',`
interface(`auth_domtrans_chk_passwd',` interface(`auth_domtrans_chk_passwd',`
gen_require(` gen_require(`
type system_chkpwd_t, chkpwd_exec_t, shadow_t; type system_chkpwd_t, chkpwd_exec_t, shadow_t;
class process sigchld;
class udp_socket create_socket_perms;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -286,7 +279,6 @@ interface(`auth_domtrans_chk_passwd',`
interface(`auth_getattr_shadow',` interface(`auth_getattr_shadow',`
gen_require(` gen_require(`
type shadow_t; type shadow_t;
class file getattr;
') ')
files_search_etc($1) files_search_etc($1)
@ -305,7 +297,6 @@ interface(`auth_getattr_shadow',`
interface(`auth_dontaudit_getattr_shadow',` interface(`auth_dontaudit_getattr_shadow',`
gen_require(` gen_require(`
type shadow_t; type shadow_t;
class file getattr;
') ')
dontaudit $1 shadow_t:file getattr; dontaudit $1 shadow_t:file getattr;
@ -339,7 +330,6 @@ interface(`auth_can_read_shadow_passwords',`
interface(`auth_tunable_read_shadow',` interface(`auth_tunable_read_shadow',`
gen_require(` gen_require(`
type shadow_t; type shadow_t;
class file r_file_perms;
') ')
files_list_etc($1) files_list_etc($1)
@ -358,7 +348,6 @@ interface(`auth_tunable_read_shadow',`
interface(`auth_dontaudit_read_shadow',` interface(`auth_dontaudit_read_shadow',`
gen_require(` gen_require(`
type shadow_t; type shadow_t;
class file r_file_perms;
') ')
dontaudit $1 shadow_t:file { getattr read }; dontaudit $1 shadow_t:file { getattr read };
@ -376,7 +365,6 @@ interface(`auth_rw_shadow',`
gen_require(` gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords; attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t; type shadow_t;
class file rw_file_perms;
') ')
files_list_etc($1) files_list_etc($1)
@ -392,7 +380,6 @@ interface(`auth_manage_shadow',`
gen_require(` gen_require(`
attribute can_read_shadow_passwords, can_write_shadow_passwords; attribute can_read_shadow_passwords, can_write_shadow_passwords;
type shadow_t; type shadow_t;
class file create_file_perms;
') ')
allow $1 shadow_t:file create_file_perms; allow $1 shadow_t:file create_file_perms;
@ -452,7 +439,6 @@ interface(`auth_relabel_shadow',`
interface(`auth_append_faillog',` interface(`auth_append_faillog',`
gen_require(` gen_require(`
type faillog_t; type faillog_t;
class file { getattr append };
') ')
logging_search_logs($1) logging_search_logs($1)
@ -466,7 +452,6 @@ interface(`auth_append_faillog',`
interface(`auth_rw_faillog',` interface(`auth_rw_faillog',`
gen_require(` gen_require(`
type faillog_t; type faillog_t;
class file rw_file_perms;
') ')
logging_search_logs($1) logging_search_logs($1)
@ -562,7 +547,6 @@ interface(`auth_domtrans_pam',`
interface(`auth_run_pam',` interface(`auth_run_pam',`
gen_require(` gen_require(`
type pam_t; type pam_t;
class chr_file rw_file_perms;
') ')
auth_domtrans_pam($1) auth_domtrans_pam($1)
@ -648,8 +632,6 @@ interface(`auth_dontaudit_read_pam_pid',`
interface(`auth_delete_pam_pid',` interface(`auth_delete_pam_pid',`
gen_require(` gen_require(`
type pam_var_run_t; type pam_var_run_t;
class dir { getattr search read write remove_name };
class file { getattr unlink };
') ')
files_search_var($1) files_search_var($1)
@ -683,9 +665,6 @@ interface(`auth_manage_pam_pid',`
interface(`auth_domtrans_pam_console',` interface(`auth_domtrans_pam_console',`
gen_require(` gen_require(`
type pam_console_t, pam_console_exec_t; type pam_console_t, pam_console_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,pam_console_exec_t,pam_console_t) domain_auto_trans($1,pam_console_exec_t,pam_console_t)
@ -736,8 +715,6 @@ interface(`auth_list_pam_console_data',`
interface(`auth_read_pam_console_data',` interface(`auth_read_pam_console_data',`
gen_require(` gen_require(`
type pam_var_console_t; type pam_var_console_t;
class dir r_dir_perms;
class file r_file_perms;
') ')
files_search_var($1) files_search_var($1)
@ -753,9 +730,6 @@ interface(`auth_read_pam_console_data',`
interface(`auth_manage_pam_console_data',` interface(`auth_manage_pam_console_data',`
gen_require(` gen_require(`
type pam_var_console_t; type pam_var_console_t;
class dir rw_dir_perms;
class file create_file_perms;
class lnk_file create_lnk_perms;
') ')
files_search_var($1) files_search_var($1)
@ -902,9 +876,6 @@ interface(`auth_manage_all_files_except_shadow',`
interface(`auth_domtrans_utempter',` interface(`auth_domtrans_utempter',`
gen_require(` gen_require(`
type utempter_t, utempter_exec_t; type utempter_t, utempter_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,utempter_exec_t,utempter_t) domain_auto_trans($1,utempter_exec_t,utempter_t)
@ -932,7 +903,6 @@ interface(`auth_domtrans_utempter',`
interface(`auth_run_utempter',` interface(`auth_run_utempter',`
gen_require(` gen_require(`
type utempter_t; type utempter_t;
class chr_file rw_file_perms;
') ')
auth_domtrans_utempter($1) auth_domtrans_utempter($1)
@ -976,7 +946,6 @@ interface(`auth_setattr_login_records',`
interface(`auth_read_login_records',` interface(`auth_read_login_records',`
gen_require(` gen_require(`
type wtmp_t; type wtmp_t;
class file r_file_perms;
') ')
logging_search_logs($1) logging_search_logs($1)
@ -990,7 +959,6 @@ interface(`auth_read_login_records',`
interface(`auth_dontaudit_write_login_records',` interface(`auth_dontaudit_write_login_records',`
gen_require(` gen_require(`
type wtmp_t; type wtmp_t;
class file write;
') ')
dontaudit $1 wtmp_t:file write; dontaudit $1 wtmp_t:file write;
@ -1035,7 +1003,6 @@ interface(`auth_write_login_records',`
interface(`auth_rw_login_records',` interface(`auth_rw_login_records',`
gen_require(` gen_require(`
type wtmp_t; type wtmp_t;
class file rw_file_perms;
') ')
allow $1 wtmp_t:file rw_file_perms; allow $1 wtmp_t:file rw_file_perms;
@ -1061,7 +1028,6 @@ interface(`auth_filetrans_login_records',`
interface(`auth_manage_login_records',` interface(`auth_manage_login_records',`
gen_require(` gen_require(`
type wtmp_t; type wtmp_t;
class file create_file_perms;
') ')
logging_rw_log_dir($1) logging_rw_log_dir($1)

