commit: 2dca942d5948b36f7878b56aa7ffc6a702cf00c7
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Jun 2 04:46:23 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu Jun 2 04:46:23 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=2dca942d
xdg: remove gentoo-specific xdg_runtime_home as user_runtime_t is now upstream
policy/modules/contrib/xdg.fc | 5 -
policy/modules/contrib/xdg.if | 241 ------------------------------------
policy/modules/contrib/xdg.te | 5 -
policy/modules/system/userdomain.if | 2 -
4 files changed, 253 deletions(-)
diff --git a/policy/modules/contrib/xdg.fc b/policy/modules/contrib/xdg.fc
index 49a52d9..2290ea5 100644
--- a/policy/modules/contrib/xdg.fc
+++ b/policy/modules/contrib/xdg.fc
@@ -1,8 +1,3 @@
HOME_DIR/\.cache(/.*)?
gen_context(system_u:object_r:xdg_cache_home_t,s0)
HOME_DIR/\.config(/.*)?
gen_context(system_u:object_r:xdg_config_home_t,s0)
HOME_DIR/\.local(/.*)?
gen_context(system_u:object_r:xdg_data_home_t,s0)
-
-#
-# /run
-#
-/run/user/USER(/.*)?
gen_context(system_u:object_r:xdg_runtime_home_t,s0)
diff --git a/policy/modules/contrib/xdg.if b/policy/modules/contrib/xdg.if
index 55747d3..649266b 100644
--- a/policy/modules/contrib/xdg.if
+++ b/policy/modules/contrib/xdg.if
@@ -65,26 +65,6 @@ interface(`xdg_data_home_content',`
########################################
## <summary>
-## Mark the selected type as an xdg_runtime_home_type
-## </summary>
-## <param name="type">
-## <summary>
-## Type to give the xdg_runtime_home_type attribute to
-## </summary>
-## </param>
-#
-interface(`xdg_runtime_home_content',`
- gen_require(`
- attribute xdg_runtime_home_type;
- ')
-
- typeattribute $1 xdg_runtime_home_type;
-
- userdom_user_home_content($1)
-')
-
-########################################
-## <summary>
## Read the xdg cache home files
## </summary>
## <param name="domain">
@@ -918,227 +898,6 @@ interface(`xdg_manage_downloads_home',`
manage_files_pattern($1, xdg_downloads_home_t, xdg_downloads_home_t)
')
-########################################
-## <summary>
-## Read the xdg runtime home files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`xdg_read_runtime_home_files',`
- gen_require(`
- type xdg_runtime_home_t;
- ')
-
- read_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- list_dirs_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
-
- files_search_pids($1)
-')
-
-########################################
-## <summary>
-## Read all xdg_runtime_home_type files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`xdg_read_all_runtime_home_files',`
- gen_require(`
- attribute xdg_runtime_home_type;
- ')
-
- read_files_pattern($1, xdg_runtime_home_type, xdg_runtime_home_type)
-
- files_search_pids($1)
-')
-
-########################################
-## <summary>
-## Create objects in an xdg_runtime_home directory
-## with an automatic type transition to
-## a specified private type.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <param name="private_type">
-## <summary>
-## The type of the object to create.
-## </summary>
-## </param>
-## <param name="object_class">
-## <summary>
-## The class of the object to be created.
-## </summary>
-## </param>
-## <param name="filename" optional="true">
-## <summary>
-## Name of the file or directory created
-## </summary>
-## </param>
-#
-interface(`xdg_runtime_home_filetrans',`
- gen_require(`
- type xdg_runtime_home_t;
- ')
-
- files_search_pids($1)
-
- filetrans_pattern($1, xdg_runtime_home_t, $2, $3)
-')
-
-########################################
-## <summary>
-## Create objects in the user home dir with an automatic type transition to
-## the xdg_runtime_home_t type.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-## <param name="object_class">
-## <summary>
-## The class of the object to be created.
