[refpolicy] [PATCH 7/8] Remove undeclared identifiers from interfaces

From: jwcart2@tycho.nsa.gov (James Carter)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] [PATCH 7/8] Remove undeclared identifiers from interfaces
Date: Wed, 11 Apr 2018 14:55:24 -0400	[thread overview]
Message-ID: <20180411185525.23486-8-jwcart2@tycho.nsa.gov> (raw)
In-Reply-To: <20180411185525.23486-1-jwcart2@tycho.nsa.gov>

These interfaces are not being called in the policy.

corenetwork.if.in:corenet_sctp_bind_generic_port(),
  corenet_dontaudit_sctp_bind_generic_port(), and
  corenet_sctp_connect_generic_port()
  Removed references to undeclared type ephemeral_port_t.

corenetwork.if.in:corenet_sctp_recvfrom_unlabeled()
  Removed references to undeclared type attribute corenet_unlabled_type.

devices.if:dev_read_printk()
  Removed references to undeclared type printk_device_t and marked
  interface as deprecated because it is now empty.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
 policy/modules/kernel/corenetwork.if.in | 18 ++++++------------
 policy/modules/kernel/devices.if        |  8 ++------
 2 files changed, 8 insertions(+), 18 deletions(-)

diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index 37aeb06d..13513500 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -1519,11 +1519,11 @@ interface(`corenet_udp_send_all_ports',`
 #
 interface(`corenet_sctp_bind_generic_port',`
 	gen_require(`
-		type port_t, unreserved_port_t, ephemeral_port_t;
+		type port_t, unreserved_port_t;
 		attribute defined_port_type;
 	')
 
-	allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+	allow $1 { port_t unreserved_port_t }:sctp_socket name_bind;
 	dontaudit $1 defined_port_type:sctp_socket name_bind;
 ')
 
@@ -1597,10 +1597,10 @@ interface(`corenet_udp_sendrecv_all_ports',`
 #
 interface(`corenet_dontaudit_sctp_bind_generic_port',`
 	gen_require(`
-		type port_t, unreserved_port_t, ephemeral_port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	dontaudit $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_bind;
+	dontaudit $1 { port_t unreserved_port_t }:sctp_socket name_bind;
 ')
 
 ########################################
@@ -1671,10 +1671,10 @@ interface(`corenet_udp_bind_all_ports',`
 #
 interface(`corenet_sctp_connect_generic_port',`
 	gen_require(`
-		type port_t, unreserved_port_t,ephemeral_port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	allow $1 { port_t unreserved_port_t ephemeral_port_t }:sctp_socket name_connect;
+	allow $1 { port_t unreserved_port_t }:sctp_socket name_connect;
 ')
 
 ########################################
@@ -3372,13 +3372,7 @@ interface(`corenet_relabelto_all_server_packets',`
 ## </param>
 #
 interface(`corenet_sctp_recvfrom_unlabeled',`
-	gen_require(`
-		attribute corenet_unlabeled_type;
-	')
-
 	kernel_recvfrom_unlabeled_peer($1)
-
-	typeattribute $1 corenet_unlabeled_type;
 	kernel_sendrecv_unlabeled_association($1)
 ')
 
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index c9071df8..be1a1d4b 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -3374,18 +3374,14 @@ interface(`dev_rw_printer',`
 ## <summary>
 ##	Read printk devices (e.g., /dev/kmsg /dev/mcelog)
 ## </summary>
-## <param name="domain">
+## <param name="domain" unused="true">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`dev_read_printk',`
-	gen_require(`
-		type device_t, printk_device_t;
-	')
-
-	read_chr_files_pattern($1, device_t, printk_device_t)
+	refpolicywarn(`$0() has been deprecated.')
 ')
 
 ########################################
-- 
2.13.6