View File

@ -11,8 +11,6 @@
interface(`clock_domtrans',` interface(`clock_domtrans',`
gen_require(` gen_require(`
type hwclock_t, hwclock_exec_t; type hwclock_t, hwclock_exec_t;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,hwclock_exec_t,hwclock_t) domain_auto_trans($1,hwclock_exec_t,hwclock_t)
@ -41,7 +39,6 @@ interface(`clock_domtrans',`
interface(`clock_run',` interface(`clock_run',`
gen_require(` gen_require(`
type hwclock_t; type hwclock_t;
class chr_file { getattr read write ioctl };
') ')
clock_domtrans($1) clock_domtrans($1)
@ -76,7 +73,6 @@ interface(`clock_exec',`
interface(`clock_rw_adjtime',` interface(`clock_rw_adjtime',`
gen_require(` gen_require(`
type adjtime_t; type adjtime_t;
class file rw_file_perms;
') ')
allow $1 adjtime_t:file rw_file_perms; allow $1 adjtime_t:file rw_file_perms;

View File

@ -11,8 +11,6 @@
interface(`fstools_domtrans',` interface(`fstools_domtrans',`
gen_require(` gen_require(`
type fsadm_t, fsadm_exec_t; type fsadm_t, fsadm_exec_t;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -42,7 +40,6 @@ interface(`fstools_domtrans',`
interface(`fstools_run',` interface(`fstools_run',`
gen_require(` gen_require(`
type fsadm_t; type fsadm_t;
class chr_file { getattr read write ioctl };
') ')
fstools_domtrans($1) fstools_domtrans($1)
@ -95,7 +92,6 @@ interface(`fstools_relabelto_entry_files',`
interface(`fstools_manage_entry_files',` interface(`fstools_manage_entry_files',`
gen_require(` gen_require(`
type fsadm_exec_t; type fsadm_exec_t;
class file create_file_perms;
') ')
allow $1 fsadm_exec_t:file create_file_perms; allow $1 fsadm_exec_t:file create_file_perms;

View File

@ -11,9 +11,6 @@
interface(`hostname_domtrans',` interface(`hostname_domtrans',`
gen_require(` gen_require(`
type hostname_t, hostname_exec_t; type hostname_t, hostname_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_bin($1) corecmd_search_bin($1)
@ -43,7 +40,6 @@ interface(`hostname_domtrans',`
interface(`hostname_run',` interface(`hostname_run',`
gen_require(` gen_require(`
type hostname_t; type hostname_t;
class chr_file { getattr read write ioctl };
') ')
hostname_domtrans($1) hostname_domtrans($1)

View File

@ -10,9 +10,6 @@
interface(`hotplug_domtrans',` interface(`hotplug_domtrans',`
gen_require(` gen_require(`
type hotplug_t, hotplug_exec_t; type hotplug_t, hotplug_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -44,7 +41,6 @@ interface(`hotplug_exec',`
interface(`hotplug_use_fd',` interface(`hotplug_use_fd',`
gen_require(` gen_require(`
type hotplug_t; type hotplug_t;
class fd use;
') ')
allow $1 hotplug_t:fd use; allow $1 hotplug_t:fd use;
@ -57,7 +53,6 @@ interface(`hotplug_use_fd',`
interface(`hotplug_dontaudit_use_fd',` interface(`hotplug_dontaudit_use_fd',`
gen_require(` gen_require(`
type hotplug_t; type hotplug_t;
class fd use;
') ')
dontaudit $1 hotplug_t:fd use; dontaudit $1 hotplug_t:fd use;
@ -70,7 +65,6 @@ interface(`hotplug_dontaudit_use_fd',`
interface(`hotplug_dontaudit_search_config',` interface(`hotplug_dontaudit_search_config',`
gen_require(` gen_require(`
type hotplug_etc_t; type hotplug_etc_t;
class dir search;
') ')
dontaudit $1 hotplug_etc_t:dir search; dontaudit $1 hotplug_etc_t:dir search;
@ -87,7 +81,6 @@ interface(`hotplug_dontaudit_search_config',`
interface(`hotplug_getattr_config_dir',` interface(`hotplug_getattr_config_dir',`
gen_require(` gen_require(`
type hotplug_etc_t; type hotplug_etc_t;
class dir getattr;
') ')
allow $1 hotplug_etc_t:dir getattr; allow $1 hotplug_etc_t:dir getattr;
@ -104,7 +97,6 @@ interface(`hotplug_getattr_config_dir',`
interface(`hotplug_search_config',` interface(`hotplug_search_config',`
gen_require(` gen_require(`
type hotplug_etc_t; type hotplug_etc_t;
class dir { getattr search };
') ')
allow $1 hotplug_etc_t:dir { getattr search }; allow $1 hotplug_etc_t:dir { getattr search };
@ -121,9 +113,6 @@ interface(`hotplug_search_config',`
interface(`hotplug_read_config',` interface(`hotplug_read_config',`
gen_require(` gen_require(`
type hotplug_etc_t; type hotplug_etc_t;
class file r_file_perms;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)

