diff --git a/refpolicy/policy/modules/kernel/domain.if b/refpolicy/policy/modules/kernel/domain.if index 4514f5db..d0174c00 100644 --- a/refpolicy/policy/modules/kernel/domain.if +++ b/refpolicy/policy/modules/kernel/domain.if @@ -740,7 +740,7 @@ interface(`domain_dontaudit_getsession_all_domains',` # interface(`domain_getattr_all_sockets',` gen_require(` - gen_require_set(getattr,socket_class_set) + attribute domain; ') allow $1 domain:socket_class_set getattr; @@ -767,7 +767,7 @@ interface(`domain_getattr_all_sockets',` # interface(`domain_dontaudit_getattr_all_sockets',` gen_require(` - gen_require_set(getattr,socket_class_set) + attribute domain; ') dontaudit $1 domain:socket_class_set getattr; diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if index 9301cb2b..cc88278c 100644 --- a/refpolicy/policy/modules/kernel/files.if +++ b/refpolicy/policy/modules/kernel/files.if @@ -2108,7 +2108,6 @@ interface(`files_filetrans_tmp',` interface(`files_purge_tmp',` gen_require(` attribute tmpfile; - gen_require_set({ getattr unlink },notdevfile_class_set) ') allow $1 tmpfile:dir { rw_dir_perms rmdir }; diff --git a/refpolicy/policy/support/obj_perm_sets.spt b/refpolicy/policy/support/obj_perm_sets.spt index e05a7104..ecc755a4 100644 --- a/refpolicy/policy/support/obj_perm_sets.spt +++ b/refpolicy/policy/support/obj_perm_sets.spt @@ -223,26 +223,3 @@ define(`rw_term_perms', `{ getattr read write ioctl }') # define(`client_stream_socket_perms', `{ create ioctl read getattr write setattr append bind getopt setopt shutdown }') define(`server_stream_socket_perms', `{ client_stream_socket_perms listen accept }') - -######################################## -# -# Expand object class set macros. -# -# gen_require_set(permissions,object_class_set) -# -# the statement: -# gen_require_set({ getattr read },{ foo bar tar }) -# -# makes: -# class foo { getattr read }; -# class bar { getattr read }; -# class tar { getattr read }; -# -# !! This is only used in require blocks. !! - -define(`gen_require_set',` -ifelse(regexp($2, `\w'), -1, `', `dnl -class regexp($2, `\(\w+\)', `\1') $1; -gen_require_set($1, regexp($2, `\w+\(.*\)', `\1'))dnl -') dnl -')