commit: 5e18d3eb437717c6ad25e614c617b0cad5700879
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Dec 13 23:55:43 2017 +0000
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org>
CommitDate: Thu Dec 14 05:09:40 2017 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=5e18d3eb
Replace deprecated mmap perm sets and pattern usage.
policy/modules/contrib/apache.te | 2 +-
policy/modules/contrib/cobbler.te | 2 +-
policy/modules/contrib/dpkg.te | 2 +-
policy/modules/contrib/firewalld.te | 2 +-
policy/modules/contrib/ftp.if | 2 +-
policy/modules/contrib/gnome.if | 2 +-
policy/modules/contrib/pingd.te | 2 +-
policy/modules/contrib/portage.te | 2 +-
policy/modules/contrib/postfix.te | 4 ++--
policy/modules/contrib/prelink.te | 6 +++---
policy/modules/contrib/samba.te | 2 +-
policy/modules/contrib/ulogd.te | 2 +-
12 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/policy/modules/contrib/apache.te b/policy/modules/contrib/apache.te
index d28f4c2f..be12966a 100644
--- a/policy/modules/contrib/apache.te
+++ b/policy/modules/contrib/apache.te
@@ -415,7 +415,7 @@ read_lnk_files_pattern(httpd_t, httpd_log_t, httpd_log_t)
logging_log_filetrans(httpd_t, httpd_log_t, file)
allow httpd_t httpd_modules_t:dir list_dir_perms;
-mmap_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
+mmap_exec_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
read_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
read_lnk_files_pattern(httpd_t, httpd_modules_t, httpd_modules_t)
diff --git a/policy/modules/contrib/cobbler.te
b/policy/modules/contrib/cobbler.te
index 6177ef41..a3a4453a 100644
--- a/policy/modules/contrib/cobbler.te
+++ b/policy/modules/contrib/cobbler.te
@@ -72,7 +72,7 @@ allow cobblerd_t cobbler_etc_t:dir list_dir_perms;
allow cobblerd_t cobbler_etc_t:file read_file_perms;
allow cobblerd_t cobbler_etc_t:lnk_file read_lnk_file_perms;
-allow cobblerd_t cobbler_tmp_t:file mmap_file_perms;
+allow cobblerd_t cobbler_tmp_t:file mmap_exec_file_perms;
manage_dirs_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
manage_files_pattern(cobblerd_t, cobbler_tmp_t, cobbler_tmp_t)
files_tmp_filetrans(cobblerd_t, cobbler_tmp_t, { dir file })
diff --git a/policy/modules/contrib/dpkg.te b/policy/modules/contrib/dpkg.te
index e165fec3..0ff59b94 100644
--- a/policy/modules/contrib/dpkg.te
+++ b/policy/modules/contrib/dpkg.te
@@ -84,7 +84,7 @@ manage_sock_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
manage_fifo_files_pattern(dpkg_t, dpkg_tmpfs_t, dpkg_tmpfs_t)
fs_tmpfs_filetrans(dpkg_t, dpkg_tmpfs_t, { dir file lnk_file sock_file
fifo_file })
-allow dpkg_t dpkg_var_lib_t:file mmap_file_perms;
+allow dpkg_t dpkg_var_lib_t:file mmap_exec_file_perms;
manage_files_pattern(dpkg_t, dpkg_var_lib_t, dpkg_var_lib_t)
files_var_lib_filetrans(dpkg_t, dpkg_var_lib_t, dir)
diff --git a/policy/modules/contrib/firewalld.te
b/policy/modules/contrib/firewalld.te
index 2c930fe5..aa1c637d 100644
--- a/policy/modules/contrib/firewalld.te
+++ b/policy/modules/contrib/firewalld.te
@@ -47,7 +47,7 @@ logging_log_filetrans(firewalld_t, firewalld_var_log_t, file)
manage_files_pattern(firewalld_t, firewalld_tmp_t, firewalld_tmp_t)
files_tmp_filetrans(firewalld_t, firewalld_tmp_t, file)
-allow firewalld_t firewalld_tmp_t:file mmap_file_perms;
+allow firewalld_t firewalld_tmp_t:file mmap_exec_file_perms;
manage_dirs_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t)
manage_files_pattern(firewalld_t, firewalld_var_run_t, firewalld_var_run_t)
diff --git a/policy/modules/contrib/ftp.if b/policy/modules/contrib/ftp.if
index 349d1b3b..3bfe581d 100644
--- a/policy/modules/contrib/ftp.if
+++ b/policy/modules/contrib/ftp.if
@@ -53,7 +53,7 @@ interface(`ftp_check_exec',`
')
corecmd_search_bin($1)
- allow $1 ftpd_exec_t:file mmap_file_perms;
+ allow $1 ftpd_exec_t:file mmap_exec_file_perms;
')
########################################
diff --git a/policy/modules/contrib/gnome.if b/policy/modules/contrib/gnome.if
index 8ed95ee2..8b27d15a 100644
--- a/policy/modules/contrib/gnome.if
+++ b/policy/modules/contrib/gnome.if
@@ -805,5 +805,5 @@ interface(`gnome_mmap_gstreamer_orcexec',`
type gstreamer_orcexec_t;
')
- allow $1 gstreamer_orcexec_t:file mmap_file_perms;
+ allow $1 gstreamer_orcexec_t:file mmap_exec_file_perms;
')
diff --git a/policy/modules/contrib/pingd.te b/policy/modules/contrib/pingd.te
index 8dad7633..e20b15f8 100644
--- a/policy/modules/contrib/pingd.te
+++ b/policy/modules/contrib/pingd.te
@@ -30,7 +30,7 @@ allow pingd_t self:rawip_socket create_socket_perms;