View File

@ -15,9 +15,6 @@ interface(`init_domain',`
gen_require(` gen_require(`
type init_t; type init_t;
role system_r; role system_r;
class fd use;
class fifo_file rw_file_perms;
class process sigchld;
') ')
domain_type($1) domain_type($1)
@ -125,9 +122,6 @@ interface(`init_system_domain',`
gen_require(` gen_require(`
type initrc_t; type initrc_t;
role system_r; role system_r;
class fd use;
class fifo_file rw_file_perms;
class process sigchld;
') ')
domain_type($1) domain_type($1)
@ -150,9 +144,6 @@ interface(`init_system_domain',`
interface(`init_domtrans',` interface(`init_domtrans',`
gen_require(` gen_require(`
type init_t, init_exec_t; type init_t, init_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,init_exec_t,init_t) domain_auto_trans($1,init_exec_t,init_t)
@ -187,7 +178,6 @@ interface(`init_exec',`
interface(`init_get_process_group',` interface(`init_get_process_group',`
gen_require(` gen_require(`
type init_t; type init_t;
class process getpgid;
') ')
allow $1 init_t:process getpgid; allow $1 init_t:process getpgid;
@ -200,7 +190,6 @@ interface(`init_get_process_group',`
interface(`init_getattr_initctl',` interface(`init_getattr_initctl',`
gen_require(` gen_require(`
type initctl_t; type initctl_t;
class fifo_file getattr;
') ')
allow $1 initctl_t:fifo_file getattr; allow $1 initctl_t:fifo_file getattr;
@ -213,7 +202,6 @@ interface(`init_getattr_initctl',`
interface(`init_dontaudit_getattr_initctl',` interface(`init_dontaudit_getattr_initctl',`
gen_require(` gen_require(`
type initctl_t; type initctl_t;
class fifo_file getattr;
') ')
dontaudit $1 initctl_t:fifo_file getattr; dontaudit $1 initctl_t:fifo_file getattr;
@ -226,7 +214,6 @@ interface(`init_dontaudit_getattr_initctl',`
interface(`init_write_initctl',` interface(`init_write_initctl',`
gen_require(` gen_require(`
type initctl_t; type initctl_t;
class fifo_file write;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -240,7 +227,6 @@ interface(`init_write_initctl',`
interface(`init_use_initctl',` interface(`init_use_initctl',`
gen_require(` gen_require(`
type initctl_t; type initctl_t;
class fifo_file rw_file_perms;
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -254,7 +240,6 @@ interface(`init_use_initctl',`
interface(`init_dontaudit_use_initctl',` interface(`init_dontaudit_use_initctl',`
gen_require(` gen_require(`
type initctl_t; type initctl_t;
class fifo_file { read write };
') ')
dontaudit $1 initctl_t:fifo_file { read write }; dontaudit $1 initctl_t:fifo_file { read write };
@ -271,7 +256,6 @@ interface(`init_dontaudit_use_initctl',`
interface(`init_signull',` interface(`init_signull',`
gen_require(` gen_require(`
type init_t; type init_t;
class process signull;
') ')
allow $1 init_t:process signull; allow $1 init_t:process signull;
@ -288,7 +272,6 @@ interface(`init_signull',`
interface(`init_sigchld',` interface(`init_sigchld',`
gen_require(` gen_require(`
type init_t; type init_t;
class process sigchld;
') ')
allow $1 init_t:process sigchld; allow $1 init_t:process sigchld;
@ -301,7 +284,6 @@ interface(`init_sigchld',`
interface(`init_use_fd',` interface(`init_use_fd',`
gen_require(` gen_require(`
type init_t; type init_t;
class fd use;
') ')
allow $1 init_t:fd use; allow $1 init_t:fd use;
@ -314,7 +296,6 @@ interface(`init_use_fd',`
interface(`init_dontaudit_use_fd',` interface(`init_dontaudit_use_fd',`
gen_require(` gen_require(`
type init_t; type init_t;
class fd use;
') ')
dontaudit $1 init_t:fd use; dontaudit $1 init_t:fd use;
@ -331,7 +312,6 @@ interface(`init_dontaudit_use_fd',`
interface(`init_udp_sendto',` interface(`init_udp_sendto',`
gen_require(` gen_require(`
type init_t; type init_t;
class udp_socket { sendto recvfrom };
') ')
allow $1 init_t:udp_socket sendto; allow $1 init_t:udp_socket sendto;
@ -381,7 +361,6 @@ interface(`init_run_daemon',`
gen_require(` gen_require(`
attribute direct_run_init, direct_init, direct_init_entry; attribute direct_run_init, direct_init, direct_init_entry;
role system_r; role system_r;
class chr_file rw_file_perms;
') ')
typeattribute $1 direct_run_init; typeattribute $1 direct_run_init;
@ -433,7 +412,6 @@ interface(`init_getattr_script_entry_file',`
interface(`init_read_script',` interface(`init_read_script',`
gen_require(` gen_require(`
type initrc_exec_t; type initrc_exec_t;
class file { getattr read };
') ')
files_list_etc($1) files_list_etc($1)
@ -464,10 +442,6 @@ interface(`init_exec_script',`
interface(`init_read_script_process_state',` interface(`init_read_script_process_state',`
gen_require(` gen_require(`
type initrc_t; type initrc_t;
class dir r_dir_perms;
class file r_file_perms;
class lnk_file r_file_perms;
class process { getattr ptrace };
') ')
#FIXME: search proc dir #FIXME: search proc dir
@ -489,7 +463,6 @@ interface(`init_read_script_process_state',`
interface(`init_use_script_fd',` interface(`init_use_script_fd',`
gen_require(` gen_require(`
type initrc_t; type initrc_t;
class fd use;
') ')
allow $1 initrc_t:fd use; allow $1 initrc_t:fd use;
@ -502,7 +475,6 @@ interface(`init_use_script_fd',`
interface(`init_dontaudit_use_script_fd',` interface(`init_dontaudit_use_script_fd',`
gen_require(` gen_require(`
type initrc_t; type initrc_t;
class fd use;
') ')
dontaudit $1 initrc_t:fd use; dontaudit $1 initrc_t:fd use;
@ -515,7 +487,6 @@ interface(`init_dontaudit_use_script_fd',`
interface(`init_get_script_process_group',` interface(`init_get_script_process_group',`
gen_require(` gen_require(`
type initrc_t; type initrc_t;
class process getpgid;
') ')
allow $1 initrc_t:process getpgid; allow $1 initrc_t:process getpgid;
@ -580,7 +551,6 @@ interface(`init_signull_script',`
interface(`init_rw_script_pipe',` interface(`init_rw_script_pipe',`
gen_require(` gen_require(`
type initrc_t; type initrc_t;
class chr_file { read write };
') ')
allow $1 initrc_t:fifo_file { read write }; allow $1 initrc_t:fifo_file { read write };
@ -597,7 +567,6 @@ interface(`init_rw_script_pipe',`
interface(`init_udp_sendto_script',` interface(`init_udp_sendto_script',`
gen_require(` gen_require(`
type initrc_t; type initrc_t;
class udp_socket { sendto recvfrom };
') ')
allow $1 initrc_t:udp_socket sendto; allow $1 initrc_t:udp_socket sendto;
@ -711,7 +680,6 @@ interface(`init_dontaudit_use_script_pty',`
interface(`init_read_script_file',` interface(`init_read_script_file',`
gen_require(` gen_require(`
type initrc_exec_t; type initrc_exec_t;
class file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)
@ -777,7 +745,6 @@ interface(`init_filetrans_script_tmp',`
interface(`init_getattr_utmp',` interface(`init_getattr_utmp',`
gen_require(` gen_require(`
type initrc_var_run_t; type initrc_var_run_t;
class file getattr;
') ')
allow $1 initrc_var_run_t:file getattr; allow $1 initrc_var_run_t:file getattr;
@ -790,7 +757,6 @@ interface(`init_getattr_utmp',`
interface(`init_read_utmp',` interface(`init_read_utmp',`
gen_require(` gen_require(`
type initrc_var_run_t; type initrc_var_run_t;
class file r_file_perms;
') ')
files_list_pids($1) files_list_pids($1)
@ -804,7 +770,6 @@ interface(`init_read_utmp',`
interface(`init_dontaudit_write_utmp',` interface(`init_dontaudit_write_utmp',`
gen_require(` gen_require(`
type initrc_var_run_t; type initrc_var_run_t;
class file { write lock };
') ')
dontaudit $1 initrc_var_run_t:file { write lock }; dontaudit $1 initrc_var_run_t:file { write lock };
@ -834,7 +799,6 @@ interface(`init_dontaudit_lock_utmp',`
interface(`init_rw_utmp',` interface(`init_rw_utmp',`
gen_require(` gen_require(`
type initrc_var_run_t; type initrc_var_run_t;
class file rw_file_perms;
') ')
files_list_pids($1) files_list_pids($1)
@ -848,7 +812,6 @@ interface(`init_rw_utmp',`
interface(`init_dontaudit_rw_utmp',` interface(`init_dontaudit_rw_utmp',`
gen_require(` gen_require(`
type initrc_var_run_t; type initrc_var_run_t;
class file rw_file_perms;
') ')
dontaudit $1 initrc_var_run_t:file { getattr read write append }; dontaudit $1 initrc_var_run_t:file { getattr read write append };

