diff options
| author |   Jason Zaman <perfinion@gentoo.org> | 2020-02-15 16:28:18 +0800 |
|---|---|---|
| committer | Jason Zaman <perfinion@gentoo.org> | 2020-02-15 16:31:07 +0800 |
| commit | fd6ef0c54af495c90e7f5335923ba6274fdb36ac (patch) | |
| tree | 9650cf196050f0ea8a15fa2ead4839806a64b4a8 /policy/modules/contrib | |
| parent | Merge upstream (diff) | |
| download | hardened-refpolicy-fd6ef0c54af495c90e7f5335923ba6274fdb36ac.tar.gz hardened-refpolicy-fd6ef0c54af495c90e7f5335923ba6274fdb36ac.tar.bz2 hardened-refpolicy-fd6ef0c54af495c90e7f5335923ba6274fdb36ac.zip | |
access_vectors: Remove gentoo-specific unused permissions
Follow-on to commit 8c38998a0c3024ef16de5fdc1bc12cef5c521759
tcp/udp sendrecv permissions are obsolete and removed from the policy
completely.
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/contrib')
| -rw-r--r-- | policy/modules/contrib/bitcoin.te | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/dirsrv.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/dropbox.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/kdeconnect.te | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/mutt.te | 2 | ||||
| -rw-r--r-- | policy/modules/contrib/pan.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/rtorrent.te | 1 | ||||
| -rw-r--r-- | policy/modules/contrib/skype.te | 1 |
8 files changed, 0 insertions, 11 deletions
diff --git a/policy/modules/contrib/bitcoin.te b/policy/modules/contrib/bitcoin.te index c5667519..6cc82f77 100644 --- a/policy/modules/contrib/bitcoin.te +++ b/policy/modules/contrib/bitcoin.te @@ -69,12 +69,10 @@ corenet_tcp_bind_bitcoin_port(bitcoin_t) corenet_tcp_connect_bitcoin_port(bitcoin_t) corenet_tcp_connect_http_port(bitcoin_t) corenet_tcp_bind_generic_node(bitcoin_t) -corenet_tcp_sendrecv_bitcoin_port(bitcoin_t) corenet_tcp_sendrecv_generic_if(bitcoin_t) corenet_tcp_sendrecv_generic_node(bitcoin_t) #corenet_sendrecv_dns_server_packets(bitcoin_t) #corenet_udp_bind_dns_port(bitcoin_t) -#corenet_udp_sendrecv_dns_port(bitcoin_t) dev_read_sysfs(bitcoin_t) dev_read_urand(bitcoin_t) diff --git a/policy/modules/contrib/dirsrv.te b/policy/modules/contrib/dirsrv.te index e7c8d06e..0fa0b069 100644 --- a/policy/modules/contrib/dirsrv.te +++ b/policy/modules/contrib/dirsrv.te @@ -125,7 +125,6 @@ corenet_all_recvfrom_unlabeled(dirsrv_t) corenet_all_recvfrom_netlabel(dirsrv_t) corenet_tcp_sendrecv_generic_if(dirsrv_t) corenet_tcp_sendrecv_generic_node(dirsrv_t) -corenet_tcp_sendrecv_all_ports(dirsrv_t) corenet_tcp_bind_all_nodes(dirsrv_t) corenet_tcp_bind_ldap_port(dirsrv_t) corenet_tcp_bind_all_rpc_ports(dirsrv_t) diff --git a/policy/modules/contrib/dropbox.te b/policy/modules/contrib/dropbox.te index 80d8af37..2aa9a93b 100644 --- a/policy/modules/contrib/dropbox.te +++ b/policy/modules/contrib/dropbox.te @@ -108,7 +108,6 @@ corenet_tcp_sendrecv_generic_node(dropbox_t) tunable_policy(`dropbox_bind_port',` allow dropbox_t self:tcp_socket { accept listen }; - allow dropbox_t self:udp_socket { send_msg recv_msg }; corenet_tcp_bind_dropbox_port(dropbox_t) corenet_udp_bind_dropbox_port(dropbox_t) diff --git a/policy/modules/contrib/kdeconnect.te b/policy/modules/contrib/kdeconnect.te index 92be330d..8e6b5226 100644 --- a/policy/modules/contrib/kdeconnect.te +++ b/policy/modules/contrib/kdeconnect.te @@ -72,9 +72,7 @@ corenet_sendrecv_kdeconnect_server_packets(kdeconnect_t) corenet_tcp_bind_kdeconnect_port(kdeconnect_t) corenet_tcp_bind_generic_node(kdeconnect_t) corenet_tcp_connect_kdeconnect_port(kdeconnect_t) -corenet_tcp_sendrecv_kdeconnect_port(kdeconnect_t) corenet_udp_bind_kdeconnect_port(kdeconnect_t) -corenet_udp_sendrecv_kdeconnect_port(kdeconnect_t) corenet_udp_bind_generic_node(kdeconnect_t) dev_read_sysfs(kdeconnect_t) diff --git a/policy/modules/contrib/mutt.te b/policy/modules/contrib/mutt.te index 393b9438..bc09f380 100644 --- a/policy/modules/contrib/mutt.te +++ b/policy/modules/contrib/mutt.te @@ -59,8 +59,6 @@ corenet_tcp_connect_pop_port(mutt_t) corenet_tcp_connect_smtp_port(mutt_t) corenet_tcp_sendrecv_generic_if(mutt_t) corenet_tcp_sendrecv_generic_node(mutt_t) -corenet_tcp_sendrecv_pop_port(mutt_t) -corenet_tcp_sendrecv_smtp_port(mutt_t) dev_read_rand(mutt_t) dev_read_urand(mutt_t) diff --git a/policy/modules/contrib/pan.te b/policy/modules/contrib/pan.te index 89bc61d0..48b07b85 100644 --- a/policy/modules/contrib/pan.te +++ b/policy/modules/contrib/pan.te @@ -51,7 +51,6 @@ corenet_sendrecv_innd_client_packets(pan_t) corenet_tcp_connect_innd_port(pan_t) corenet_tcp_sendrecv_generic_if(pan_t) corenet_tcp_sendrecv_generic_node(pan_t) -corenet_tcp_sendrecv_innd_port(pan_t) domain_dontaudit_use_interactive_fds(pan_t) diff --git a/policy/modules/contrib/rtorrent.te b/policy/modules/contrib/rtorrent.te index e7f7c354..34fad1c5 100644 --- a/policy/modules/contrib/rtorrent.te +++ b/policy/modules/contrib/rtorrent.te @@ -49,7 +49,6 @@ allow rtorrent_t rtorrent_session_t:file map; corenet_tcp_bind_generic_node(rtorrent_t) corenet_tcp_bind_rtorrent_port(rtorrent_t) corenet_tcp_connect_all_ports(rtorrent_t) -corenet_tcp_sendrecv_all_ports(rtorrent_t) domain_use_interactive_fds(rtorrent_t) diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te index dc7f73ec..8a70ad35 100644 --- a/policy/modules/contrib/skype.te +++ b/policy/modules/contrib/skype.te @@ -81,7 +81,6 @@ corenet_tcp_bind_generic_port(skype_t) corenet_tcp_connect_all_unreserved_ports(skype_t) corenet_tcp_connect_generic_port(skype_t) corenet_tcp_connect_http_port(skype_t) -corenet_tcp_sendrecv_http_port(skype_t) corenet_udp_bind_generic_node(skype_t) corenet_udp_bind_generic_port(skype_t) |