-## </summary>
-## </param>
-## <param name="filename" optional="true">
-## <summary>
-## Name of the directory created
-## </summary>
-## </param>
-#
-interface(`xdg_generic_user_home_dir_filetrans_runtime_home',`
- gen_require(`
- type xdg_runtime_home_t;
- ')
-
- userdom_user_home_dir_filetrans($1, xdg_runtime_home_t, $2, $3)
-')
-
-########################################
-## <summary>
-## Create xdg runtime home directories
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access
-## </summary>
-## </param>
-#
-interface(`xdg_create_runtime_home_dirs',`
- gen_require(`
- type xdg_runtime_home_t;
- ')
-
- allow $1 xdg_runtime_home_t:dir create_dir_perms;
-')
-
-########################################
-## <summary>
-## Manage the xdg runtime home files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`xdg_manage_runtime_home',`
- gen_require(`
- type xdg_runtime_home_t;
- ')
-
- manage_dirs_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- manage_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- manage_lnk_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- manage_fifo_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- manage_sock_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
-
- files_search_pids($1)
-')
-
-########################################
-## <summary>
-## Manage all the xdg runtime home files, regardless of their specific type
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`xdg_manage_all_runtime_home',`
- gen_require(`
- attribute xdg_runtime_home_type;
- ')
-
- manage_dirs_pattern($1, xdg_runtime_home_type, xdg_runtime_home_type)
- manage_files_pattern($1, xdg_runtime_home_type, xdg_runtime_home_type)
- manage_lnk_files_pattern($1, xdg_runtime_home_type,
xdg_runtime_home_type)
- manage_fifo_files_pattern($1, xdg_runtime_home_type,
xdg_runtime_home_type)
- manage_sock_files_pattern($1, xdg_runtime_home_type,
xdg_runtime_home_type)
-
- files_search_pids($1)
-')
-
-########################################
-## <summary>
-## Allow relabeling the xdg runtime home files
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`xdg_relabel_runtime_home',`
- gen_require(`
- type xdg_runtime_home_t;
- ')
-
- relabel_dirs_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- relabel_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- relabel_lnk_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- relabel_fifo_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
- relabel_sock_files_pattern($1, xdg_runtime_home_t, xdg_runtime_home_t)
-
- files_search_pids($1)
-')
-
-########################################
-## <summary>
-## Allow relabeling the xdg runtime home files, regardless of the specific
type
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access.
-## </summary>
-## </param>
-#
-interface(`xdg_relabel_all_runtime_home',`
- gen_require(`
- attribute xdg_runtime_home_type;
- ')
-
- relabel_dirs_pattern($1, xdg_runtime_home_type, xdg_runtime_home_type)
- relabel_files_pattern($1, xdg_runtime_home_type, xdg_runtime_home_type)
- relabel_lnk_files_pattern($1, xdg_runtime_home_type,
xdg_runtime_home_type)
- relabel_fifo_files_pattern($1, xdg_runtime_home_type,
xdg_runtime_home_type)
- relabel_sock_files_pattern($1, xdg_runtime_home_type,
xdg_runtime_home_type)
-
- files_search_pids($1)
-')
-
#########################################
## <summary>
## Manage documents content
diff --git a/policy/modules/contrib/xdg.te b/policy/modules/contrib/xdg.te
index 78c1a0e..1cc9311 100644
--- a/policy/modules/contrib/xdg.te
+++ b/policy/modules/contrib/xdg.te
@@ -11,8 +11,6 @@ attribute xdg_config_home_type;
attribute xdg_cache_home_type;
-attribute xdg_runtime_home_type;
-
type xdg_data_home_t;
xdg_data_home_content(xdg_data_home_t)
@@ -22,9 +20,6 @@ xdg_config_home_content(xdg_config_home_t)
type xdg_cache_home_t;
xdg_cache_home_content(xdg_cache_home_t)
-type xdg_runtime_home_t;
-xdg_runtime_home_content(xdg_runtime_home_t)
-
# Various user location types (see ~/.config/user-dirs.dirs)
type xdg_downloads_home_t; # customizable
userdom_user_home_content(xdg_downloads_home_t)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index 00b9335..b04d149 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -281,7 +281,6 @@ interface(`userdom_manage_home_role',`
xdg_manage_all_cache_home($2)
xdg_manage_all_config_home($2)
xdg_manage_all_data_home($2)
- xdg_manage_all_runtime_home($2)
xdg_manage_documents_home($2)
xdg_manage_downloads_home($2)
xdg_manage_music_home($2)
@@ -290,7 +289,6 @@ interface(`userdom_manage_home_role',`
xdg_relabel_all_cache_home($2)
xdg_relabel_all_config_home($2)
xdg_relabel_all_data_home($2)
- xdg_relabel_all_runtime_home($2)
')
')
')