View File

@ -11,9 +11,6 @@
interface(`ipsec_domtrans',` interface(`ipsec_domtrans',`
gen_require(` gen_require(`
type ipsec_t, ipsec_exec_t; type ipsec_t, ipsec_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,ipsec_exec_t,ipsec_t) domain_auto_trans($1,ipsec_exec_t,ipsec_t)
@ -35,9 +32,6 @@ interface(`ipsec_domtrans',`
interface(`ipsec_stream_connect',` interface(`ipsec_stream_connect',`
gen_require(` gen_require(`
type ipsec_t, ipsec_var_run_t; type ipsec_t, ipsec_var_run_t;
class dir search;
class sock_file write;
class unix_stream_socket connectto;
') ')
files_search_pids($1) files_search_pids($1)
@ -57,7 +51,6 @@ interface(`ipsec_stream_connect',`
interface(`ipsec_getattr_key_socket',` interface(`ipsec_getattr_key_socket',`
gen_require(` gen_require(`
type ipsec_t; type ipsec_t;
class key_socket getattr;
') ')
allow $1 ipsec_t:key_socket getattr; allow $1 ipsec_t:key_socket getattr;
@ -90,7 +83,6 @@ interface(`ipsec_exec_mgmt',`
interface(`ipsec_read_config',` interface(`ipsec_read_config',`
gen_require(` gen_require(`
type ipsec_conf_file_t; type ipsec_conf_file_t;
class file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)
@ -108,8 +100,6 @@ interface(`ipsec_read_config',`
interface(`ipsec_manage_pid',` interface(`ipsec_manage_pid',`
gen_require(` gen_require(`
type ipsec_var_run_t; type ipsec_var_run_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
files_search_pids($1) files_search_pids($1)

