From: jwcart2@tycho.nsa.gov (James Carter)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 7/8] Remove undeclared identifiers from interfaces
Date: Wed, 11 Apr 2018 14:55:24 -0400 [thread overview]
Message-ID: <20180411185525.23486-8-jwcart2@tycho.nsa.gov> (raw)
In-Reply-To: <20180411185525.23486-1-jwcart2@tycho.nsa.gov>
These interfaces are not being called in the policy.
corenetwork.if.in:corenet_sctp_bind_generic_port(),
corenet_dontaudit_sctp_bind_generic_port(), and
corenet_sctp_connect_generic_port()
Removed references to undeclared type ephemeral_port_t.
corenetwork.if.in:corenet_sctp_recvfrom_unlabeled()
Removed references to undeclared type attribute corenet_unlabled_type.
devices.if:dev_read_printk()
Removed references to undeclared type printk_device_t and marked
interface as deprecated because it is now empty.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
policy/modules/kernel/corenetwork.if.in | 18 ++++++------------
policy/modules/kernel/devices.if | 8 ++------
2 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index 37aeb06d..13513500 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -1519,11 +1519,11 @@ interface(`corenet_udp_send_all_ports',`
#
interface(`corenet_sctp_bind_generic_port',`
gen_require(`
- type port_t, unreserved_port_t, ephemeral_port_t;
+ type port_t, unreserved_port_t;
attribute defined_port_type;
')
- allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+ allow $1 { port_t unreserved_port_t }:sctp_socket name_bind;
dontaudit $1 defined_port_type:sctp_socket name_bind;
')
@@ -1597,10 +1597,10 @@ interface(`corenet_udp_sendrecv_all_ports',`
#
interface(`corenet_dontaudit_sctp_bind_generic_port',`
gen_require(`
- type port_t, unreserved_port_t, ephemeral_port_t;
+ type port_t, unreserved_port_t;
')
- dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+ dontaudit $1 { port_t unreserved_port_t }:sctp_socket name_bind;
')
########################################
@@ -1671,10 +1671,10 @@ interface(`corenet_udp_bind_all_ports',`
#
interface(`corenet_sctp_connect_generic_port',`
gen_require(`
- type port_t, unreserved_port_t,ephemeral_port_t;
+ type port_t, unreserved_port_t;
')
- allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_connect;
+ allow $1 { port_t unreserved_port_t }:sctp_socket name_connect;
')
########################################
@@ -3372,13 +3372,7 @@ interface(`corenet_relabelto_all_server_packets',`
## </param>
#
interface(`corenet_sctp_recvfrom_unlabeled',`
- gen_require(`
- attribute corenet_unlabeled_type;
- ')
-
kernel_recvfrom_unlabeled_peer($1)
-
- typeattribute $1 corenet_unlabeled_type;
kernel_sendrecv_unlabeled_association($1)
')
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index c9071df8..be1a1d4b 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -3374,18 +3374,14 @@ interface(`dev_rw_printer',`
## <summary>
## Read printk devices (e.g., /dev/kmsg /dev/mcelog)
## </summary>
-## <param name="domain">
+## <param name="domain" unused="true">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`dev_read_printk',`
- gen_require(`
- type device_t, printk_device_t;
- ')
-
- read_chr_files_pattern($1, device_t, printk_device_t)
+ refpolicywarn(`$0() has been deprecated.')
')
########################################
--
2.13.6
next prev parent reply other threads:[~2018-04-11 18:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-11 18:55 [refpolicy] [PATCH 0/8] Fixes issues identified by spt_lint.lua to non-contrib James Carter
2018-04-11 18:55 ` [refpolicy] [PATCH 1/8] Removed unnecessary semicolons James Carter
2018-04-11 18:55 ` [refpolicy] [PATCH 2/8] Mark unused parameters as unused James Carter
2018-04-11 18:55 ` [refpolicy] [PATCH 3/8] Move the use of var_log_t from authlogin.fc to logging.fc James Carter
2018-04-11 18:55 ` [refpolicy] [PATCH 4/8] Move the use of initrc_var_run_t from files.fc to init.fc James Carter
2018-04-11 18:55 ` [refpolicy] [PATCH 5/8] Move use of systemd_unit_t from systemd.fc " James Carter
2018-04-11 18:55 ` [refpolicy] [PATCH 6/8] Move use of user_devpts_t from terminal.fc to userdomain.fc James Carter
2018-04-11 18:55 ` James Carter [this message]
2018-04-11 18:55 ` [refpolicy] [PATCH 8/8] Remove undeclared identifiers from xserver interface James Carter
2018-04-12 22:46 ` [refpolicy] [PATCH 0/8] Fixes issues identified by spt_lint.lua to non-contrib Chris PeBenito
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180411185525.23486-8-jwcart2@tycho.nsa.gov \
--to=jwcart2@tycho.nsa.gov \
--cc=refpolicy@oss.tresys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).