commit: 892145a3471364d8e677878406a7884e6557ec2d
Author: Daniel Burgener <dburgener <AT> linux <DOT> microsoft <DOT> com>
AuthorDate: Tue Jul 19 21:47:43 2022 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sat Sep 3 18:41:55 2022 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=892145a3
Drop explicit calls to seutil and kernel module interfaces in broad files
interfaces
Historically, these calls were needed because the interfaces provided an
attribute used to check various assertions. However, that attribute was
dropped in 2005 with commit 15fefa4.
Keeping these calls in prevents removing these permissions from a call
to files_manage_all_files() with the $2 argument.
Signed-off-by: Daniel Burgener <dburgener <AT> linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/kernel/files.if | 8 --------
1 file changed, 8 deletions(-)
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 6a082670..fb27ed18 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -1239,10 +1239,6 @@ interface(`files_manage_all_files',`
manage_lnk_files_pattern($1, { file_type $2 }, { file_type $2 })
manage_fifo_files_pattern($1, { file_type $2 }, { file_type $2 })
manage_sock_files_pattern($1, { file_type $2 }, { file_type $2 })
-
- # satisfy the assertions:
- seutil_create_bin_policy($1)
- files_manage_kernel_modules($1)
')
########################################
@@ -1513,10 +1509,6 @@ interface(`files_manage_non_auth_files',`
manage_lnk_files_pattern($1, non_auth_file_type, non_auth_file_type)
manage_fifo_files_pattern($1, non_auth_file_type, non_auth_file_type)
manage_sock_files_pattern($1, non_auth_file_type, non_auth_file_type)
-
- # satisfy the assertions:
- seutil_create_bin_policy($1)
- files_manage_kernel_modules($1)
')
########################################