View File

@ -39,7 +39,6 @@ interface(`libs_domtrans_ldconfig',`
interface(`libs_run_ldconfig',` interface(`libs_run_ldconfig',`
gen_require(` gen_require(`
type ldconfig_t; type ldconfig_t;
class chr_file rw_term_perms;
') ')
libs_domtrans_ldconfig($1) libs_domtrans_ldconfig($1)
@ -59,9 +58,6 @@ interface(`libs_run_ldconfig',`
interface(`libs_use_ld_so',` interface(`libs_use_ld_so',`
gen_require(` gen_require(`
type lib_t, ld_so_t, ld_so_cache_t; type lib_t, ld_so_t, ld_so_cache_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
class file rx_file_perms;
') ')
files_list_etc($1) files_list_etc($1)
@ -84,7 +80,6 @@ interface(`libs_use_ld_so',`
interface(`libs_legacy_use_ld_so',` interface(`libs_legacy_use_ld_so',`
gen_require(` gen_require(`
type ld_so_t, ld_so_cache_t; type ld_so_t, ld_so_cache_t;
class file { execute execmod };
') ')
libs_use_ld_so($1) libs_use_ld_so($1)
@ -103,8 +98,6 @@ interface(`libs_legacy_use_ld_so',`
interface(`libs_exec_ld_so',` interface(`libs_exec_ld_so',`
gen_require(` gen_require(`
type lib_t, ld_so_t; type lib_t, ld_so_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
allow $1 lib_t:dir r_dir_perms; allow $1 lib_t:dir r_dir_perms;
@ -163,7 +156,6 @@ interface(`libs_relabel_ld_so',`
interface(`libs_rw_ld_so_cache',` interface(`libs_rw_ld_so_cache',`
gen_require(` gen_require(`
type ld_so_cache_t; type ld_so_cache_t;
class file rw_file_perms;
') ')
files_list_etc($1) files_list_etc($1)
@ -181,7 +173,6 @@ interface(`libs_rw_ld_so_cache',`
interface(`libs_search_lib',` interface(`libs_search_lib',`
gen_require(` gen_require(`
type lib_t; type lib_t;
class dir search;
') ')
allow $1 lib_t:dir search; allow $1 lib_t:dir search;
@ -199,9 +190,6 @@ interface(`libs_search_lib',`
interface(`libs_read_lib',` interface(`libs_read_lib',`
gen_require(` gen_require(`
type lib_t; type lib_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
class file r_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -220,8 +208,6 @@ interface(`libs_read_lib',`
interface(`libs_exec_lib_files',` interface(`libs_exec_lib_files',`
gen_require(` gen_require(`
type lib_t; type lib_t;
class dir r_dir_perms;
class lnk_file r_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -280,7 +266,6 @@ interface(`libs_manage_lib_files',`
interface(`libs_relabelto_lib_files',` interface(`libs_relabelto_lib_files',`
gen_require(` gen_require(`
type lib_t; type lib_t;
class file relabelto;
') ')
allow $1 lib_t:dir search_dir_perms; allow $1 lib_t:dir search_dir_perms;
@ -357,7 +342,6 @@ interface(`libs_use_shared_libs',`
interface(`libs_legacy_use_shared_libs',` interface(`libs_legacy_use_shared_libs',`
gen_require(` gen_require(`
type shlib_t, textrel_shlib_t; type shlib_t, textrel_shlib_t;
class file execmod;
') ')
libs_use_shared_libs($1) libs_use_shared_libs($1)

View File

@ -27,7 +27,6 @@ interface(`locallogin_domtrans',`
interface(`locallogin_use_fd',` interface(`locallogin_use_fd',`
gen_require(` gen_require(`
type local_login_t; type local_login_t;
class fd use;
') ')
allow $1 local_login_t:fd use; allow $1 local_login_t:fd use;
@ -44,7 +43,6 @@ interface(`locallogin_use_fd',`
interface(`locallogin_dontaudit_use_fd',` interface(`locallogin_dontaudit_use_fd',`
gen_require(` gen_require(`
type local_login_t; type local_login_t;
class fd use;
') ')
dontaudit $1 local_login_t:fd use; dontaudit $1 local_login_t:fd use;
@ -61,7 +59,6 @@ interface(`locallogin_dontaudit_use_fd',`
interface(`locallogin_signull',` interface(`locallogin_signull',`
gen_require(` gen_require(`
type local_login_t; type local_login_t;
class process signull;
') ')
allow $1 local_login_t:process signull; allow $1 local_login_t:process signull;