allow pingd_t pingd_etc_t:file read_file_perms;
read_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
-mmap_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
+mmap_exec_files_pattern(pingd_t, pingd_modules_t, pingd_modules_t)
corenet_all_recvfrom_unlabeled(pingd_t)
corenet_all_recvfrom_netlabel(pingd_t)
diff --git a/policy/modules/contrib/portage.te
b/policy/modules/contrib/portage.te
index 5905d4dc..067afc97 100644
--- a/policy/modules/contrib/portage.te
+++ b/policy/modules/contrib/portage.te
@@ -103,7 +103,7 @@ read_files_pattern(gcc_config_t, portage_conf_t,
portage_conf_t)
allow gcc_config_t portage_ebuild_t:dir list_dir_perms;
read_files_pattern(gcc_config_t, portage_ebuild_t, portage_ebuild_t)
-allow gcc_config_t portage_exec_t:file mmap_file_perms;
+allow gcc_config_t portage_exec_t:file mmap_exec_file_perms;
kernel_read_system_state(gcc_config_t)
kernel_read_kernel_sysctls(gcc_config_t)
diff --git a/policy/modules/contrib/postfix.te
b/policy/modules/contrib/postfix.te
index 383be1fc..eba65a15 100644
--- a/policy/modules/contrib/postfix.te
+++ b/policy/modules/contrib/postfix.te
@@ -120,7 +120,7 @@ allow postfix_domain postfix_etc_t:lnk_file
read_lnk_file_perms;
allow postfix_domain postfix_master_t:file read_file_perms;
-allow postfix_domain postfix_exec_t:file { mmap_file_perms lock };
+allow postfix_domain postfix_exec_t:file { mmap_exec_file_perms lock };
allow postfix_domain postfix_master_t:process sigchld;
@@ -217,7 +217,7 @@ allow postfix_master_t postfix_data_t:file
manage_file_perms;
allow postfix_master_t postfix_keytab_t:file read_file_perms;
-allow postfix_master_t postfix_map_exec_t:file { mmap_file_perms ioctl lock };
+allow postfix_master_t postfix_map_exec_t:file { mmap_exec_file_perms ioctl
lock };
allow postfix_master_t { postfix_postdrop_exec_t postfix_postqueue_exec_t
}:file getattr_file_perms;
diff --git a/policy/modules/contrib/prelink.te
b/policy/modules/contrib/prelink.te
index db7d5974..43276472 100644
--- a/policy/modules/contrib/prelink.te
+++ b/policy/modules/contrib/prelink.te
@@ -53,10 +53,10 @@ append_files_pattern(prelink_t, prelink_log_t,
prelink_log_t)
read_lnk_files_pattern(prelink_t, prelink_log_t, prelink_log_t)
logging_log_filetrans(prelink_t, prelink_log_t, file)
-allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_file_perms
relabel_file_perms execmod };
+allow prelink_t prelink_tmp_t:file { manage_file_perms mmap_exec_file_perms
relabel_file_perms execmod };
files_tmp_filetrans(prelink_t, prelink_tmp_t, file)
-allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_file_perms
relabel_file_perms execmod };
+allow prelink_t prelink_tmpfs_t:file { manage_file_perms mmap_exec_file_perms
relabel_file_perms execmod };
fs_tmpfs_filetrans(prelink_t, prelink_tmpfs_t, file)
manage_dirs_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
@@ -64,7 +64,7 @@ manage_files_pattern(prelink_t, prelink_var_lib_t,
prelink_var_lib_t)
relabel_files_pattern(prelink_t, prelink_var_lib_t, prelink_var_lib_t)
files_var_lib_filetrans(prelink_t, prelink_var_lib_t, { dir file })
-allow prelink_t prelink_object:file { manage_file_perms mmap_file_perms
relabel_file_perms };
+allow prelink_t prelink_object:file { manage_file_perms mmap_exec_file_perms
relabel_file_perms };
kernel_read_system_state(prelink_t)
kernel_read_kernel_sysctls(prelink_t)
diff --git a/policy/modules/contrib/samba.te b/policy/modules/contrib/samba.te
index 78af52df..58dc60fb 100644
--- a/policy/modules/contrib/samba.te
+++ b/policy/modules/contrib/samba.te
@@ -763,7 +763,7 @@ manage_files_pattern(swat_t, samba_var_t, samba_var_t)
manage_lnk_files_pattern(swat_t, samba_var_t, samba_var_t)
files_var_filetrans(swat_t, samba_var_t, dir, "samba")
-allow swat_t smbd_exec_t:file mmap_file_perms ;
+allow swat_t smbd_exec_t:file mmap_exec_file_perms ;
allow swat_t { winbind_t smbd_t }:process { signal signull };
diff --git a/policy/modules/contrib/ulogd.te b/policy/modules/contrib/ulogd.te
index ef4c5fa4..18779e5d 100644
--- a/policy/modules/contrib/ulogd.te
+++ b/policy/modules/contrib/ulogd.te
@@ -35,7 +35,7 @@ allow ulogd_t self:tcp_socket create_stream_socket_perms;
read_files_pattern(ulogd_t, ulogd_etc_t, ulogd_etc_t)
list_dirs_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
-mmap_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
+mmap_exec_files_pattern(ulogd_t, ulogd_modules_t, ulogd_modules_t)
append_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
create_files_pattern(ulogd_t, ulogd_var_log_t, ulogd_var_log_t)
