* [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/, policy/modules/contrib/, policy/modules/apps/
@ 2020-02-15 8:45 Jason Zaman
0 siblings, 0 replies; only message in thread
From: Jason Zaman @ 2020-02-15 8:45 UTC (permalink / raw
To: gentoo-commits
commit: fd6ef0c54af495c90e7f5335923ba6274fdb36ac
Author: Jason Zaman <perfinion <AT> gentoo <DOT> org>
AuthorDate: Sat Feb 15 08:28:18 2020 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Feb 15 08:31:07 2020 +0000
URL: https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=fd6ef0c5
access_vectors: Remove gentoo-specific unused permissions
Follow-on to commit 8c38998a0c3024ef16de5fdc1bc12cef5c521759
tcp/udp sendrecv permissions are obsolete and removed from the policy
completely.
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/admin/portage.te | 1 -
policy/modules/admin/puppet.te | 1 -
policy/modules/apps/mozilla.te | 4 ----
policy/modules/contrib/bitcoin.te | 2 --
policy/modules/contrib/dirsrv.te | 1 -
policy/modules/contrib/dropbox.te | 1 -
policy/modules/contrib/kdeconnect.te | 2 --
policy/modules/contrib/mutt.te | 2 --
policy/modules/contrib/pan.te | 1 -
policy/modules/contrib/rtorrent.te | 1 -
policy/modules/contrib/skype.te | 1 -
11 files changed, 17 deletions(-)
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 63393962..671ee7f0 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -525,7 +525,6 @@ gen_tunable(portage_enable_test, false)
corenet_tcp_connect_all_unreserved_ports(portage_sandbox_t)
corenet_udp_bind_all_unreserved_ports(portage_sandbox_t)
corenet_udp_bind_generic_node(portage_sandbox_t)
- corenet_udp_sendrecv_all_ports(portage_sandbox_t)
')
##########################################
diff --git a/policy/modules/admin/puppet.te b/policy/modules/admin/puppet.te
index f2b11568..3670df76 100644
--- a/policy/modules/admin/puppet.te
+++ b/policy/modules/admin/puppet.te
@@ -368,7 +368,6 @@ ifdef(`distro_gentoo',`
corenet_sendrecv_puppetclient_server_packets(puppet_t)
corenet_tcp_bind_puppetclient_port(puppet_t)
- corenet_tcp_sendrecv_puppetclient_port(puppet_t)
usermanage_domtrans_passwd(puppet_t)
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index 744c7df2..c4ac2c7e 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -724,10 +724,8 @@ gen_tunable(mozilla_plugin_connect_all_unreserved, false)
allow mozilla_t mozilla_xdg_cache_t:file map;
corenet_dontaudit_tcp_bind_generic_port(mozilla_t)
- corenet_dontaudit_tcp_sendrecv_generic_port(mozilla_t)
corenet_sendrecv_tor_client_packets(mozilla_t)
corenet_tcp_connect_tor_port(mozilla_t)
- corenet_tcp_sendrecv_tor_port(mozilla_t)
domain_use_interactive_fds(mozilla_t)
@@ -738,7 +736,6 @@ gen_tunable(mozilla_plugin_connect_all_unreserved, false)
tunable_policy(`mozilla_bind_all_unreserved_ports',`
corenet_sendrecv_all_server_packets(mozilla_t)
corenet_tcp_bind_all_unreserved_ports(mozilla_t)
- corenet_tcp_sendrecv_all_ports(mozilla_t)
')
optional_policy(`
@@ -771,7 +768,6 @@ gen_tunable(mozilla_plugin_connect_all_unreserved, false)
corenet_sendrecv_pulseaudio_client_packets(mozilla_plugin_t)
corenet_tcp_connect_pulseaudio_port(mozilla_plugin_t)
- corenet_tcp_sendrecv_pulseaudio_port(mozilla_plugin_t)
userdom_dontaudit_use_user_terminals(mozilla_plugin_t)
userdom_rw_user_tmpfs_files(mozilla_plugin_t)
diff --git a/policy/modules/contrib/bitcoin.te b/policy/modules/contrib/bitcoin.te
index c5667519..6cc82f77 100644
--- a/policy/modules/contrib/bitcoin.te
+++ b/policy/modules/contrib/bitcoin.te
@@ -69,12 +69,10 @@ corenet_tcp_bind_bitcoin_port(bitcoin_t)
corenet_tcp_connect_bitcoin_port(bitcoin_t)
corenet_tcp_connect_http_port(bitcoin_t)
corenet_tcp_bind_generic_node(bitcoin_t)
-corenet_tcp_sendrecv_bitcoin_port(bitcoin_t)
corenet_tcp_sendrecv_generic_if(bitcoin_t)
corenet_tcp_sendrecv_generic_node(bitcoin_t)
#corenet_sendrecv_dns_server_packets(bitcoin_t)
#corenet_udp_bind_dns_port(bitcoin_t)
-#corenet_udp_sendrecv_dns_port(bitcoin_t)