View File

@ -70,9 +70,6 @@ interface(`logging_domtrans_auditctl',`
interface(`logging_domtrans_syslog',` interface(`logging_domtrans_syslog',`
gen_require(` gen_require(`
type syslogd_t, syslogd_exec_t; type syslogd_t, syslogd_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -91,7 +88,6 @@ interface(`logging_domtrans_syslog',`
interface(`logging_filetrans_log',` interface(`logging_filetrans_log',`
gen_require(` gen_require(`
type var_log_t; type var_log_t;
class dir rw_dir_perms;
') ')
allow $1 var_log_t:dir rw_dir_perms; allow $1 var_log_t:dir rw_dir_perms;
@ -110,10 +106,6 @@ interface(`logging_filetrans_log',`
interface(`logging_send_syslog_msg',` interface(`logging_send_syslog_msg',`
gen_require(` gen_require(`
type syslogd_t, devlog_t; type syslogd_t, devlog_t;
class lnk_file read;
class sock_file rw_file_perms;
class unix_dgram_socket { create_socket_perms sendto };
class unix_stream_socket { create_socket_perms connectto };
') ')
allow $1 devlog_t:lnk_file read; allow $1 devlog_t:lnk_file read;
@ -140,7 +132,6 @@ interface(`logging_send_syslog_msg',`
interface(`logging_read_auditd_config',` interface(`logging_read_auditd_config',`
gen_require(` gen_require(`
type auditd_etc_t; type auditd_etc_t;
class file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)
@ -160,7 +151,6 @@ interface(`logging_read_auditd_config',`
interface(`logging_search_logs',` interface(`logging_search_logs',`
gen_require(` gen_require(`
type var_log_t; type var_log_t;
class dir search;
') ')
files_search_var($1) files_search_var($1)
@ -195,7 +185,6 @@ interface(`logging_list_logs',`
interface(`logging_rw_log_dir',` interface(`logging_rw_log_dir',`
gen_require(` gen_require(`
type var_log_t; type var_log_t;
class dir rw_dir_perms;
') ')
files_search_var($1) files_search_var($1)
@ -209,7 +198,6 @@ interface(`logging_rw_log_dir',`
interface(`logging_dontaudit_getattr_all_logs',` interface(`logging_dontaudit_getattr_all_logs',`
gen_require(` gen_require(`
attribute logfile; attribute logfile;
class file getattr;
') ')
dontaudit $1 logfile:file getattr; dontaudit $1 logfile:file getattr;
@ -223,8 +211,6 @@ interface(`logging_append_all_logs',`
gen_require(` gen_require(`
attribute logfile; attribute logfile;
type var_log_t; type var_log_t;
class dir r_dir_perms;
class file { getattr append };
') ')
files_search_var($1) files_search_var($1)
@ -240,8 +226,6 @@ interface(`logging_read_all_logs',`
gen_require(` gen_require(`
attribute logfile; attribute logfile;
type var_log_t; type var_log_t;
class dir r_dir_perms;
class file r_file_perms;
') ')
files_search_var($1) files_search_var($1)
@ -262,7 +246,6 @@ interface(`logging_read_all_logs',`
interface(`logging_exec_all_logs',` interface(`logging_exec_all_logs',`
gen_require(` gen_require(`
attribute logfile; attribute logfile;
class dir r_dir_perms;
') ')
files_search_var($1) files_search_var($1)
@ -277,8 +260,6 @@ interface(`logging_exec_all_logs',`
interface(`logging_manage_all_logs',` interface(`logging_manage_all_logs',`
gen_require(` gen_require(`
attribute logfile; attribute logfile;
class dir rw_dir_perms;
class file create_file_perms;
') ')
files_search_var($1) files_search_var($1)
@ -294,8 +275,6 @@ interface(`logging_manage_all_logs',`
interface(`logging_read_generic_logs',` interface(`logging_read_generic_logs',`
gen_require(` gen_require(`
type var_log_t; type var_log_t;
class dir r_dir_perms;
class file r_file_perms;
') ')
files_search_var($1) files_search_var($1)
@ -310,8 +289,6 @@ interface(`logging_read_generic_logs',`
interface(`logging_write_generic_logs',` interface(`logging_write_generic_logs',`
gen_require(` gen_require(`
type var_log_t; type var_log_t;
class dir r_dir_perms;
class file { getattr write };
') ')
files_search_var($1) files_search_var($1)
@ -330,8 +307,6 @@ interface(`logging_write_generic_logs',`
interface(`logging_rw_generic_logs',` interface(`logging_rw_generic_logs',`
gen_require(` gen_require(`
type var_log_t; type var_log_t;
class dir r_dir_perms;
class file rw_file_perms;
') ')
files_search_var($1) files_search_var($1)
@ -351,8 +326,6 @@ interface(`logging_rw_generic_logs',`
interface(`logging_manage_generic_logs',` interface(`logging_manage_generic_logs',`
gen_require(` gen_require(`
type var_log_t; type var_log_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
files_search_var($1) files_search_var($1)

View File

@ -11,9 +11,6 @@
interface(`mount_domtrans',` interface(`mount_domtrans',`
gen_require(` gen_require(`
type mount_t, mount_exec_t; type mount_t, mount_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,mount_exec_t,mount_t) domain_auto_trans($1,mount_exec_t,mount_t)
@ -43,7 +40,6 @@ interface(`mount_domtrans',`
interface(`mount_run',` interface(`mount_run',`
gen_require(` gen_require(`
type mount_t; type mount_t;
class chr_file rw_file_perms;
') ')
mount_domtrans($1) mount_domtrans($1)
@ -81,7 +77,6 @@ interface(`mount_exec',`
interface(`mount_use_fd',` interface(`mount_use_fd',`
gen_require(` gen_require(`
type mount_t; type mount_t;
class fd use;
') ')
allow $1 mount_t:fd use; allow $1 mount_t:fd use;
@ -99,7 +94,6 @@ interface(`mount_use_fd',`
interface(`mount_send_nfs_client_request',` interface(`mount_send_nfs_client_request',`
gen_require(` gen_require(`
type mount_t; type mount_t;
class udp_socket rw_socket_perms;
') ')
allow $1 mount_t:udp_socket rw_socket_perms; allow $1 mount_t:udp_socket rw_socket_perms;

View File

@ -11,9 +11,6 @@
interface(`raid_domtrans_mdadm',` interface(`raid_domtrans_mdadm',`
gen_require(` gen_require(`
type mdadm_t, mdadm_exec_t; type mdadm_t, mdadm_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -44,7 +41,6 @@ interface(`raid_domtrans_mdadm',`
interface(`raid_manage_mdadm_pid',` interface(`raid_manage_mdadm_pid',`
gen_require(` gen_require(`
type mdadm_var_run_t; type mdadm_var_run_t;
class file create_file_perms;
') ')
# FIXME: maybe should have a type_transition. not # FIXME: maybe should have a type_transition. not

View File

@ -11,9 +11,6 @@
interface(`seutil_domtrans_checkpol',` interface(`seutil_domtrans_checkpol',`
gen_require(` gen_require(`
type checkpolicy_t, checkpolicy_exec_t; type checkpolicy_t, checkpolicy_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -45,7 +42,6 @@ interface(`seutil_domtrans_checkpol',`
interface(`seutil_run_checkpol',` interface(`seutil_run_checkpol',`
gen_require(` gen_require(`
type checkpolicy_t; type checkpolicy_t;
class chr_file rw_term_perms;
') ')
seutil_domtrans_checkpol($1) seutil_domtrans_checkpol($1)
@ -78,9 +74,6 @@ interface(`seutil_exec_checkpol',`
interface(`seutil_domtrans_loadpol',` interface(`seutil_domtrans_loadpol',`
gen_require(` gen_require(`
type load_policy_t, load_policy_exec_t; type load_policy_t, load_policy_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -112,7 +105,6 @@ interface(`seutil_domtrans_loadpol',`
interface(`seutil_run_loadpol',` interface(`seutil_run_loadpol',`
gen_require(` gen_require(`
type load_policy_t; type load_policy_t;
class chr_file rw_term_perms;
') ')
seutil_domtrans_loadpol($1) seutil_domtrans_loadpol($1)
@ -140,7 +132,6 @@ interface(`seutil_exec_loadpol',`
interface(`seutil_read_loadpol',` interface(`seutil_read_loadpol',`
gen_require(` gen_require(`
type load_policy_exec_t; type load_policy_exec_t;
class file r_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -158,9 +149,6 @@ interface(`seutil_read_loadpol',`
interface(`seutil_domtrans_newrole',` interface(`seutil_domtrans_newrole',`
gen_require(` gen_require(`
type newrole_t, newrole_exec_t; type newrole_t, newrole_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -192,7 +180,6 @@ interface(`seutil_domtrans_newrole',`
interface(`seutil_run_newrole',` interface(`seutil_run_newrole',`
gen_require(` gen_require(`
type newrole_t; type newrole_t;
class chr_file rw_term_perms;
') ')
seutil_domtrans_newrole($1) seutil_domtrans_newrole($1)
@ -226,7 +213,6 @@ interface(`seutil_exec_newrole',`
interface(`seutil_dontaudit_signal_newrole',` interface(`seutil_dontaudit_signal_newrole',`
gen_require(` gen_require(`
type newrole_t; type newrole_t;
class process signal;
') ')
dontaudit $1 newrole_t:process signal; dontaudit $1 newrole_t:process signal;
@ -239,7 +225,6 @@ interface(`seutil_dontaudit_signal_newrole',`
interface(`seutil_sigchld_newrole',` interface(`seutil_sigchld_newrole',`
gen_require(` gen_require(`
type newrole_t; type newrole_t;
class process sigchld;
') ')
allow $1 newrole_t:process sigchld; allow $1 newrole_t:process sigchld;
@ -252,7 +237,6 @@ interface(`seutil_sigchld_newrole',`
interface(`seutil_use_newrole_fd',` interface(`seutil_use_newrole_fd',`
gen_require(` gen_require(`
type newrole_t; type newrole_t;
class fd use;
') ')
allow $1 newrole_t:fd use; allow $1 newrole_t:fd use;
@ -269,9 +253,6 @@ interface(`seutil_use_newrole_fd',`
interface(`seutil_domtrans_restorecon',` interface(`seutil_domtrans_restorecon',`
gen_require(` gen_require(`
type restorecon_t, restorecon_exec_t; type restorecon_t, restorecon_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
corecmd_search_sbin($1) corecmd_search_sbin($1)
@ -302,7 +283,6 @@ interface(`seutil_domtrans_restorecon',`
interface(`seutil_run_restorecon',` interface(`seutil_run_restorecon',`
gen_require(` gen_require(`
type restorecon_t; type restorecon_t;
class chr_file rw_term_perms;
') ')
seutil_domtrans_restorecon($1) seutil_domtrans_restorecon($1)
@ -334,9 +314,6 @@ interface(`seutil_exec_restorecon',`
interface(`seutil_domtrans_runinit',` interface(`seutil_domtrans_runinit',`
gen_require(` gen_require(`
type run_init_t, run_init_exec_t; type run_init_t, run_init_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -384,7 +361,6 @@ interface(`seutil_run_runinit',`
interface(`seutil_use_runinit_fd',` interface(`seutil_use_runinit_fd',`
gen_require(` gen_require(`
type run_init_t; type run_init_t;
class fd use;
') ')
allow $1 run_init_t:fd use; allow $1 run_init_t:fd use;
@ -401,9 +377,6 @@ interface(`seutil_use_runinit_fd',`
interface(`seutil_domtrans_setfiles',` interface(`seutil_domtrans_setfiles',`
gen_require(` gen_require(`
type setfiles_t, setfiles_exec_t; type setfiles_t, setfiles_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
files_search_usr($1) files_search_usr($1)
@ -435,7 +408,6 @@ interface(`seutil_domtrans_setfiles',`
interface(`seutil_run_setfiles',` interface(`seutil_run_setfiles',`
gen_require(` gen_require(`
type setfiles_t; type setfiles_t;
class chr_file rw_term_perms;
') ')
seutil_domtrans_setfiles($1) seutil_domtrans_setfiles($1)
@ -469,7 +441,6 @@ interface(`seutil_exec_setfiles',`
interface(`seutil_dontaudit_search_config',` interface(`seutil_dontaudit_search_config',`
gen_require(` gen_require(`
type selinux_config_t; type selinux_config_t;
class dir search;
') ')
dontaudit $1 selinux_config_t:dir search; dontaudit $1 selinux_config_t:dir search;
@ -519,7 +490,6 @@ interface(`seutil_read_config',`
interface(`seutil_search_default_contexts',` interface(`seutil_search_default_contexts',`
gen_require(` gen_require(`
type selinux_config_t, default_context_t; type selinux_config_t, default_context_t;
class dir search;
') ')
files_search_etc($1) files_search_etc($1)
@ -566,8 +536,6 @@ interface(`seutil_read_file_contexts',`
interface(`seutil_read_binary_pol',` interface(`seutil_read_binary_pol',`
gen_require(` gen_require(`
type selinux_config_t, policy_config_t; type selinux_config_t, policy_config_t;
class dir r_dir_perms;
class file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)
@ -584,8 +552,6 @@ interface(`seutil_create_binary_pol',`
gen_require(` gen_require(`
# attribute can_write_binary_policy; # attribute can_write_binary_policy;
type selinux_config_t, policy_config_t; type selinux_config_t, policy_config_t;
class dir ra_dir_perms;
class file { getattr create write };
') ')
files_search_etc($1) files_search_etc($1)
@ -607,7 +573,6 @@ interface(`seutil_relabelto_binary_pol',`
gen_require(` gen_require(`
attribute can_relabelto_binary_policy; attribute can_relabelto_binary_policy;
type policy_config_t; type policy_config_t;
class file relabelto;
') ')
allow $1 policy_config_t:file relabelto; allow $1 policy_config_t:file relabelto;
@ -622,8 +587,6 @@ interface(`seutil_manage_binary_pol',`
gen_require(` gen_require(`
attribute can_write_binary_policy; attribute can_write_binary_policy;
type selinux_config_t, policy_config_t; type selinux_config_t, policy_config_t;
class dir rw_dir_perms;
class file create_file_perms;
') ')
files_search_etc($1) files_search_etc($1)
@ -640,8 +603,6 @@ interface(`seutil_manage_binary_pol',`
interface(`seutil_read_src_pol',` interface(`seutil_read_src_pol',`
gen_require(` gen_require(`
type selinux_config_t, policy_src_t; type selinux_config_t, policy_src_t;
class dir r_dir_perms;
class file r_file_perms;
') ')
files_search_etc($1) files_search_etc($1)
@ -657,8 +618,6 @@ interface(`seutil_read_src_pol',`
interface(`seutil_manage_src_pol',` interface(`seutil_manage_src_pol',`
gen_require(` gen_require(`
type selinux_config_t, policy_src_t; type selinux_config_t, policy_src_t;
class dir create_dir_perms;
class file create_file_perms;
') ')
files_search_etc($1) files_search_etc($1)

View File

@ -112,9 +112,6 @@ template(`unconfined_domain_template',`
interface(`unconfined_domtrans',` interface(`unconfined_domtrans',`
gen_require(` gen_require(`
type unconfined_t, unconfined_exec_t; type unconfined_t, unconfined_exec_t;
class process sigchld;
class fd use;
class fifo_file rw_file_perms;
') ')
domain_auto_trans($1,unconfined_exec_t,unconfined_t) domain_auto_trans($1,unconfined_exec_t,unconfined_t)
@ -142,7 +139,6 @@ interface(`unconfined_domtrans',`
interface(`unconfined_run',` interface(`unconfined_run',`
gen_require(` gen_require(`
type unconfined_t; type unconfined_t;
class chr_file rw_term_perms;
') ')
unconfined_domtrans($1) unconfined_domtrans($1)
@ -177,7 +173,6 @@ interface(`unconfined_shell_domtrans',`
interface(`unconfined_use_fd',` interface(`unconfined_use_fd',`
gen_require(` gen_require(`
type unconfined_t; type unconfined_t;
class fd use;
') ')
allow $1 unconfined_t:fd use; allow $1 unconfined_t:fd use;
@ -194,7 +189,6 @@ interface(`unconfined_use_fd',`
interface(`unconfined_sigchld',` interface(`unconfined_sigchld',`
gen_require(` gen_require(`
type unconfined_t; type unconfined_t;
class process sigchld;
') ')
allow $1 unconfined_t:process sigchld; allow $1 unconfined_t:process sigchld;
@ -259,7 +253,6 @@ interface(`unconfined_dontaudit_read_pipe',`
interface(`unconfined_rw_pipe',` interface(`unconfined_rw_pipe',`
gen_require(` gen_require(`
type unconfined_t; type unconfined_t;
class fifo_file rw_file_perms;
') ')
allow $1 unconfined_t:fifo_file rw_file_perms; allow $1 unconfined_t:fifo_file rw_file_perms;
@ -287,7 +280,6 @@ interface(`unconfined_rw_pipe',`
interface(`unconfined_dontaudit_rw_tcp_socket',` interface(`unconfined_dontaudit_rw_tcp_socket',`
gen_require(` gen_require(`
type unconfined_t; type unconfined_t;
class tcp_socket { read write };
') ')
dontaudit $1 unconfined_t:tcp_socket { read write }; dontaudit $1 unconfined_t:tcp_socket { read write };