diff options
author | Daniel Burgener <dburgener@linux.microsoft.com> | 2022-07-19 17:47:43 -0400 |
---|---|---|
committer | Jason Zaman <perfinion@gentoo.org> | 2022-09-03 11:41:55 -0700 |
commit | 892145a3471364d8e677878406a7884e6557ec2d (patch) | |
tree | 4ff3f66aadb408d86872ce3a465cecf3267ae304 | |
parent | mls: Add setsockcreate constraint. (diff) | |
download | hardened-refpolicy-892145a3471364d8e677878406a7884e6557ec2d.tar.gz hardened-refpolicy-892145a3471364d8e677878406a7884e6557ec2d.tar.bz2 hardened-refpolicy-892145a3471364d8e677878406a7884e6557ec2d.zip |
Drop explicit calls to seutil and kernel module interfaces in broad files interfaces
Historically, these calls were needed because the interfaces provided an
attribute used to check various assertions. However, that attribute was
dropped in 2005 with commit 15fefa4.
Keeping these calls in prevents removing these permissions from a call
to files_manage_all_files() with the $2 argument.
Signed-off-by: Daniel Burgener <dburgener@linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
-rw-r--r-- | policy/modules/kernel/files.if | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 6a082670c..fb27ed18a 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -1239,10 +1239,6 @@ interface(`files_manage_all_files',` manage_lnk_files_pattern($1, { file_type $2 }, { file_type $2 }) manage_fifo_files_pattern($1, { file_type $2 }, { file_type $2 }) manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 }) - - # satisfy the assertions: - seutil_create_bin_policy($1) - files_manage_kernel_modules($1) ') ######################################## @@ -1513,10 +1509,6 @@ interface(`files_manage_non_auth_files',` manage_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type) manage_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type) manage_sock_files_pattern($1, non_auth_file_type, non_auth_file_type) - - # satisfy the assertions: - seutil_create_bin_policy($1) - files_manage_kernel_modules($1) ') ######################################## |