commit: 7eca40c847802b7c207ccb14850d9e3c1147b502
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu Jun 14 14:12:22 2018 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Jun 16 06:58:13 2018 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=7eca40c8
userdomain: remove gentoo-specific xdg interfaces now that they are upstream
policy/modules/system/userdomain.if | 144 ------------------------------------
1 file changed, 144 deletions(-)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index ce19cc8e..3f380d40 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -395,20 +395,6 @@ interface(`userdom_manage_home_role',`
flash_manage_home($2)
flash_relabel_home($2)
')
-
- optional_policy(`
- xdg_manage_all_cache_home($2)
- xdg_manage_all_config_home($2)
- xdg_manage_all_data_home($2)
- xdg_manage_documents_home($2)
- xdg_manage_downloads_home($2)
- xdg_manage_music_home($2)
- xdg_manage_pictures_home($2)
- xdg_manage_videos_home($2)
- xdg_relabel_all_cache_home($2)
- xdg_relabel_all_config_home($2)
- xdg_relabel_all_data_home($2)
- ')
')
')
@@ -4504,136 +4490,6 @@ interface(`userdom_dbus_send_all_users',`
# Gentoo added stuff, but cannot use an ifdef distro_gentoo for this
-########################################
-## <summary>
-## Support creation of tunable access to user content
-## </summary>
-## <param name="prefix">
-## <summary>
-## The prefix of the application domain to create the
-## tunables for
-## </summary>
-## </param>
-## <param name="domain">
-## <summary>
-## Domain to create the tunables for
-## </summary>
-## </param>
-#
-template(`userdom_user_content_access_template',`
-
- ########################################
- #
- # Declarations
- #
-
- ## <desc>
- ## <p>
- ## Please update doc/gentoo_tunables.xml.
- ## </p>
- ## </desc>
- gen_tunable(`$1_read_generic_user_content', true)
-
- ## <desc>
- ## <p>
- ## Please update doc/gentoo_tunables.xml.
- ## </p>
- ## </desc>
- gen_tunable(`$1_read_all_user_content', false)
-
- ## <desc>
- ## <p>
- ## Please update doc/gentoo_tunables.xml.
- ## </p>
- ## </desc>
- gen_tunable(`$1_manage_generic_user_content', false)
-
- ## <desc>
- ## <p>
- ## Please update doc/gentoo_tunables.xml.
- ## </p>
- ## </desc>
- gen_tunable(`$1_manage_all_user_content', false)
-
- tunable_policy(`$1_read_generic_user_content',`
- userdom_list_user_tmp($2)
- userdom_list_user_home_content($2)
- userdom_read_user_home_content_files($2)
- userdom_read_user_home_content_symlinks($2)
- userdom_read_user_tmp_files($2)
- userdom_read_user_tmp_symlinks($2)
- ',`
- files_dontaudit_list_home($2)
- files_dontaudit_list_tmp($2)
-
- userdom_dontaudit_list_user_home_dirs($2)
- userdom_dontaudit_list_user_tmp($2)
- userdom_dontaudit_read_user_home_content_files($2)
- userdom_dontaudit_read_user_tmp_files($2)
- ')
-
- tunable_policy(`$1_read_all_user_content',`
- userdom_list_user_tmp($2)
- userdom_read_all_user_home_content($2)
- ')
-
- tunable_policy(`$1_manage_generic_user_content',`
- userdom_manage_user_tmp_dirs($2)
- userdom_manage_user_tmp_files($2)
- userdom_manage_user_home_content_dirs($2)
- userdom_manage_user_home_content_files($2)
- ')
-
- tunable_policy(`$1_manage_all_user_content',`
- userdom_manage_all_user_home_content($2)
- ')
-')
-
-########################################
-## <summary>
-## Read all user home content, including application-specific home content.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access
-## </summary>
-## </param>
-#
-interface(`userdom_read_all_user_home_content',`
- gen_require(`
- attribute user_home_content_type;
- ')
-
- list_dirs_pattern($1, user_home_content_type, user_home_content_type)
- read_files_pattern($1, user_home_content_type, user_home_content_type)
- read_lnk_files_pattern($1, user_home_content_type,
user_home_content_type)
- read_fifo_files_pattern($1, user_home_content_type,
user_home_content_type)
- read_sock_files_pattern($1, user_home_content_type,
user_home_content_type)
-')
-
-########################################
-## <summary>
-## Manage all user home content, including application-specific home
-## content.
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain allowed access
-## </summary>
-## </param>
-#
-interface(`userdom_manage_all_user_home_content',`
- gen_require(`
- attribute user_home_content_type;
- ')
-
- manage_dirs_pattern($1, user_home_content_type, user_home_content_type)
- manage_files_pattern($1, user_home_content_type, user_home_content_type)
- manage_lnk_files_pattern($1, user_home_content_type,
user_home_content_type)
- manage_fifo_files_pattern($1, user_home_content_type,
user_home_content_type)
- manage_sock_files_pattern($1, user_home_content_type,
user_home_content_type)
-')
-
########################################
## <summary>
## Create, read, write, and delete user
