diff --git a/refpolicy/Rules.modular b/refpolicy/Rules.modular index d0bbaf8a..8e0928d6 100644 --- a/refpolicy/Rules.modular +++ b/refpolicy/Rules.modular @@ -128,10 +128,6 @@ $(TMPDIR)/generated_definitions.conf: $(BASE_TE_FILES) >> $@ ;\ done $(verbose) echo "')" >> $@ -# define foo.te - $(verbose) for i in $(notdir $(BASE_TE_FILES)); do \ - echo "define(\`$$i')" >> $@ ;\ - done $(verbose) test -f $(BOOLEANS) && $(SETBOOLS) $(BOOLEANS) >> $@ || true $(TMPDIR)/global_bools.conf: M4PARAM += -D self_contained_policy diff --git a/refpolicy/Rules.monolithic b/refpolicy/Rules.monolithic index 972516a1..bb3133e8 100644 --- a/refpolicy/Rules.monolithic +++ b/refpolicy/Rules.monolithic @@ -109,10 +109,6 @@ $(TMPDIR)/generated_definitions.conf: $(ALL_TE_FILES) $(verbose) $(foreach mod,$(basename $(notdir $(ALL_MODULES))), \ echo "ifdef(\`""$(mod)""_per_userdomain_template',\`""$(mod)""_per_userdomain_template("'$$*'")')" >> $@ ;) $(verbose) echo "')" >> $@ -# define foo.te - $(verbose) for i in $(notdir $(ALL_MODULES)); do \ - echo "define(\`$$i')" >> $@ ;\ - done $(verbose) test -f $(BOOLEANS) && $(SETBOOLS) $(BOOLEANS) >> $@ || true $(TMPDIR)/global_bools.conf: $(M4SUPPORT) $(TMPDIR)/generated_definitions.conf $(GLOBALBOOL) $(GLOBALTUN) diff --git a/refpolicy/policy/modules/admin/logrotate.te b/refpolicy/policy/modules/admin/logrotate.te index a479123d..0352a4c3 100644 --- a/refpolicy/policy/modules/admin/logrotate.te +++ b/refpolicy/policy/modules/admin/logrotate.te @@ -199,8 +199,6 @@ optional_policy(` ') ifdef(`TODO',` -ifdef(`gnome-pty-helper.te', `allow logrotate_t sysadm_gph_t:fd use;') - # it should not require this allow logrotate_t {staff_home_dir_t sysadm_home_dir_t}:dir { getattr read search }; diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if index 96fae337..5fb85ce9 100644 --- a/refpolicy/policy/modules/admin/su.if +++ b/refpolicy/policy/modules/admin/su.if @@ -317,11 +317,9 @@ template(`su_per_userdomain_template',` ifdef(`TODO',` allow $1_su_t $1_home_t:file create_file_perms; - ifdef(`ssh.te', ` # Access sshd cookie files. allow $1_su_t sshd_tmp_t:file rw_file_perms; file_type_auto_trans($1_su_t, sshd_tmp_t, $1_tmp_t) - ') ') dnl end TODO ') diff --git a/refpolicy/policy/modules/apps/evolution.if b/refpolicy/policy/modules/apps/evolution.if index 71d3a9fc..88c407c9 100644 --- a/refpolicy/policy/modules/apps/evolution.if +++ b/refpolicy/policy/modules/apps/evolution.if @@ -297,7 +297,7 @@ template(`evolution_per_userdomain_template',` userdom_read_user_home_content_files($1,$1_evolution_t) userdom_read_user_home_content_symlinks($1,$1_evolution_t) - ifdef(`mls_policy',`',` + ifdef(`enable_mls',`',` fs_search_removable($1_evolution_t) fs_read_removable_files($1_evolution_t) fs_read_removable_symlinks($1_evolution_t) diff --git a/refpolicy/policy/modules/apps/evolution.te b/refpolicy/policy/modules/apps/evolution.te index 1df5cfba..727b6940 100644 --- a/refpolicy/policy/modules/apps/evolution.te +++ b/refpolicy/policy/modules/apps/evolution.te @@ -1,5 +1,5 @@ -policy_module(evolution,1.0.2) +policy_module(evolution,1.0.3) ######################################## # diff --git a/refpolicy/policy/modules/apps/mozilla.if b/refpolicy/policy/modules/apps/mozilla.if index c4d489b5..26e7bad2 100644 --- a/refpolicy/policy/modules/apps/mozilla.if +++ b/refpolicy/policy/modules/apps/mozilla.if @@ -244,7 +244,7 @@ template(`mozilla_per_userdomain_template',` userdom_read_user_home_content_files($1,$1_mozilla_t) userdom_read_user_home_content_symlinks($1,$1_mozilla_t) - ifdef(`mls_policy',`',` + ifdef(`enable_mls',`',` fs_search_removable($1_mozilla_t) fs_read_removable_files($1_mozilla_t) fs_read_removable_symlinks($1_mozilla_t) diff --git a/refpolicy/policy/modules/apps/mozilla.te b/refpolicy/policy/modules/apps/mozilla.te index d5001e6b..75651678 100644 --- a/refpolicy/policy/modules/apps/mozilla.te +++ b/refpolicy/policy/modules/apps/mozilla.te @@ -1,5 +1,5 @@ -policy_module(mozilla,1.0.2) +policy_module(mozilla,1.0.3) ######################################## # diff --git a/refpolicy/policy/modules/apps/mplayer.if b/refpolicy/policy/modules/apps/mplayer.if index 5ebf68fb..12e9260d 100644 --- a/refpolicy/policy/modules/apps/mplayer.if +++ b/refpolicy/policy/modules/apps/mplayer.if @@ -122,7 +122,7 @@ template(`mplayer_per_userdomain_template',` userdom_read_user_home_content_symlinks($1,$1_mencoder_t) # Read content to encode - ifdef(`mls_policy',`',` + ifdef(`enable_mls',`',` fs_search_removable($1_mencoder_t) fs_read_removable_files($1_mencoder_t) fs_read_removable_symlinks($1_mencoder_t) @@ -359,7 +359,7 @@ template(`mplayer_per_userdomain_template',` xserver_user_client_template($1,$1_mplayer_t,$1_mplayer_tmpfs_t) # Read songs - ifdef(`mls_policy',`',` + ifdef(`enable_mls',`',` fs_search_removable($1_mplayer_t) fs_read_removable_files($1_mplayer_t) fs_read_removable_symlinks($1_mplayer_t) diff --git a/refpolicy/policy/modules/apps/mplayer.te b/refpolicy/policy/modules/apps/mplayer.te index a1b79d5b..adbb1760 100644 --- a/refpolicy/policy/modules/apps/mplayer.te +++ b/refpolicy/policy/modules/apps/mplayer.te @@ -1,5 +1,5 @@ -policy_module(mplayer,1.0.1) +policy_module(mplayer,1.0.2) ######################################## # diff --git a/refpolicy/policy/modules/apps/thunderbird.if b/refpolicy/policy/modules/apps/thunderbird.if index 4dab587d..7d2c4084 100644 --- a/refpolicy/policy/modules/apps/thunderbird.if +++ b/refpolicy/policy/modules/apps/thunderbird.if @@ -208,7 +208,7 @@ template(`thunderbird_per_userdomain_template',` userdom_read_user_home_content_files($1,$1_thunderbird_t) userdom_read_user_home_content_symlinks($1,$1_thunderbird_t) - ifdef(`mls_policy',` + ifdef(`enable_mls',` ',` fs_search_removable($1_thunderbird_t) fs_read_removable_files($1_thunderbird_t) diff --git a/refpolicy/policy/modules/apps/thunderbird.te b/refpolicy/policy/modules/apps/thunderbird.te index ccd3ff04..d224cd80 100644 --- a/refpolicy/policy/modules/apps/thunderbird.te +++ b/refpolicy/policy/modules/apps/thunderbird.te @@ -1,5 +1,5 @@ -policy_module(thunderbird,1.0.2) +policy_module(thunderbird,1.0.3) ######################################## # diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te index 3c65a45d..2404432b 100644 --- a/refpolicy/policy/modules/system/sysnetwork.te +++ b/refpolicy/policy/modules/system/sysnetwork.te @@ -1,5 +1,5 @@ -policy_module(sysnetwork,1.1.7) +policy_module(sysnetwork,1.1.8) ######################################## # @@ -178,11 +178,6 @@ optional_policy(` optional_policy(` networkmanager_dbus_chat(dhcpc_t) ') - - ifdef(`unconfined.te', ` - allow unconfined_t dhcpc_t:dbus send_msg; - allow dhcpc_t unconfined_t:dbus send_msg; - ') ') optional_policy(` diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te index 41f9db5e..1f83eff4 100644 --- a/refpolicy/policy/modules/system/unconfined.te +++ b/refpolicy/policy/modules/system/unconfined.te @@ -1,5 +1,5 @@ -policy_module(unconfined,1.3.9) +policy_module(unconfined,1.3.10) ######################################## # @@ -159,6 +159,7 @@ ifdef(`targeted_policy',` optional_policy(` sysnet_domtrans_dhcpc(unconfined_t) + sysnet_dbus_chat_dhcpc(unconfined_t) ') optional_policy(`