dev_read_sysfs(bitcoin_t)
dev_read_urand(bitcoin_t)
diff --git a/policy/modules/contrib/dirsrv.te b/policy/modules/contrib/dirsrv.te
index e7c8d06e..0fa0b069 100644
--- a/policy/modules/contrib/dirsrv.te
+++ b/policy/modules/contrib/dirsrv.te
@@ -125,7 +125,6 @@ corenet_all_recvfrom_unlabeled(dirsrv_t)
corenet_all_recvfrom_netlabel(dirsrv_t)
corenet_tcp_sendrecv_generic_if(dirsrv_t)
corenet_tcp_sendrecv_generic_node(dirsrv_t)
-corenet_tcp_sendrecv_all_ports(dirsrv_t)
corenet_tcp_bind_all_nodes(dirsrv_t)
corenet_tcp_bind_ldap_port(dirsrv_t)
corenet_tcp_bind_all_rpc_ports(dirsrv_t)
diff --git a/policy/modules/contrib/dropbox.te b/policy/modules/contrib/dropbox.te
index 80d8af37..2aa9a93b 100644
--- a/policy/modules/contrib/dropbox.te
+++ b/policy/modules/contrib/dropbox.te
@@ -108,7 +108,6 @@ corenet_tcp_sendrecv_generic_node(dropbox_t)
tunable_policy(`dropbox_bind_port',`
allow dropbox_t self:tcp_socket { accept listen };
- allow dropbox_t self:udp_socket { send_msg recv_msg };
corenet_tcp_bind_dropbox_port(dropbox_t)
corenet_udp_bind_dropbox_port(dropbox_t)
diff --git a/policy/modules/contrib/kdeconnect.te b/policy/modules/contrib/kdeconnect.te
index 92be330d..8e6b5226 100644
--- a/policy/modules/contrib/kdeconnect.te
+++ b/policy/modules/contrib/kdeconnect.te
@@ -72,9 +72,7 @@ corenet_sendrecv_kdeconnect_server_packets(kdeconnect_t)
corenet_tcp_bind_kdeconnect_port(kdeconnect_t)
corenet_tcp_bind_generic_node(kdeconnect_t)
corenet_tcp_connect_kdeconnect_port(kdeconnect_t)
-corenet_tcp_sendrecv_kdeconnect_port(kdeconnect_t)
corenet_udp_bind_kdeconnect_port(kdeconnect_t)
-corenet_udp_sendrecv_kdeconnect_port(kdeconnect_t)
corenet_udp_bind_generic_node(kdeconnect_t)
dev_read_sysfs(kdeconnect_t)
diff --git a/policy/modules/contrib/mutt.te b/policy/modules/contrib/mutt.te
index 393b9438..bc09f380 100644
--- a/policy/modules/contrib/mutt.te
+++ b/policy/modules/contrib/mutt.te
@@ -59,8 +59,6 @@ corenet_tcp_connect_pop_port(mutt_t)
corenet_tcp_connect_smtp_port(mutt_t)
corenet_tcp_sendrecv_generic_if(mutt_t)
corenet_tcp_sendrecv_generic_node(mutt_t)
-corenet_tcp_sendrecv_pop_port(mutt_t)
-corenet_tcp_sendrecv_smtp_port(mutt_t)
dev_read_rand(mutt_t)
dev_read_urand(mutt_t)
diff --git a/policy/modules/contrib/pan.te b/policy/modules/contrib/pan.te
index 89bc61d0..48b07b85 100644
--- a/policy/modules/contrib/pan.te
+++ b/policy/modules/contrib/pan.te
@@ -51,7 +51,6 @@ corenet_sendrecv_innd_client_packets(pan_t)
corenet_tcp_connect_innd_port(pan_t)
corenet_tcp_sendrecv_generic_if(pan_t)
corenet_tcp_sendrecv_generic_node(pan_t)
-corenet_tcp_sendrecv_innd_port(pan_t)
domain_dontaudit_use_interactive_fds(pan_t)
diff --git a/policy/modules/contrib/rtorrent.te b/policy/modules/contrib/rtorrent.te
index e7f7c354..34fad1c5 100644
--- a/policy/modules/contrib/rtorrent.te
+++ b/policy/modules/contrib/rtorrent.te
@@ -49,7 +49,6 @@ allow rtorrent_t rtorrent_session_t:file map;
corenet_tcp_bind_generic_node(rtorrent_t)
corenet_tcp_bind_rtorrent_port(rtorrent_t)
corenet_tcp_connect_all_ports(rtorrent_t)
-corenet_tcp_sendrecv_all_ports(rtorrent_t)
domain_use_interactive_fds(rtorrent_t)
diff --git a/policy/modules/contrib/skype.te b/policy/modules/contrib/skype.te
index dc7f73ec..8a70ad35 100644
--- a/policy/modules/contrib/skype.te
+++ b/policy/modules/contrib/skype.te
@@ -81,7 +81,6 @@ corenet_tcp_bind_generic_port(skype_t)
corenet_tcp_connect_all_unreserved_ports(skype_t)
corenet_tcp_connect_generic_port(skype_t)
corenet_tcp_connect_http_port(skype_t)
-corenet_tcp_sendrecv_http_port(skype_t)
corenet_udp_bind_generic_node(skype_t)
corenet_udp_bind_generic_port(skype_t)
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-02-15 8:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-02-15 8:45 [gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/admin/, policy/modules/contrib/, policy/modules/apps/ Jason Zaman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox