From 1815bad1d743c6f80bbede78318cd25c12f35952 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Feb 02 2006 21:08:12 +0000 Subject: another slew of renaming --- diff --git a/refpolicy/policy/modules/admin/acct.te b/refpolicy/policy/modules/admin/acct.te index 4b65382..fcc8283 100644 --- a/refpolicy/policy/modules/admin/acct.te +++ b/refpolicy/policy/modules/admin/acct.te @@ -58,7 +58,7 @@ files_list_usr(acct_t) files_dontaudit_search_pids(acct_t) init_use_fd(acct_t) -init_use_script_pty(acct_t) +init_use_script_ptys(acct_t) init_exec_script(acct_t) libs_use_ld_so(acct_t) @@ -72,8 +72,8 @@ userdom_dontaudit_search_sysadm_home_dir(acct_t) userdom_dontaudit_use_unpriv_user_fd(acct_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(acct_t) - term_dontaudit_use_generic_pty(acct_t) + term_dontaudit_use_unallocated_ttys(acct_t) + term_dontaudit_use_generic_ptys(acct_t) files_dontaudit_read_root_files(acct_t) ') @@ -88,7 +88,7 @@ optional_policy(`cron',` ') optional_policy(`nscd',` - nscd_use_socket(acct_t) + nscd_socket_use(acct_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/admin/alsa.te b/refpolicy/policy/modules/admin/alsa.te index ecdfc01..83a8dcf 100644 --- a/refpolicy/policy/modules/admin/alsa.te +++ b/refpolicy/policy/modules/admin/alsa.te @@ -33,8 +33,8 @@ allow alsa_t alsa_etc_rw_t:lnk_file create_lnk_perms; files_read_etc_files(alsa_t) -term_use_generic_pty(alsa_t) -term_dontaudit_use_unallocated_tty(alsa_t) +term_use_generic_ptys(alsa_t) +term_dontaudit_use_unallocated_ttys(alsa_t) libs_use_ld_so(alsa_t) libs_use_shared_libs(alsa_t) @@ -47,5 +47,5 @@ userdom_manage_unpriv_user_semaphores(alsa_t) userdom_manage_unpriv_user_shared_mem(alsa_t) optional_policy(`nscd',` - nscd_use_socket(alsa_t) + nscd_socket_use(alsa_t) ') diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te index b83131c..ccb9d98 100644 --- a/refpolicy/policy/modules/admin/amanda.te +++ b/refpolicy/policy/modules/admin/amanda.te @@ -128,7 +128,7 @@ kernel_dontaudit_getattr_unlabeled_files(amanda_t) kernel_dontaudit_read_proc_symlinks(amanda_t) # Added for targeted policy -term_use_unallocated_tty(amanda_t) +term_use_unallocated_ttys(amanda_t) corenet_tcp_sendrecv_all_if(amanda_t) corenet_udp_sendrecv_all_if(amanda_t) @@ -182,7 +182,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(amanda_t) + nscd_socket_use(amanda_t) ') ######################################## diff --git a/refpolicy/policy/modules/admin/anaconda.te b/refpolicy/policy/modules/admin/anaconda.te index d220aa1..857b6af 100644 --- a/refpolicy/policy/modules/admin/anaconda.te +++ b/refpolicy/policy/modules/admin/anaconda.te @@ -8,7 +8,7 @@ policy_module(anaconda,1.0.0) type anaconda_t; domain_type(anaconda_t) -domain_obj_id_change_exempt(anaconda_t) +domain_obj_id_change_exemption(anaconda_t) role system_r types anaconda_t; ######################################## diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te index 893e3e6..2c68fb7 100644 --- a/refpolicy/policy/modules/admin/consoletype.te +++ b/refpolicy/policy/modules/admin/consoletype.te @@ -44,12 +44,12 @@ fs_search_auto_mountpoints(consoletype_t) fs_write_nfs_files(consoletype_t) term_use_console(consoletype_t) -term_use_unallocated_tty(consoletype_t) +term_use_unallocated_ttys(consoletype_t) init_use_fd(consoletype_t) -init_use_script_pty(consoletype_t) +init_use_script_ptys(consoletype_t) init_use_script_fd(consoletype_t) -init_write_script_pipe(consoletype_t) +init_write_script_pipes(consoletype_t) domain_use_wide_inherit_fd(consoletype_t) @@ -61,7 +61,7 @@ libs_use_shared_libs(consoletype_t) userdom_use_sysadm_terms(consoletype_t) userdom_use_sysadm_fd(consoletype_t) -userdom_rw_sysadm_pipe(consoletype_t) +userdom_rw_sysadm_pipes(consoletype_t) ifdef(`distro_redhat',` fs_rw_tmpfs_chr_files(consoletype_t) @@ -69,7 +69,7 @@ ifdef(`distro_redhat',` optional_policy(`apm',` apm_use_fd(consoletype_t) - apm_write_pipe(consoletype_t) + apm_write_pipes(consoletype_t) ') optional_policy(`authlogin', ` @@ -77,14 +77,14 @@ optional_policy(`authlogin', ` ') optional_policy(`cron',` - cron_read_pipe(consoletype_t) + cron_read_pipes(consoletype_t) cron_use_system_job_fd(consoletype_t) ') optional_policy(`firstboot',` files_read_etc_files(consoletype_t) firstboot_use_fd(consoletype_t) - firstboot_write_pipe(consoletype_t) + firstboot_write_pipes(consoletype_t) ') optional_policy(`logrotate',` @@ -101,7 +101,7 @@ optional_policy(`nis',` optional_policy(`rpm',` # Commonly used from postinst scripts - rpm_read_pipe(consoletype_t) + rpm_read_pipes(consoletype_t) ') optional_policy(`userdomain',` diff --git a/refpolicy/policy/modules/admin/ddcprobe.te b/refpolicy/policy/modules/admin/ddcprobe.te index 8d3e83e..b941142 100644 --- a/refpolicy/policy/modules/admin/ddcprobe.te +++ b/refpolicy/policy/modules/admin/ddcprobe.te @@ -41,15 +41,15 @@ files_read_usr_files(ddcprobe_t) term_use_all_user_ttys(ddcprobe_t) term_use_all_user_ptys(ddcprobe_t) -libs_read_lib(ddcprobe_t) +libs_read_lib_files(ddcprobe_t) libs_use_ld_so(ddcprobe_t) libs_use_shared_libs(ddcprobe_t) miscfiles_read_localization(ddcprobe_t) -modutils_read_mods_deps(ddcprobe_t) +modutils_read_module_deps(ddcprobe_t) -userdom_use_all_user_fd(ddcprobe_t) +userdom_use_all_users_fd(ddcprobe_t) #reh why? this does not seem even necessary to function properly -kudzu_getattr_exec_file(ddcprobe_t) +kudzu_getattr_exec_files(ddcprobe_t) diff --git a/refpolicy/policy/modules/admin/dmesg.te b/refpolicy/policy/modules/admin/dmesg.te index 334c5ab..8c7d894 100644 --- a/refpolicy/policy/modules/admin/dmesg.te +++ b/refpolicy/policy/modules/admin/dmesg.te @@ -51,7 +51,7 @@ ifdef(`strict_policy',` files_dontaudit_search_isid_type_dirs(dmesg_t) init_use_fd(dmesg_t) - init_use_script_pty(dmesg_t) + init_use_script_ptys(dmesg_t) libs_use_ld_so(dmesg_t) libs_use_shared_libs(dmesg_t) diff --git a/refpolicy/policy/modules/admin/dmidecode.te b/refpolicy/policy/modules/admin/dmidecode.te index c6fc14f..d638cfb 100644 --- a/refpolicy/policy/modules/admin/dmidecode.te +++ b/refpolicy/policy/modules/admin/dmidecode.te @@ -33,6 +33,6 @@ libs_use_shared_libs(dmidecode_t) locallogin_use_fd(dmidecode_t) ifdef(`targeted_policy',` - term_use_generic_pty(dmidecode_t) - term_use_unallocated_tty(dmidecode_t) + term_use_generic_ptys(dmidecode_t) + term_use_unallocated_ttys(dmidecode_t) ') diff --git a/refpolicy/policy/modules/admin/firstboot.if b/refpolicy/policy/modules/admin/firstboot.if index fafc67d..d39d686 100644 --- a/refpolicy/policy/modules/admin/firstboot.if +++ b/refpolicy/policy/modules/admin/firstboot.if @@ -90,7 +90,7 @@ interface(`firstboot_dontaudit_use_fd',` ## The type of the process performing this action. ## # -interface(`firstboot_write_pipe',` +interface(`firstboot_write_pipes',` gen_require(` type firstboot_t; ') diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te index 3df58b1..e6ed46c 100644 --- a/refpolicy/policy/modules/admin/firstboot.te +++ b/refpolicy/policy/modules/admin/firstboot.te @@ -13,8 +13,8 @@ gen_require(` type firstboot_t; type firstboot_exec_t; init_system_domain(firstboot_t,firstboot_exec_t) -domain_obj_id_change_exempt(firstboot_t) -domain_subj_id_change_exempt(firstboot_t) +domain_obj_id_change_exemption(firstboot_t) +domain_subj_id_change_exemption(firstboot_t) role system_r types firstboot_t; type firstboot_etc_t; @@ -95,8 +95,8 @@ logging_send_syslog_msg(firstboot_t) miscfiles_read_localization(firstboot_t) modutils_domtrans_insmod(firstboot_t) -modutils_read_module_conf(firstboot_t) -modutils_read_mods_deps(firstboot_t) +modutils_read_module_config(firstboot_t) +modutils_read_module_deps(firstboot_t) # Add/remove user home directories userdom_filetrans_generic_user_home_dir(firstboot_t) diff --git a/refpolicy/policy/modules/admin/kudzu.if b/refpolicy/policy/modules/admin/kudzu.if index f81349f..437ee02 100644 --- a/refpolicy/policy/modules/admin/kudzu.if +++ b/refpolicy/policy/modules/admin/kudzu.if @@ -55,7 +55,7 @@ interface(`kudzu_run',` ## # # cjp: added for ddcprobe -interface(`kudzu_getattr_exec_file',` +interface(`kudzu_getattr_exec_files',` gen_require(` type kudzu_exec_t; ') diff --git a/refpolicy/policy/modules/admin/kudzu.te b/refpolicy/policy/modules/admin/kudzu.te index dad3a07..ff0a942 100644 --- a/refpolicy/policy/modules/admin/kudzu.te +++ b/refpolicy/policy/modules/admin/kudzu.te @@ -65,12 +65,12 @@ fs_write_ramfs_sockets(kudzu_t) mls_file_read_up(kudzu_t) mls_file_write_down(kudzu_t) -modutils_read_mods_deps(kudzu_t) -modutils_read_module_conf(kudzu_t) -modutils_rename_module_conf(kudzu_t) +modutils_read_module_deps(kudzu_t) +modutils_read_module_config(kudzu_t) +modutils_rename_module_config(kudzu_t) storage_read_scsi_generic(kudzu_t) -storage_read_tape_device(kudzu_t) +storage_read_tape(kudzu_t) storage_raw_write_fixed_disk(kudzu_t) storage_raw_read_fixed_disk(kudzu_t) storage_raw_read_removable_device(kudzu_t) @@ -78,7 +78,7 @@ storage_raw_read_removable_device(kudzu_t) term_search_ptys(kudzu_t) term_dontaudit_use_console(kudzu_t) # so it can write messages to the console -term_use_unallocated_tty(kudzu_t) +term_use_unallocated_ttys(kudzu_t) corecmd_exec_sbin(kudzu_t) corecmd_exec_bin(kudzu_t) @@ -101,20 +101,20 @@ files_rw_etc_runtime_files(kudzu_t) files_dontaudit_search_isid_type_dirs(kudzu_t) init_use_fd(kudzu_t) -init_use_script_pty(kudzu_t) -init_unix_connect_script(kudzu_t) +init_use_script_ptys(kudzu_t) +init_stream_connect_script(kudzu_t) libs_use_ld_so(kudzu_t) libs_use_shared_libs(kudzu_t) # Read /usr/lib/gconv/gconv-modules.* -libs_read_lib(kudzu_t) +libs_read_lib_files(kudzu_t) logging_send_syslog_msg(kudzu_t) miscfiles_read_hwdata(kudzu_t) miscfiles_read_localization(kudzu_t) -modutils_read_module_conf(kudzu_t) +modutils_read_module_config(kudzu_t) modutils_domtrans_insmod(kudzu_t) sysnet_read_config(kudzu_t) @@ -123,8 +123,8 @@ userdom_search_sysadm_home_dir(kudzu_t) userdom_dontaudit_use_unpriv_user_fd(kudzu_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(kudzu_t) - term_dontaudit_use_generic_pty(kudzu_t) + term_dontaudit_use_unallocated_ttys(kudzu_t) + term_dontaudit_use_generic_ptys(kudzu_t) files_dontaudit_read_root_files(kudzu_t) # cjp: this was originally in the else block @@ -140,7 +140,7 @@ optional_policy(`gpm',` ') optional_policy(`nscd',` - nscd_use_socket(kudzu_t) + nscd_socket_use(kudzu_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/admin/logrotate.te b/refpolicy/policy/modules/admin/logrotate.te index e7fd141..8bc61c8 100644 --- a/refpolicy/policy/modules/admin/logrotate.te +++ b/refpolicy/policy/modules/admin/logrotate.te @@ -8,8 +8,8 @@ policy_module(logrotate,1.2.0) type logrotate_t; domain_type(logrotate_t) -domain_obj_id_change_exempt(logrotate_t) -domain_system_change_exempt(logrotate_t) +domain_obj_id_change_exemption(logrotate_t) +domain_system_change_exemption(logrotate_t) role system_r types logrotate_t; type logrotate_exec_t; @@ -171,7 +171,7 @@ optional_policy(`mailman',` optional_policy(`mysql',` mysql_read_config(logrotate_t) - mysql_search_db_dir(logrotate_t) + mysql_search_db(logrotate_t) mysql_stream_connect(logrotate_t) ') @@ -180,7 +180,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(logrotate_t) + nscd_socket_use(logrotate_t) ') optional_policy(`slrnpull',` diff --git a/refpolicy/policy/modules/admin/logwatch.te b/refpolicy/policy/modules/admin/logwatch.te index 28856ea..d0bcbb9 100644 --- a/refpolicy/policy/modules/admin/logwatch.te +++ b/refpolicy/policy/modules/admin/logwatch.te @@ -38,8 +38,8 @@ kernel_read_fs_sysctls(logwatch_t) kernel_read_kernel_sysctls(logwatch_t) kernel_read_system_state(logwatch_t) -corecmd_read_sbin_symlink(logwatch_t) -corecmd_read_sbin_file(logwatch_t) +corecmd_read_sbin_symlinks(logwatch_t) +corecmd_read_sbin_files(logwatch_t) corecmd_exec_bin(logwatch_t) corecmd_exec_shell(logwatch_t) @@ -56,14 +56,14 @@ files_dontaudit_search_home(logwatch_t) fs_getattr_all_fs(logwatch_t) -term_dontaudit_getattr_pty_dir(logwatch_t) +term_dontaudit_getattr_pty_dirs(logwatch_t) term_dontaudit_list_ptys(logwatch_t) auth_dontaudit_read_shadow(logwatch_t) libs_use_ld_so(logwatch_t) libs_use_shared_libs(logwatch_t) -libs_read_lib(logwatch_t) +libs_read_lib_files(logwatch_t) logging_read_all_logs(logwatch_t) @@ -72,7 +72,7 @@ miscfiles_read_localization(logwatch_t) selinux_dontaudit_getattr_dir(logwatch_t) userdom_dontaudit_search_sysadm_home_dir(logwatch_t) -userdom_dontaudit_getattr_sysadm_home_dir(logwatch_t) +userdom_dontaudit_getattr_sysadm_home_dirs(logwatch_t) mta_send_mail(logwatch_t) @@ -94,7 +94,7 @@ optional_policy(`mta',` ') optional_policy(`nscd',` - nscd_use_socket(logwatch_t) + nscd_socket_use(logwatch_t) ') optional_policy(`ntp',` diff --git a/refpolicy/policy/modules/admin/mrtg.te b/refpolicy/policy/modules/admin/mrtg.te index eaf9300..798fa6a 100644 --- a/refpolicy/policy/modules/admin/mrtg.te +++ b/refpolicy/policy/modules/admin/mrtg.te @@ -98,12 +98,12 @@ fs_getattr_xattr_fs(mrtg_t) term_dontaudit_use_console(mrtg_t) init_use_fd(mrtg_t) -init_use_script_pty(mrtg_t) +init_use_script_ptys(mrtg_t) # for uptime init_read_utmp(mrtg_t) init_dontaudit_write_utmp(mrtg_t) -libs_read_lib(mrtg_t) +libs_read_lib_files(mrtg_t) libs_use_ld_so(mrtg_t) libs_use_shared_libs(mrtg_t) @@ -126,8 +126,8 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(mrtg_t) - term_dontaudit_use_generic_pty(mrtg_t) + term_dontaudit_use_unallocated_ttys(mrtg_t) + term_dontaudit_use_generic_ptys(mrtg_t) files_dontaudit_read_root_files(mrtg_t) ') @@ -157,7 +157,7 @@ optional_policy(`quota',` optional_policy(`snmp',` snmp_udp_chat(mrtg_t) - snmp_read_snmp_var_lib(mrtg_t) + snmp_read_snmp_var_lib_files(mrtg_t) ') optional_policy(`udev',` diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te index 39536df..d978364 100644 --- a/refpolicy/policy/modules/admin/netutils.te +++ b/refpolicy/policy/modules/admin/netutils.te @@ -65,7 +65,7 @@ files_read_etc_files(netutils_t) files_dontaudit_search_var(netutils_t) init_use_fd(netutils_t) -init_use_script_pty(netutils_t) +init_use_script_ptys(netutils_t) libs_use_ld_so(netutils_t) libs_use_shared_libs(netutils_t) @@ -76,11 +76,11 @@ miscfiles_read_localization(netutils_t) sysnet_read_config(netutils_t) -userdom_use_all_user_fd(netutils_t) +userdom_use_all_users_fd(netutils_t) ifdef(`targeted_policy',` - term_use_generic_pty(netutils_t) - term_use_unallocated_tty(netutils_t) + term_use_generic_ptys(netutils_t) + term_use_unallocated_ttys(netutils_t) ') optional_policy(`nis',` @@ -135,8 +135,8 @@ ifdef(`hide_broken_symptoms',` ') ifdef(`targeted_policy',` - term_use_unallocated_tty(ping_t) - term_use_generic_pty(ping_t) + term_use_unallocated_ttys(ping_t) + term_use_generic_ptys(ping_t) term_use_all_user_ttys(ping_t) term_use_all_user_ptys(ping_t) ',` @@ -151,7 +151,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(ping_t) + nscd_socket_use(ping_t) ') optional_policy(`pcmcia',` @@ -219,8 +219,8 @@ files_read_usr_files(traceroute_t) sysnet_read_config(traceroute_t) ifdef(`targeted_policy',` - term_use_unallocated_tty(traceroute_t) - term_use_generic_pty(traceroute_t) + term_use_unallocated_ttys(traceroute_t) + term_use_generic_ptys(traceroute_t) ') tunable_policy(`user_ping',` @@ -233,7 +233,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(traceroute_t) + nscd_socket_use(traceroute_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/admin/portage.te b/refpolicy/policy/modules/admin/portage.te index e98ff14..4f887e1 100644 --- a/refpolicy/policy/modules/admin/portage.te +++ b/refpolicy/policy/modules/admin/portage.te @@ -10,7 +10,7 @@ type portage_exec_t; files_type(portage_exec_t) portage_compile_domain_template(portage) -domain_obj_id_change_exempt(portage_t) +domain_obj_id_change_exemption(portage_t) portage_compile_domain_template(portage_sandbox) # the shell is the entrypoint if regular sandbox is disabled diff --git a/refpolicy/policy/modules/admin/prelink.te b/refpolicy/policy/modules/admin/prelink.te index 7c2a062..17165bf 100644 --- a/refpolicy/policy/modules/admin/prelink.te +++ b/refpolicy/policy/modules/admin/prelink.te @@ -70,7 +70,7 @@ libs_relabel_ld_so(prelink_t) libs_use_shared_libs(prelink_t) libs_manage_shared_libs(prelink_t) libs_relabel_shared_libs(prelink_t) -libs_use_lib(prelink_t) +libs_use_lib_files(prelink_t) libs_manage_lib_files(prelink_t) libs_relabel_lib_files(prelink_t) diff --git a/refpolicy/policy/modules/admin/quota.te b/refpolicy/policy/modules/admin/quota.te index cdb87b7..a646312 100644 --- a/refpolicy/policy/modules/admin/quota.te +++ b/refpolicy/policy/modules/admin/quota.te @@ -52,7 +52,7 @@ files_getattr_all_sockets(quota_t) files_read_etc_runtime_files(quota_t) init_use_fd(quota_t) -init_use_script_pty(quota_t) +init_use_script_ptys(quota_t) libs_use_ld_so(quota_t) libs_use_shared_libs(quota_t) @@ -62,8 +62,8 @@ logging_send_syslog_msg(quota_t) userdom_dontaudit_use_unpriv_user_fd(quota_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(quota_t) - term_dontaudit_use_generic_pty(quota_t) + term_dontaudit_use_unallocated_ttys(quota_t) + term_dontaudit_use_generic_ptys(quota_t) files_dontaudit_read_root_files(quota_t) ') diff --git a/refpolicy/policy/modules/admin/readahead.te b/refpolicy/policy/modules/admin/readahead.te index 45ce82f..50a39d1 100644 --- a/refpolicy/policy/modules/admin/readahead.te +++ b/refpolicy/policy/modules/admin/readahead.te @@ -55,7 +55,7 @@ term_dontaudit_use_console(readahead_t) auth_dontaudit_read_shadow(readahead_t) init_use_fd(readahead_t) -init_use_script_pty(readahead_t) +init_use_script_ptys(readahead_t) init_getattr_initctl(readahead_t) libs_use_ld_so(readahead_t) @@ -70,8 +70,8 @@ userdom_dontaudit_search_sysadm_home_dir(readahead_t) ifdef(`targeted_policy',` files_dontaudit_read_root_files(readahead_t) - term_dontaudit_use_unallocated_tty(readahead_t) - term_dontaudit_use_generic_pty(readahead_t) + term_dontaudit_use_unallocated_ttys(readahead_t) + term_dontaudit_use_generic_ptys(readahead_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/admin/rpm.if b/refpolicy/policy/modules/admin/rpm.if index 6fcb7fc..2d61196 100644 --- a/refpolicy/policy/modules/admin/rpm.if +++ b/refpolicy/policy/modules/admin/rpm.if @@ -31,7 +31,7 @@ interface(`rpm_domtrans',` ## Domain allowed access. ## # -interface(`rpm_script_domtrans',` +interface(`rpm_domtrans_script',` gen_require(` type rpm_script_t; ') @@ -67,7 +67,7 @@ interface(`rpm_run',` rpm_domtrans($1) role $2 types rpm_t; role $2 types rpm_script_t; - seutil_run_loadpol(rpm_script_t,$2,$3) + seutil_run_loadpolicy(rpm_script_t,$2,$3) allow rpm_t $3:chr_file rw_term_perms; ') @@ -95,7 +95,7 @@ interface(`rpm_use_fd',` ## The type of the process performing this action. ## # -interface(`rpm_read_pipe',` +interface(`rpm_read_pipes',` gen_require(` type rpm_t; ') @@ -111,7 +111,7 @@ interface(`rpm_read_pipe',` ## The type of the process performing this action. ## # -interface(`rpm_rw_pipe',` +interface(`rpm_rw_pipes',` gen_require(` type rpm_t; ') @@ -132,7 +132,7 @@ interface(`rpm_manage_log',` type rpm_log_t; ') - logging_rw_log_dir($1) + logging_rw_generic_log_dirs($1) allow $1 rpm_log_t:file create_file_perms; ') diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te index 2a56ed8..2052c11 100644 --- a/refpolicy/policy/modules/admin/rpm.te +++ b/refpolicy/policy/modules/admin/rpm.te @@ -9,9 +9,9 @@ policy_module(rpm,1.2.1) type rpm_t; type rpm_exec_t; init_system_domain(rpm_t,rpm_exec_t) -domain_obj_id_change_exempt(rpm_t) -domain_role_change_exempt(rpm_t) -domain_system_change_exempt(rpm_t) +domain_obj_id_change_exemption(rpm_t) +domain_role_change_exemption(rpm_t) +domain_system_change_exemption(rpm_t) domain_wide_inherit_fd(rpm_t) role system_r types rpm_t; @@ -33,8 +33,8 @@ typealias rpm_var_lib_t alias var_lib_rpm_t; type rpm_script_t; type rpm_script_exec_t; -domain_obj_id_change_exempt(rpm_script_t) -domain_system_change_exempt(rpm_script_t) +domain_obj_id_change_exemption(rpm_script_t) +domain_system_change_exemption(rpm_script_t) corecmd_shell_entry_type(rpm_script_t) domain_type(rpm_script_t) domain_entry_file(rpm_t,rpm_script_exec_t) @@ -138,7 +138,7 @@ auth_dontaudit_read_shadow(rpm_t) corecmd_exec_bin(rpm_t) corecmd_exec_sbin(rpm_t) # transition to rpm script: -rpm_script_domtrans(rpm_t) +rpm_domtrans_script(rpm_t) domain_exec_all_entry_files(rpm_t) domain_read_all_domains_state(rpm_t) @@ -166,8 +166,8 @@ libs_domtrans_ldconfig(rpm_t) logging_send_syslog_msg(rpm_t) # allow compiling and loading new policy -seutil_manage_src_pol(rpm_t) -seutil_manage_binary_pol(rpm_t) +seutil_manage_src_policy(rpm_t) +seutil_manage_bin_policy(rpm_t) sysnet_read_config(rpm_t) @@ -324,10 +324,10 @@ miscfiles_read_localization(rpm_script_t) modutils_domtrans_depmod(rpm_script_t) modutils_domtrans_insmod(rpm_script_t) -seutil_domtrans_loadpol(rpm_script_t) +seutil_domtrans_loadpolicy(rpm_script_t) seutil_domtrans_restorecon(rpm_script_t) -userdom_use_all_user_fd(rpm_script_t) +userdom_use_all_users_fd(rpm_script_t) ifdef(`distro_redhat',` unconfined_domain_template(rpm_script_t) diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if index d2dca6f..5d79518 100644 --- a/refpolicy/policy/modules/admin/su.if +++ b/refpolicy/policy/modules/admin/su.if @@ -52,7 +52,7 @@ template(`su_restricted_domain_template', ` domain_use_wide_inherit_fd($1_su_t) init_dontaudit_use_fd($1_su_t) - init_dontaudit_use_script_pty($1_su_t) + init_dontaudit_use_script_ptys($1_su_t) # Write to utmp. init_rw_utmp($1_su_t) @@ -64,7 +64,7 @@ template(`su_restricted_domain_template', ` miscfiles_read_localization($1_su_t) optional_policy(`cron',` - cron_read_pipe($1_su_t) + cron_read_pipes($1_su_t) ') optional_policy(`kerberos',` @@ -72,7 +72,7 @@ template(`su_restricted_domain_template', ` ') optional_policy(`nscd',` - nscd_use_socket($1_su_t) + nscd_socket_use($1_su_t) ') ifdef(`TODO',` @@ -205,7 +205,7 @@ template(`su_per_userdomain_template',` ') optional_policy(`cron',` - cron_read_pipe($1_su_t) + cron_read_pipes($1_su_t) ') optional_policy(`kerberos',` @@ -213,7 +213,7 @@ template(`su_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_su_t) + nscd_socket_use($1_su_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if index da50571..c3d8b9c 100644 --- a/refpolicy/policy/modules/admin/sudo.if +++ b/refpolicy/policy/modules/admin/sudo.if @@ -90,9 +90,9 @@ template(`sudo_per_userdomain_template',` auth_domtrans_chk_passwd($1_sudo_t) - corecmd_getattr_bin_file($1_sudo_t) - corecmd_read_sbin_symlink($1_sudo_t) - corecmd_getattr_sbin_file($1_sudo_t) + corecmd_getattr_bin_files($1_sudo_t) + corecmd_read_sbin_symlinks($1_sudo_t) + corecmd_getattr_sbin_files($1_sudo_t) domain_use_wide_inherit_fd($1_sudo_t) domain_sigchld_wide_inherit_fd($1_sudo_t) @@ -128,7 +128,7 @@ template(`sudo_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_sudo_t) + nscd_socket_use($1_sudo_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/admin/updfstab.te b/refpolicy/policy/modules/admin/updfstab.te index 7ebcc13..8832659 100644 --- a/refpolicy/policy/modules/admin/updfstab.te +++ b/refpolicy/policy/modules/admin/updfstab.te @@ -67,7 +67,7 @@ files_dontaudit_search_home(updfstab_t) files_read_etc_runtime_files(updfstab_t) init_use_fd(updfstab_t) -init_use_script_pty(updfstab_t) +init_use_script_ptys(updfstab_t) libs_use_ld_so(updfstab_t) libs_use_shared_libs(updfstab_t) @@ -81,13 +81,13 @@ seutil_read_config(updfstab_t) seutil_read_default_contexts(updfstab_t) seutil_read_file_contexts(updfstab_t) -userdom_use_sysadm_tty(updfstab_t) +userdom_use_sysadm_ttys(updfstab_t) userdom_dontaudit_search_all_users_home(updfstab_t) userdom_dontaudit_use_unpriv_user_fd(updfstab_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(updfstab_t) - term_dontaudit_use_generic_pty(updfstab_t) + term_dontaudit_use_unallocated_ttys(updfstab_t) + term_dontaudit_use_generic_ptys(updfstab_t) files_dontaudit_read_root_files(updfstab_t) ') @@ -99,7 +99,7 @@ optional_policy(`dbus',` init_dbus_chat_script(updfstab_t) dbus_system_bus_client_template(updfstab,updfstab_t) - dbus_send_system_bus_msg(updfstab_t) + dbus_send_system_bus(updfstab_t) ') optional_policy(`hal',` @@ -108,13 +108,13 @@ optional_policy(`hal',` ') optional_policy(`modutils',` - modutils_read_module_conf(updfstab_t) + modutils_read_module_config(updfstab_t) modutils_exec_insmod(updfstab_t) - modutils_read_mods_deps(updfstab_t) + modutils_read_module_deps(updfstab_t) ') optional_policy(`nscd',` - nscd_use_socket(updfstab_t) + nscd_socket_use(updfstab_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/admin/usbmodules.te b/refpolicy/policy/modules/admin/usbmodules.te index d4c8a9a..46672a0 100644 --- a/refpolicy/policy/modules/admin/usbmodules.te +++ b/refpolicy/policy/modules/admin/usbmodules.te @@ -37,7 +37,7 @@ init_use_fd(usbmodules_t) libs_use_ld_so(usbmodules_t) libs_use_shared_libs(usbmodules_t) -modutils_read_mods_deps(usbmodules_t) +modutils_read_module_deps(usbmodules_t) optional_policy(`hotplug',` hotplug_read_config(usbmodules_t) diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te index 86c9366..c1ae31f 100644 --- a/refpolicy/policy/modules/admin/usermanage.te +++ b/refpolicy/policy/modules/admin/usermanage.te @@ -10,7 +10,7 @@ type admin_passwd_exec_t; files_type(admin_passwd_exec_t) type chfn_t; -domain_obj_id_change_exempt(chfn_t) +domain_obj_id_change_exemption(chfn_t) domain_type(chfn_t) role system_r types chfn_t; @@ -32,12 +32,12 @@ files_tmp_file(crack_tmp_t) type groupadd_t; type groupadd_exec_t; -domain_obj_id_change_exempt(groupadd_t) +domain_obj_id_change_exemption(groupadd_t) init_system_domain(groupadd_t,groupadd_exec_t) role system_r types groupadd_t; type passwd_t; -domain_obj_id_change_exempt(passwd_t) +domain_obj_id_change_exemption(passwd_t) domain_type(passwd_t) role system_r types passwd_t; @@ -45,7 +45,7 @@ type passwd_exec_t; domain_entry_file(passwd_t,passwd_exec_t) type sysadm_passwd_t; -domain_obj_id_change_exempt(sysadm_passwd_t) +domain_obj_id_change_exemption(sysadm_passwd_t) domain_type(sysadm_passwd_t) domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t) role system_r types sysadm_passwd_t; @@ -55,7 +55,7 @@ files_tmp_file(sysadm_passwd_tmp_t) type useradd_t; type useradd_exec_t; -domain_obj_id_change_exempt(useradd_t) +domain_obj_id_change_exemption(useradd_t) init_system_domain(useradd_t,useradd_exec_t) role system_r types useradd_t; @@ -137,7 +137,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(chfn_t) + nscd_socket_use(chfn_t) ') ######################################## @@ -253,12 +253,12 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(groupadd_t) + nscd_socket_use(groupadd_t) ') optional_policy(`rpm',` rpm_use_fd(groupadd_t) - rpm_rw_pipe(groupadd_t) + rpm_rw_pipes(groupadd_t) ') ######################################## @@ -333,7 +333,7 @@ seutil_dontaudit_search_config(passwd_t) userdom_use_unpriv_users_fd(passwd_t) # make sure that getcon succeeds userdom_getattr_all_userdomains(passwd_t) -userdom_read_all_userdomains_state(passwd_t) +userdom_read_all_users_state(passwd_t) # user generally runs this from their home directory, so do not audit a search # on user home dir userdom_dontaudit_search_all_users_home(passwd_t) @@ -343,7 +343,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(passwd_t) + nscd_socket_use(passwd_t) ') ######################################## @@ -513,10 +513,10 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(useradd_t) + nscd_socket_use(useradd_t) ') optional_policy(`rpm',` rpm_use_fd(useradd_t) - rpm_rw_pipe(useradd_t) + rpm_rw_pipes(useradd_t) ') diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te index f266f9e..c2eeaf8 100644 --- a/refpolicy/policy/modules/admin/vpn.te +++ b/refpolicy/policy/modules/admin/vpn.te @@ -99,7 +99,7 @@ sysnet_exec_ifconfig(vpnc_t) sysnet_filetrans_config(vpnc_t) sysnet_manage_config(vpnc_t) -userdom_use_all_user_fd(vpnc_t) +userdom_use_all_users_fd(vpnc_t) userdom_dontaudit_search_all_users_home(vpnc_t) optional_policy(`dbus',` @@ -115,5 +115,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(vpnc_t) + nscd_socket_use(vpnc_t) ') diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if index 2088080..b390cb4 100644 --- a/refpolicy/policy/modules/apps/java.if +++ b/refpolicy/policy/modules/apps/java.if @@ -145,7 +145,7 @@ template(`java_per_userdomain_template',` libs_legacy_use_shared_libs($1_javaplugin_t) libs_legacy_use_ld_so($1_javaplugin_t) - libs_use_lib($1_javaplugin_t) + libs_use_lib_files($1_javaplugin_t) miscfiles_legacy_read_localization($1_javaplugin_t) ') @@ -155,7 +155,7 @@ template(`java_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_javaplugin_t) + nscd_socket_use($1_javaplugin_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if index 07b8052..a8f3132 100644 --- a/refpolicy/policy/modules/apps/screen.if +++ b/refpolicy/policy/modules/apps/screen.if @@ -97,15 +97,15 @@ template(`screen_per_userdomain_template',` kernel_read_kernel_sysctls($1_screen_t) corecmd_list_bin($1_screen_t) - corecmd_read_bin_file($1_screen_t) - corecmd_read_bin_symlink($1_screen_t) - corecmd_read_bin_pipe($1_screen_t) - corecmd_read_bin_socket($1_screen_t) + corecmd_read_bin_files($1_screen_t) + corecmd_read_bin_symlinks($1_screen_t) + corecmd_read_bin_pipes($1_screen_t) + corecmd_read_bin_sockets($1_screen_t) corecmd_list_sbin($1_screen_t) - corecmd_read_sbin_symlink($1_screen_t) - corecmd_read_sbin_file($1_screen_t) - corecmd_read_sbin_pipe($1_screen_t) - corecmd_read_sbin_socket($1_screen_t) + corecmd_read_sbin_symlinks($1_screen_t) + corecmd_read_sbin_files($1_screen_t) + corecmd_read_sbin_pipes($1_screen_t) + corecmd_read_sbin_sockets($1_screen_t) # Revert to the user domain when a shell is executed. corecmd_shell_domtrans($1_screen_t,$2) corecmd_bin_domtrans($1_screen_t,$2) @@ -185,7 +185,7 @@ template(`screen_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_screen_t) + nscd_socket_use($1_screen_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/apps/userhelper.if b/refpolicy/policy/modules/apps/userhelper.if index 28d8dd7..2f10dc0 100644 --- a/refpolicy/policy/modules/apps/userhelper.if +++ b/refpolicy/policy/modules/apps/userhelper.if @@ -38,10 +38,10 @@ template(`userhelper_per_userdomain_template',` type $1_userhelper_t; domain_type($1_userhelper_t) domain_entry_file($1_userhelper_t,userhelper_exec_t) - domain_role_change_exempt($1_userhelper_t) - domain_obj_id_change_exempt($1_userhelper_t) + domain_role_change_exemption($1_userhelper_t) + domain_obj_id_change_exemption($1_userhelper_t) domain_wide_inherit_fd($1_userhelper_t) - domain_subj_id_change_exempt($1_userhelper_t) + domain_subj_id_change_exemption($1_userhelper_t) role system_r types $1_userhelper_t; ######################################## @@ -177,7 +177,7 @@ template(`userhelper_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_userhelper_t) + nscd_socket_use($1_userhelper_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te index 6107487..04a815e 100644 --- a/refpolicy/policy/modules/apps/webalizer.te +++ b/refpolicy/policy/modules/apps/webalizer.te @@ -93,8 +93,8 @@ apache_read_log(webalizer_t) apache_manage_sys_content(webalizer_t) ifdef(`targeted_policy',` - term_use_generic_pty(webalizer_t) - term_use_unallocated_tty(webalizer_t) + term_use_generic_ptys(webalizer_t) + term_use_unallocated_ttys(webalizer_t) ') optional_policy(`ftp',` @@ -106,7 +106,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(webalizer_t) + nscd_socket_use(webalizer_t) ') optional_policy(`cron',` diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if index 721402e..5d45d7a 100644 --- a/refpolicy/policy/modules/kernel/bootloader.if +++ b/refpolicy/policy/modules/kernel/bootloader.if @@ -55,7 +55,7 @@ interface(`bootloader_run',` ## Domain to not audit. ## # -interface(`bootloader_getattr_boot_dir',` +interface(`bootloader_getattr_boot_dirs',` gen_require(` type boot_t; ') @@ -72,7 +72,7 @@ interface(`bootloader_getattr_boot_dir',` ## Domain to not audit. ## # -interface(`bootloader_dontaudit_getattr_boot_dir',` +interface(`bootloader_dontaudit_getattr_boot_dirs',` gen_require(` type boot_t; ') @@ -261,7 +261,7 @@ interface(`bootloader_rw_config',` ## The type of the process performing this action. ## # -interface(`bootloader_rw_tmp_file',` +interface(`bootloader_rw_tmp_files',` gen_require(` type bootloader_tmp_t; ') diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te index 06ffc86..7fb6338 100644 --- a/refpolicy/policy/modules/kernel/bootloader.te +++ b/refpolicy/policy/modules/kernel/bootloader.te @@ -118,7 +118,7 @@ fs_getattr_xattr_fs(bootloader_t) fs_read_tmpfs_symlinks(bootloader_t) term_getattr_all_user_ttys(bootloader_t) -term_dontaudit_manage_pty_dir(bootloader_t) +term_dontaudit_manage_pty_dirs(bootloader_t) corecmd_exec_bin(bootloader_t) corecmd_exec_sbin(bootloader_t) @@ -137,13 +137,13 @@ files_read_var_files(bootloader_t) files_dontaudit_search_pids(bootloader_t) init_getattr_initctl(bootloader_t) -init_use_script_pty(bootloader_t) +init_use_script_ptys(bootloader_t) init_use_script_fd(bootloader_t) -init_rw_script_pipe(bootloader_t) +init_rw_script_pipes(bootloader_t) libs_use_ld_so(bootloader_t) libs_use_shared_libs(bootloader_t) -libs_read_lib(bootloader_t) +libs_read_lib_files(bootloader_t) libs_exec_lib_files(bootloader_t) logging_send_syslog_msg(bootloader_t) @@ -151,8 +151,8 @@ logging_rw_generic_logs(bootloader_t) miscfiles_read_localization(bootloader_t) -seutil_read_binary_pol(bootloader_t) -seutil_read_loadpol(bootloader_t) +seutil_read_bin_policy(bootloader_t) +seutil_read_loadpolicy(bootloader_t) seutil_dontaudit_search_config(bootloader_t) ifdef(`distro_debian',` @@ -195,8 +195,8 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy',` - term_use_unallocated_tty(bootloader_t) - term_use_generic_pty(bootloader_t) + term_use_unallocated_ttys(bootloader_t) + term_use_generic_ptys(bootloader_t) ') optional_policy(`fstools',` @@ -212,19 +212,19 @@ optional_policy(`lvm',` optional_policy(`modutils',` modutils_exec_insmod(bootloader_t) - modutils_read_mods_deps(bootloader_t) - modutils_read_module_conf(bootloader_t) + modutils_read_module_deps(bootloader_t) + modutils_read_module_config(bootloader_t) modutils_exec_insmod(bootloader_t) modutils_exec_depmod(bootloader_t) modutils_exec_update_mods(bootloader_t) ') optional_policy(`nscd',` - nscd_use_socket(bootloader_t) + nscd_socket_use(bootloader_t) ') optional_policy(`rpm',` - rpm_rw_pipe(bootloader_t) + rpm_rw_pipes(bootloader_t) ') optional_policy(`userdomain',` diff --git a/refpolicy/policy/modules/kernel/corecommands.if b/refpolicy/policy/modules/kernel/corecommands.if index 0eff2f0..539a8e1 100644 --- a/refpolicy/policy/modules/kernel/corecommands.if +++ b/refpolicy/policy/modules/kernel/corecommands.if @@ -84,7 +84,7 @@ interface(`corecmd_list_bin',` ## Domain allowed access. ## # -interface(`corecmd_getattr_bin_file',` +interface(`corecmd_getattr_bin_files',` gen_require(` type bin_t; ') @@ -100,7 +100,7 @@ interface(`corecmd_getattr_bin_file',` ## Domain allowed access. ## # -interface(`corecmd_read_bin_file',` +interface(`corecmd_read_bin_files',` gen_require(` type bin_t; ') @@ -117,7 +117,7 @@ interface(`corecmd_read_bin_file',` ## Domain allowed access. ## # -interface(`corecmd_read_bin_symlink',` +interface(`corecmd_read_bin_symlinks',` gen_require(` type bin_t; ') @@ -134,7 +134,7 @@ interface(`corecmd_read_bin_symlink',` ## Domain allowed access. ## # -interface(`corecmd_read_bin_pipe',` +interface(`corecmd_read_bin_pipes',` gen_require(` type bin_t; ') @@ -151,7 +151,7 @@ interface(`corecmd_read_bin_pipe',` ## Domain allowed access. ## # -interface(`corecmd_read_bin_socket',` +interface(`corecmd_read_bin_sockets',` gen_require(` type bin_t; ') @@ -351,9 +351,9 @@ interface(`corecmd_list_sbin',` ######################################## # -# corecmd_getattr_sbin_file(domain) +# corecmd_getattr_sbin_files(domain) # -interface(`corecmd_getattr_sbin_file',` +interface(`corecmd_getattr_sbin_files',` gen_require(` type sbin_t; ') @@ -363,9 +363,9 @@ interface(`corecmd_getattr_sbin_file',` ######################################## # -# corecmd_dontaudit_getattr_sbin_file(domain) +# corecmd_dontaudit_getattr_sbin_files(domain) # -interface(`corecmd_dontaudit_getattr_sbin_file',` +interface(`corecmd_dontaudit_getattr_sbin_files',` gen_require(` type sbin_t; ') @@ -381,7 +381,7 @@ interface(`corecmd_dontaudit_getattr_sbin_file',` ## Domain allowed access. ## # -interface(`corecmd_read_sbin_file',` +interface(`corecmd_read_sbin_files',` gen_require(` type sbin_t; ') @@ -398,7 +398,7 @@ interface(`corecmd_read_sbin_file',` ## Domain allowed access. ## # -interface(`corecmd_read_sbin_symlink',` +interface(`corecmd_read_sbin_symlinks',` gen_require(` type sbin_t; ') @@ -415,7 +415,7 @@ interface(`corecmd_read_sbin_symlink',` ## Domain allowed access. ## # -interface(`corecmd_read_sbin_pipe',` +interface(`corecmd_read_sbin_pipes',` gen_require(` type sbin_t; ') @@ -432,7 +432,7 @@ interface(`corecmd_read_sbin_pipe',` ## Domain allowed access. ## # -interface(`corecmd_read_sbin_socket',` +interface(`corecmd_read_sbin_sockets',` gen_require(` type sbin_t; ') diff --git a/refpolicy/policy/modules/kernel/domain.if b/refpolicy/policy/modules/kernel/domain.if index d0174c0..08f7bdf 100644 --- a/refpolicy/policy/modules/kernel/domain.if +++ b/refpolicy/policy/modules/kernel/domain.if @@ -89,7 +89,7 @@ interface(`domain_type',` # these 3 seem highly questionable: optional_policy(`rpm',` rpm_use_fd($1) - rpm_read_pipe($1) + rpm_read_pipes($1) ') optional_policy(`selinux',` @@ -161,7 +161,7 @@ interface(`domain_dyntrans_type',` ## Domain allowed access. ## # -interface(`domain_system_change_exempt',` +interface(`domain_system_change_exemption',` gen_require(` attribute can_system_change; ') @@ -178,7 +178,7 @@ interface(`domain_system_change_exempt',` ## The process type to make an exception to the constraint. ## # -interface(`domain_subj_id_change_exempt',` +interface(`domain_subj_id_change_exemption',` gen_require(` attribute can_change_process_identity; ') @@ -195,7 +195,7 @@ interface(`domain_subj_id_change_exempt',` ## The process type to make an exception to the constraint. ## # -interface(`domain_role_change_exempt',` +interface(`domain_role_change_exemption',` gen_require(` attribute can_change_process_role; ') @@ -212,7 +212,7 @@ interface(`domain_role_change_exempt',` ## The process type to make an exception to the constraint. ## # -interface(`domain_obj_id_change_exempt',` +interface(`domain_obj_id_change_exemption',` gen_require(` attribute can_change_object_identity; ') @@ -678,7 +678,7 @@ interface(`domain_dontaudit_read_all_domains_state',` ## The type of the process performing this action. ## # -interface(`domain_dontaudit_list_all_domains_proc',` +interface(`domain_dontaudit_list_all_domains_state',` gen_require(` attribute domain; ') @@ -1048,7 +1048,7 @@ interface(`domain_mmap_all_entry_files',` ## # # cjp: added for userhelper -interface(`domain_entry_spec_domtrans',` +interface(`domain_entry_file_spec_domtrans',` gen_require(` attribute entry_type; ') diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if index cc88278..ea44b31 100644 --- a/refpolicy/policy/modules/kernel/files.if +++ b/refpolicy/policy/modules/kernel/files.if @@ -730,7 +730,7 @@ interface(`files_relabel_all_files',` allow $1 { file_type $2 }:chr_file { getattr relabelfrom }; # satisfy the assertions: - seutil_relabelto_binary_pol($1) + seutil_relabelto_bin_policy($1) ') ######################################## @@ -758,7 +758,7 @@ interface(`files_manage_all_files',` allow $1 { file_type $2 }:sock_file create_file_perms; # satisfy the assertions: - seutil_create_binary_pol($1) + seutil_create_bin_policy($1) bootloader_manage_kernel_modules($1) ') diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te index b6a5823..340772e 100644 --- a/refpolicy/policy/modules/kernel/kernel.te +++ b/refpolicy/policy/modules/kernel/kernel.te @@ -266,7 +266,7 @@ optional_policy(`nis',` ') optional_policy(`portmap',` - portmap_udp_sendto(kernel_t) + portmap_udp_send(kernel_t) ') optional_policy(`rpc',` @@ -293,7 +293,7 @@ optional_policy(`rpc',` rpc_manage_nfs_ro_content(kernel_t) rpc_manage_nfs_rw_content(kernel_t) rpc_udp_rw_nfs_sockets(kernel_t) - rpc_udp_sendto_nfs(kernel_t) + rpc_udp_send_nfs(kernel_t) tunable_policy(`nfs_export_all_ro',` fs_list_noxattr_fs(kernel_t) @@ -316,7 +316,7 @@ optional_policy(`rpc',` optional_policy(`selinuxutil',` seutil_read_config(kernel_t) - seutil_read_binary_pol(kernel_t) + seutil_read_bin_policy(kernel_t) ') ######################################## diff --git a/refpolicy/policy/modules/kernel/storage.if b/refpolicy/policy/modules/kernel/storage.if index 9c38239..395cd8f 100644 --- a/refpolicy/policy/modules/kernel/storage.if +++ b/refpolicy/policy/modules/kernel/storage.if @@ -9,7 +9,7 @@ ## The type of the process performing this action. ## # -interface(`storage_getattr_fixed_disk',` +interface(`storage_getattr_fixed_disk_dev',` gen_require(` type fixed_disk_device_t; ') @@ -27,7 +27,7 @@ interface(`storage_getattr_fixed_disk',` ## The type of the process to not audit. ## # -interface(`storage_dontaudit_getattr_fixed_disk',` +interface(`storage_dontaudit_getattr_fixed_disk_dev',` gen_require(` type fixed_disk_device_t; ') @@ -44,7 +44,7 @@ interface(`storage_dontaudit_getattr_fixed_disk',` ## The type of the process performing this action. ## # -interface(`storage_setattr_fixed_disk',` +interface(`storage_setattr_fixed_disk_dev',` gen_require(` type fixed_disk_device_t; ') @@ -62,7 +62,7 @@ interface(`storage_setattr_fixed_disk',` ## The type of the process to not audit. ## # -interface(`storage_dontaudit_setattr_fixed_disk',` +interface(`storage_dontaudit_setattr_fixed_disk_dev',` gen_require(` type fixed_disk_device_t; ') @@ -295,7 +295,7 @@ interface(`storage_raw_write_lvm_volume',` ## The type of the process performing this action. ## # -interface(`storage_getattr_scsi_generic',` +interface(`storage_getattr_scsi_generic_dev',` gen_require(` type scsi_generic_device_t; ') @@ -313,7 +313,7 @@ interface(`storage_getattr_scsi_generic',` ## The type of the process performing this action. ## # -interface(`storage_setattr_scsi_generic',` +interface(`storage_setattr_scsi_generic_dev',` gen_require(` type scsi_generic_device_t; ') @@ -377,7 +377,7 @@ interface(`storage_write_scsi_generic',` ## The type of the process performing this action. ## # -interface(`storage_set_scsi_generic_attributes',` +interface(`storage_setattr_scsi_generic_dev_dev',` gen_require(` type scsi_generic_device_t; ') @@ -412,7 +412,7 @@ interface(`storage_dontaudit_rw_scsi_generic',` ## The type of the process performing this action. ## # -interface(`storage_getattr_removable_device',` +interface(`storage_getattr_removable_dev',` gen_require(` type removable_device_t; ') @@ -430,7 +430,7 @@ interface(`storage_getattr_removable_device',` ## The type of the process to not audit. ## # -interface(`storage_dontaudit_getattr_removable_device',` +interface(`storage_dontaudit_getattr_removable_dev',` gen_require(` type removable_device_t; ') @@ -465,7 +465,7 @@ interface(`storage_dontaudit_read_removable_device',` ## The type of the process performing this action. ## # -interface(`storage_setattr_removable_device',` +interface(`storage_setattr_removable_dev',` gen_require(` type removable_device_t; ') @@ -483,7 +483,7 @@ interface(`storage_setattr_removable_device',` ## The type of the process to not audit. ## # -interface(`storage_dontaudit_setattr_removable_device',` +interface(`storage_dontaudit_setattr_removable_dev',` gen_require(` type removable_device_t; ') @@ -574,7 +574,7 @@ interface(`storage_dontaudit_raw_write_removable_device',` ## The type of the process performing this action. ## # -interface(`storage_read_tape_device',` +interface(`storage_read_tape',` gen_require(` type tape_device_t; ') @@ -592,7 +592,7 @@ interface(`storage_read_tape_device',` ## The type of the process performing this action. ## # -interface(`storage_write_tape_device',` +interface(`storage_write_tape',` gen_require(` type tape_device_t; ') @@ -610,7 +610,7 @@ interface(`storage_write_tape_device',` ## The type of the process performing this action. ## # -interface(`storage_getattr_tape_device',` +interface(`storage_getattr_tape_dev',` gen_require(` type tape_device_t; ') @@ -628,7 +628,7 @@ interface(`storage_getattr_tape_device',` ## The type of the process performing this action. ## # -interface(`storage_setattr_tape_device',` +interface(`storage_setattr_tape_dev',` gen_require(` type tape_device_t; ') diff --git a/refpolicy/policy/modules/kernel/terminal.if b/refpolicy/policy/modules/kernel/terminal.if index 978b5f0..c11e56f 100644 --- a/refpolicy/policy/modules/kernel/terminal.if +++ b/refpolicy/policy/modules/kernel/terminal.if @@ -237,7 +237,7 @@ interface(`term_setattr_console',` ## The type of the process to not audit. ## # -interface(`term_dontaudit_getattr_pty_dir',` +interface(`term_dontaudit_getattr_pty_dirs',` gen_require(` type devpts_t; ') @@ -324,7 +324,7 @@ interface(`term_dontaudit_list_ptys',` ## The type of the process to not audit. ## # -interface(`term_dontaudit_manage_pty_dir',` +interface(`term_dontaudit_manage_pty_dirs',` gen_require(` type devpts_t; ') @@ -341,7 +341,7 @@ interface(`term_dontaudit_manage_pty_dir',` ## # # cjp: added for ppp -interface(`term_ioctl_generic_pty',` +interface(`term_ioctl_generic_ptys',` gen_require(` type devpts_t; ') @@ -361,7 +361,7 @@ interface(`term_ioctl_generic_pty',` ## Domain allowed access. ## # -interface(`term_use_generic_pty',` +interface(`term_use_generic_ptys',` gen_require(` type devpts_t; ') @@ -381,7 +381,7 @@ interface(`term_use_generic_pty',` ## The type of the process to not audit. ## # -interface(`term_dontaudit_use_generic_pty',` +interface(`term_dontaudit_use_generic_ptys',` gen_require(` type devpts_t; ') @@ -703,7 +703,7 @@ interface(`term_write_unallocated_ttys',` ## Domain allowed access. ## # -interface(`term_use_unallocated_tty',` +interface(`term_use_unallocated_ttys',` gen_require(` type tty_device_t; ') @@ -721,7 +721,7 @@ interface(`term_use_unallocated_tty',` ## The type of the process to not audit. ## # -interface(`term_dontaudit_use_unallocated_tty',` +interface(`term_dontaudit_use_unallocated_ttys',` gen_require(` type tty_device_t; ') diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if index 0f516ee..fbae511 100644 --- a/refpolicy/policy/modules/services/apache.if +++ b/refpolicy/policy/modules/services/apache.if @@ -176,7 +176,7 @@ template(`apache_content_template',` files_read_etc_runtime_files(httpd_$1_script_t) files_read_usr_files(httpd_$1_script_t) - libs_read_lib(httpd_$1_script_t) + libs_read_lib_files(httpd_$1_script_t) miscfiles_read_localization(httpd_$1_script_t) @@ -226,7 +226,7 @@ template(`apache_content_template',` ') optional_policy(`nscd',` - nscd_use_socket(httpd_$1_script_t) + nscd_socket_use(httpd_$1_script_t) ') ') @@ -400,7 +400,7 @@ interface(`apache_use_fd',` ## Domain allowed access. ## # -interface(`apache_dontaudit_rw_stream_socket',` +interface(`apache_dontaudit_rw_stream_sockets',` gen_require(` type httpd_t; ') @@ -417,7 +417,7 @@ interface(`apache_dontaudit_rw_stream_socket',` ## Domain allowed access. ## # -interface(`apache_dontaudit_rw_tcp_socket',` +interface(`apache_dontaudit_rw_tcp_sockets',` gen_require(` type httpd_t; ') @@ -642,7 +642,7 @@ interface(`apache_domtrans_sys_script',` ## Domain allowed access. ## # -interface(`apache_dontaudit_rw_sys_script_stream_socket',` +interface(`apache_dontaudit_rw_sys_script_stream_sockets',` gen_require(` type httpd_sys_script_t; ') diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te index 3ad5ae6..94edaf0 100644 --- a/refpolicy/policy/modules/services/apache.te +++ b/refpolicy/policy/modules/services/apache.te @@ -263,11 +263,11 @@ files_read_etc_files(httpd_t) files_read_var_lib_symlinks(httpd_t) init_use_fd(httpd_t) -init_use_script_pty(httpd_t) +init_use_script_ptys(httpd_t) libs_use_ld_so(httpd_t) libs_use_shared_libs(httpd_t) -libs_read_lib(httpd_t) +libs_read_lib_files(httpd_t) logging_send_syslog_msg(httpd_t) @@ -287,8 +287,8 @@ userdom_dontaudit_search_sysadm_home_dir(httpd_t) mta_send_mail(httpd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(httpd_t) - term_dontaudit_use_generic_pty(httpd_t) + term_dontaudit_use_unallocated_ttys(httpd_t) + term_dontaudit_use_generic_ptys(httpd_t) files_dontaudit_read_root_files(httpd_t) tunable_policy(`httpd_enable_homedirs',` @@ -413,16 +413,16 @@ optional_policy(`mailman',` optional_policy(`mysql',` mysql_stream_connect(httpd_t) - mysql_rw_db_socket(httpd_t) + mysql_rw_db_sockets(httpd_t) ') optional_policy(`nscd',` - nscd_use_socket(httpd_t) + nscd_socket_use(httpd_t) ') optional_policy(`postgresql',` # Allow httpd to work with postgresql - postgresql_unix_connect(httpd_t) + postgresql_stream_connect(httpd_t) ') optional_policy(`selinuxutil',` @@ -645,7 +645,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(httpd_suexec_t) + nscd_socket_use(httpd_suexec_t) ') ######################################## @@ -680,7 +680,7 @@ ifdef(`targeted_policy',` optional_policy(`mysql',` mysql_stream_connect(httpd_sys_script_t) - mysql_rw_db_socket(httpd_sys_script_t) + mysql_rw_db_sockets(httpd_sys_script_t) ') ######################################## @@ -695,5 +695,5 @@ optional_policy(`cron',` ') optional_policy(`nscd',` - nscd_use_socket(httpd_unconfined_script_t) + nscd_socket_use(httpd_unconfined_script_t) ') diff --git a/refpolicy/policy/modules/services/apm.if b/refpolicy/policy/modules/services/apm.if index a051c34..e4fb61a 100644 --- a/refpolicy/policy/modules/services/apm.if +++ b/refpolicy/policy/modules/services/apm.if @@ -46,7 +46,7 @@ interface(`apm_use_fd',` ## The type of the process performing this action. ## # -interface(`apm_write_pipe',` +interface(`apm_write_pipes',` gen_require(` type apmd_t; ') @@ -62,7 +62,7 @@ interface(`apm_write_pipe',` ## Domain allowed access. ## # -interface(`apm_rw_stream_socket',` +interface(`apm_rw_stream_sockets',` gen_require(` type apmd_t; ') diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te index fd51e93..419d0bd 100644 --- a/refpolicy/policy/modules/services/apm.te +++ b/refpolicy/policy/modules/services/apm.te @@ -115,7 +115,7 @@ domain_read_all_domains_state(apmd_t) domain_use_wide_inherit_fd(apmd_t) domain_dontaudit_getattr_all_sockets(apmd_t) domain_dontaudit_getattr_all_key_sockets(apmd_t) # Excessive? -domain_dontaudit_list_all_domains_proc(apmd_t) # Excessive? +domain_dontaudit_list_all_domains_state(apmd_t) # Excessive? files_exec_etc_files(apmd_t) files_read_etc_runtime_files(apmd_t) @@ -126,7 +126,7 @@ files_dontaudit_getattr_all_sockets(apmd_t) # Excessive? init_domtrans_script(apmd_t) init_use_fd(apmd_t) -init_use_script_pty(apmd_t) +init_use_script_ptys(apmd_t) init_rw_utmp(apmd_t) init_write_initctl(apmd_t) @@ -141,7 +141,7 @@ miscfiles_read_localization(apmd_t) miscfiles_read_hwdata(apmd_t) modutils_domtrans_insmod(apmd_t) -modutils_read_module_conf(apmd_t) +modutils_read_module_config(apmd_t) seutil_dontaudit_read_config(apmd_t) @@ -180,8 +180,8 @@ ifdef(`distro_suse',` ') ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(apmd_t) - term_dontaudit_use_generic_pty(apmd_t) + term_dontaudit_use_unallocated_ttys(apmd_t) + term_dontaudit_use_generic_ptys(apmd_t) files_dontaudit_read_root_files(apmd_t) unconfined_domain_template(apmd_t) ') @@ -197,7 +197,7 @@ optional_policy(`clock',` optional_policy(`cron',` cron_system_entry(apmd_t, apmd_exec_t) - cron_domtrans_anacron_system_job(apmd_t) + cron_anacron_domtrans_system_job(apmd_t) ') optional_policy(`dbus',` @@ -217,7 +217,7 @@ optional_policy(`mta',` ') optional_policy(`nscd',` - nscd_use_socket(apmd_t) + nscd_socket_use(apmd_t) ') optional_policy(`pcmcia',` diff --git a/refpolicy/policy/modules/services/arpwatch.if b/refpolicy/policy/modules/services/arpwatch.if index 87ef19e..95cac1d 100644 --- a/refpolicy/policy/modules/services/arpwatch.if +++ b/refpolicy/policy/modules/services/arpwatch.if @@ -74,7 +74,7 @@ interface(`arpwatch_manage_tmp_files',` ## Domain to not audit. ## # -interface(`arpwatch_dontaudit_rw_packet_socket',` +interface(`arpwatch_dontaudit_rw_packet_sockets',` gen_require(` type arpwatch_t; ') diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te index b74964f..bd3a651 100644 --- a/refpolicy/policy/modules/services/arpwatch.te +++ b/refpolicy/policy/modules/services/arpwatch.te @@ -68,7 +68,7 @@ fs_search_auto_mountpoints(arpwatch_t) term_dontaudit_use_console(arpwatch_t) -corecmd_read_sbin_symlink(arpwatch_t) +corecmd_read_sbin_symlinks(arpwatch_t) domain_use_wide_inherit_fd(arpwatch_t) @@ -77,7 +77,7 @@ files_read_usr_files(arpwatch_t) files_search_var_lib(arpwatch_t) init_use_fd(arpwatch_t) -init_use_script_pty(arpwatch_t) +init_use_script_ptys(arpwatch_t) libs_use_ld_so(arpwatch_t) libs_use_shared_libs(arpwatch_t) @@ -94,8 +94,8 @@ userdom_dontaudit_search_sysadm_home_dir(arpwatch_t) mta_send_mail(arpwatch_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(arpwatch_t) - term_dontaudit_use_generic_pty(arpwatch_t) + term_dontaudit_use_unallocated_ttys(arpwatch_t) + term_dontaudit_use_generic_ptys(arpwatch_t) files_dontaudit_read_root_files(arpwatch_t) ') diff --git a/refpolicy/policy/modules/services/automount.te b/refpolicy/policy/modules/services/automount.te index 863741e..35ac42c 100644 --- a/refpolicy/policy/modules/services/automount.te +++ b/refpolicy/policy/modules/services/automount.te @@ -63,7 +63,7 @@ kernel_read_proc_symlinks(automount_t) kernel_read_system_state(automount_t) kernel_list_proc(automount_t) -bootloader_getattr_boot_dir(automount_t) +bootloader_getattr_boot_dirs(automount_t) corecmd_exec_sbin(automount_t) corecmd_exec_bin(automount_t) @@ -108,10 +108,10 @@ fs_search_auto_mountpoints(automount_t) fs_manage_auto_mountpoints(automount_t) term_dontaudit_use_console(automount_t) -term_dontaudit_getattr_pty_dir(automount_t) +term_dontaudit_getattr_pty_dirs(automount_t) init_use_fd(automount_t) -init_use_script_pty(automount_t) +init_use_script_ptys(automount_t) libs_use_ld_so(automount_t) libs_use_shared_libs(automount_t) @@ -133,8 +133,8 @@ userdom_dontaudit_search_sysadm_home_dir(automount_t) ifdef(`targeted_policy', ` files_dontaudit_read_root_files(automount_t) - term_dontaudit_use_unallocated_tty(automount_t) - term_dontaudit_use_generic_pty(automount_t) + term_dontaudit_use_unallocated_ttys(automount_t) + term_dontaudit_use_generic_ptys(automount_t) ') optional_policy(`apm',` diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te index bd5fa55..477d7ee 100644 --- a/refpolicy/policy/modules/services/avahi.te +++ b/refpolicy/policy/modules/services/avahi.te @@ -65,7 +65,7 @@ domain_use_wide_inherit_fd(avahi_t) files_read_etc_files(avahi_t) init_use_fd(avahi_t) -init_use_script_pty(avahi_t) +init_use_script_ptys(avahi_t) init_signal_script(avahi_t) init_signull_script(avahi_t) @@ -82,15 +82,15 @@ userdom_dontaudit_use_unpriv_user_fd(avahi_t) userdom_dontaudit_search_sysadm_home_dir(avahi_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(avahi_t) - term_dontaudit_use_generic_pty(avahi_t) + term_dontaudit_use_unallocated_ttys(avahi_t) + term_dontaudit_use_generic_ptys(avahi_t) files_dontaudit_read_root_files(avahi_t) ') optional_policy(`dbus',` dbus_system_bus_client_template(avahi,avahi_t) dbus_connect_system_bus(avahi_t) - dbus_send_system_bus_msg(avahi_t) + dbus_send_system_bus(avahi_t) ') optional_policy(`nis',` diff --git a/refpolicy/policy/modules/services/bind.if b/refpolicy/policy/modules/services/bind.if index 2a9ddaa..ade4664 100644 --- a/refpolicy/policy/modules/services/bind.if +++ b/refpolicy/policy/modules/services/bind.if @@ -143,7 +143,7 @@ interface(`bind_write_config',` ## Domain allowed access. ## # -interface(`bind_manage_config_dir',` +interface(`bind_manage_config_dirs',` gen_require(` type named_conf_t; ') @@ -200,7 +200,7 @@ interface(`bind_manage_cache',` ## Domain allowed access. ## # -interface(`bind_setattr_pid_dir',` +interface(`bind_setattr_pid_dirs',` gen_require(` type named_var_run_t; ') diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te index 796a196..286760e 100644 --- a/refpolicy/policy/modules/services/bind.te +++ b/refpolicy/policy/modules/services/bind.te @@ -131,7 +131,7 @@ files_read_etc_files(named_t) files_read_etc_runtime_files(named_t) init_use_fd(named_t) -init_use_script_pty(named_t) +init_use_script_ptys(named_t) libs_use_ld_so(named_t) libs_use_shared_libs(named_t) @@ -146,8 +146,8 @@ userdom_dontaudit_use_unpriv_user_fd(named_t) userdom_dontaudit_search_sysadm_home_dir(named_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(named_t) - term_dontaudit_use_generic_pty(named_t) + term_dontaudit_use_unallocated_ttys(named_t) + term_dontaudit_use_generic_ptys(named_t) files_dontaudit_read_root_files(named_t) ') @@ -170,7 +170,7 @@ optional_policy(`dbus',` dbus_system_bus_client_template(named,named_t) dbus_connect_system_bus(named_t) - dbus_send_system_bus_msg(named_t) + dbus_send_system_bus(named_t) optional_policy(`networkmanager',` networkmanager_dbus_chat(named_t) @@ -185,9 +185,9 @@ optional_policy(`networkmanager',` # this seems like fds that arent being # closed. these should probably be # dontaudits instead. - networkmanager_rw_udp_socket(named_t) - networkmanager_rw_packet_socket(named_t) - networkmanager_rw_routing_socket(named_t) + networkmanager_rw_udp_sockets(named_t) + networkmanager_rw_packet_sockets(named_t) + networkmanager_rw_routing_sockets(named_t) ') optional_policy(`nis',` @@ -195,7 +195,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(named_t) + nscd_socket_use(named_t) ') optional_policy(`selinuxutil',` @@ -256,7 +256,7 @@ files_read_etc_files(ndc_t) files_search_pids(ndc_t) init_use_fd(ndc_t) -init_use_script_pty(ndc_t) +init_use_script_ptys(ndc_t) libs_use_ld_so(ndc_t) libs_use_shared_libs(ndc_t) @@ -276,8 +276,8 @@ ifdef(`distro_redhat',` ifdef(`targeted_policy',` kernel_dontaudit_read_unlabeled_files(ndc_t) - term_use_unallocated_tty(ndc_t) - term_use_generic_pty(ndc_t) + term_use_unallocated_ttys(ndc_t) + term_use_generic_ptys(ndc_t) ') optional_policy(`nis',` @@ -285,7 +285,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(ndc_t) + nscd_socket_use(ndc_t) ') optional_policy(`ppp',` diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te index 160d4ec..b8305fd 100644 --- a/refpolicy/policy/modules/services/bluetooth.te +++ b/refpolicy/policy/modules/services/bluetooth.te @@ -108,7 +108,7 @@ fs_search_auto_mountpoints(bluetooth_t) term_dontaudit_use_console(bluetooth_t) #Handle bluetooth serial devices -term_use_unallocated_tty(bluetooth_t) +term_use_unallocated_ttys(bluetooth_t) corecmd_exec_bin(bluetooth_t) corecmd_exec_shell(bluetooth_t) @@ -120,7 +120,7 @@ files_read_etc_runtime_files(bluetooth_t) files_read_usr_files(bluetooth_t) init_use_fd(bluetooth_t) -init_use_script_pty(bluetooth_t) +init_use_script_ptys(bluetooth_t) libs_use_ld_so(bluetooth_t) libs_use_shared_libs(bluetooth_t) @@ -133,18 +133,18 @@ miscfiles_read_fonts(bluetooth_t) sysnet_read_config(bluetooth_t) userdom_dontaudit_use_unpriv_user_fd(bluetooth_t) -userdom_dontaudit_use_sysadm_pty(bluetooth_t) +userdom_dontaudit_use_sysadm_ptys(bluetooth_t) userdom_dontaudit_search_sysadm_home_dir(bluetooth_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(bluetooth_t) - term_dontaudit_use_generic_pty(bluetooth_t) + term_dontaudit_use_unallocated_ttys(bluetooth_t) + term_dontaudit_use_generic_ptys(bluetooth_t) files_dontaudit_read_root_files(bluetooth_t) ') optional_policy(`dbus',` dbus_system_bus_client_template(bluetooth,bluetooth_t) - dbus_send_system_bus_msg(bluetooth_t) + dbus_send_system_bus(bluetooth_t) ') optional_policy(`nis',` @@ -204,7 +204,7 @@ miscfiles_read_fonts(bluetooth_helper_t) userdom_search_all_users_home(bluetooth_helper_t) optional_policy(`nscd',` - nscd_use_socket(bluetooth_helper_t) + nscd_socket_use(bluetooth_helper_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te index 5a1233a..57843e8 100644 --- a/refpolicy/policy/modules/services/canna.te +++ b/refpolicy/policy/modules/services/canna.te @@ -73,7 +73,7 @@ files_search_tmp(canna_t) files_dontaudit_read_root_files(canna_t) init_use_fd(canna_t) -init_use_script_pty(canna_t) +init_use_script_ptys(canna_t) libs_use_ld_so(canna_t) libs_use_shared_libs(canna_t) @@ -88,8 +88,8 @@ userdom_dontaudit_use_unpriv_user_fd(canna_t) userdom_dontaudit_search_sysadm_home_dir(canna_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(canna_t) - term_dontaudit_use_generic_pty(canna_t) + term_dontaudit_use_unallocated_ttys(canna_t) + term_dontaudit_use_generic_ptys(canna_t) files_dontaudit_read_root_files(canna_t) ') diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te index 7c99d09..0686a4b 100644 --- a/refpolicy/policy/modules/services/comsat.te +++ b/refpolicy/policy/modules/services/comsat.te @@ -76,7 +76,7 @@ miscfiles_read_localization(comsat_t) sysnet_read_config(comsat_t) -userdom_dontaudit_getattr_sysadm_tty(comsat_t) +userdom_dontaudit_getattr_sysadm_ttys(comsat_t) mta_getattr_spool(comsat_t) @@ -89,7 +89,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(comsat_t) + nscd_socket_use(comsat_t) ') diff --git a/refpolicy/policy/modules/services/cpucontrol.te b/refpolicy/policy/modules/services/cpucontrol.te index 9bbcbf2..fc3a485 100644 --- a/refpolicy/policy/modules/services/cpucontrol.te +++ b/refpolicy/policy/modules/services/cpucontrol.te @@ -46,7 +46,7 @@ domain_use_wide_inherit_fd(cpucontrol_t) files_list_usr(cpucontrol_t) init_use_fd(cpucontrol_t) -init_use_script_pty(cpucontrol_t) +init_use_script_ptys(cpucontrol_t) libs_use_ld_so(cpucontrol_t) libs_use_shared_libs(cpucontrol_t) @@ -56,13 +56,13 @@ logging_send_syslog_msg(cpucontrol_t) userdom_dontaudit_use_unpriv_user_fd(cpucontrol_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(cpucontrol_t) - term_dontaudit_use_generic_pty(cpucontrol_t) + term_dontaudit_use_unallocated_ttys(cpucontrol_t) + term_dontaudit_use_generic_ptys(cpucontrol_t) files_dontaudit_read_root_files(cpucontrol_t) ') optional_policy(`nscd',` - nscd_use_socket(cpucontrol_t) + nscd_socket_use(cpucontrol_t) ') optional_policy(`selinuxutil',` @@ -98,7 +98,7 @@ files_read_etc_runtime_files(cpuspeed_t) files_list_usr(cpuspeed_t) init_use_fd(cpuspeed_t) -init_use_script_pty(cpuspeed_t) +init_use_script_ptys(cpuspeed_t) libs_use_ld_so(cpuspeed_t) libs_use_shared_libs(cpuspeed_t) @@ -110,13 +110,13 @@ miscfiles_read_localization(cpuspeed_t) userdom_dontaudit_use_unpriv_user_fd(cpuspeed_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(cpuspeed_t) - term_dontaudit_use_generic_pty(cpuspeed_t) + term_dontaudit_use_unallocated_ttys(cpuspeed_t) + term_dontaudit_use_generic_ptys(cpuspeed_t) files_dontaudit_read_root_files(cpuspeed_t) ') optional_policy(`nscd',` - nscd_use_socket(cpuspeed_t) + nscd_socket_use(cpuspeed_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if index a919d79..66caebb 100644 --- a/refpolicy/policy/modules/services/cron.if +++ b/refpolicy/policy/modules/services/cron.if @@ -370,7 +370,7 @@ interface(`cron_sigchld',` ## Domain allowed access. ## # -interface(`cron_read_pipe',` +interface(`cron_read_pipes',` gen_require(` type crond_t; ') @@ -386,7 +386,7 @@ interface(`cron_read_pipe',` ## Domain allowed access. ## # -interface(`cron_dontaudit_write_pipe',` +interface(`cron_dontaudit_write_pipes',` gen_require(` type crond_t; ') @@ -402,7 +402,7 @@ interface(`cron_dontaudit_write_pipe',` ## Domain allowed access. ## # -interface(`cron_rw_pipe',` +interface(`cron_rw_pipes',` gen_require(` type crond_t; ') @@ -452,7 +452,7 @@ interface(`cron_search_spool',` ## Domain allowed access. ## # -interface(`cron_domtrans_anacron_system_job',` +interface(`cron_anacron_domtrans_system_job',` gen_require(` type system_crond_t, anacron_exec_t; ') @@ -490,7 +490,7 @@ interface(`cron_use_system_job_fd',` ## Domain allowed access. ## # -interface(`cron_write_system_job_pipe',` +interface(`cron_write_system_job_pipes',` gen_require(` type system_crond_t; ') @@ -506,7 +506,7 @@ interface(`cron_write_system_job_pipe',` ## Domain allowed access. ## # -interface(`cron_rw_system_job_pipe',` +interface(`cron_rw_system_job_pipes',` gen_require(` type system_crond_t; ') diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index de8e413..743dae1 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -119,7 +119,7 @@ files_search_var_lib(crond_t) files_search_default(crond_t) init_use_fd(crond_t) -init_use_script_pty(crond_t) +init_use_script_ptys(crond_t) init_rw_utmp(crond_t) libs_use_ld_so(crond_t) @@ -184,17 +184,17 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(crond_t) + nscd_socket_use(crond_t) ') optional_policy(`rpm',` # Commonly used from postinst scripts - rpm_read_pipe(crond_t) + rpm_read_pipes(crond_t) ') optional_policy(`postgresql',` # allow crond to find /usr/lib/postgresql/bin/do.maintenance - postgresql_search_db_dir(crond_t) + postgresql_search_db(crond_t) ') optional_policy(`udev',` @@ -330,7 +330,7 @@ ifdef(`targeted_policy',` init_use_fd(system_crond_t) init_use_script_fd(system_crond_t) - init_use_script_pty(system_crond_t) + init_use_script_ptys(system_crond_t) init_read_utmp(system_crond_t) init_dontaudit_rw_utmp(system_crond_t) # prelink tells init to restart it self, we either need to allow or dontaudit @@ -398,7 +398,7 @@ ifdef(`targeted_policy',` ') optional_policy(`nscd',` - nscd_use_socket(system_crond_t) + nscd_socket_use(system_crond_t) ') optional_policy(`prelink',` diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te index 29ccff2..3d07598 100644 --- a/refpolicy/policy/modules/services/cups.te +++ b/refpolicy/policy/modules/services/cups.te @@ -171,13 +171,13 @@ files_read_world_readable_files(cupsd_t) files_read_world_readable_symlinks(cupsd_t) init_use_fd(cupsd_t) -init_use_script_pty(cupsd_t) +init_use_script_ptys(cupsd_t) init_exec_script(cupsd_t) libs_use_ld_so(cupsd_t) libs_use_shared_libs(cupsd_t) # Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.* -libs_read_lib(cupsd_t) +libs_read_lib_files(cupsd_t) logging_send_syslog_msg(cupsd_t) @@ -196,8 +196,8 @@ userdom_dontaudit_search_all_users_home(cupsd_t) lpd_manage_spool(cupsd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(cupsd_t) - term_dontaudit_use_generic_pty(cupsd_t) + term_dontaudit_use_unallocated_ttys(cupsd_t) + term_dontaudit_use_generic_ptys(cupsd_t) files_dontaudit_read_root_files(cupsd_t) ') @@ -207,7 +207,7 @@ optional_policy(`cron',` optional_policy(`dbus',` dbus_system_bus_client_template(cupsd,cupsd_t) - dbus_send_system_bus_msg(cupsd_t) + dbus_send_system_bus(cupsd_t) userdom_dbus_send_all_users(cupsd_t) @@ -229,11 +229,11 @@ optional_policy(`mount',` ') optional_policy(`nscd',` - nscd_use_socket(cupsd_t) + nscd_socket_use(cupsd_t) ') optional_policy(`portmap',` - portmap_udp_sendrecv(cupsd_t) + portmap_udp_chat(cupsd_t) ') optional_policy(`samba',` @@ -333,7 +333,7 @@ files_read_etc_files(ptal_t) files_read_etc_runtime_files(ptal_t) init_use_fd(ptal_t) -init_use_script_pty(ptal_t) +init_use_script_ptys(ptal_t) libs_use_ld_so(ptal_t) libs_use_shared_libs(ptal_t) @@ -348,8 +348,8 @@ userdom_dontaudit_use_unpriv_user_fd(ptal_t) userdom_dontaudit_search_all_users_home(ptal_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(ptal_t) - term_dontaudit_use_generic_pty(ptal_t) + term_dontaudit_use_unallocated_ttys(ptal_t) + term_dontaudit_use_generic_ptys(ptal_t) files_dontaudit_read_root_files(ptal_t) ') @@ -430,7 +430,7 @@ files_read_etc_runtime_files(hplip_t) files_read_usr_files(hplip_t) init_use_fd(hplip_t) -init_use_script_pty(hplip_t) +init_use_script_ptys(hplip_t) libs_use_ld_so(hplip_t) libs_use_shared_libs(hplip_t) @@ -447,8 +447,8 @@ userdom_dontaudit_search_sysadm_home_dir(hplip_t) lpd_read_config(cupsd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(hplip_t) - term_dontaudit_use_generic_pty(hplip_t) + term_dontaudit_use_unallocated_ttys(hplip_t) + term_dontaudit_use_generic_ptys(hplip_t) files_dontaudit_read_root_files(hplip_t) ') @@ -549,7 +549,7 @@ files_read_etc_files(cupsd_config_t) files_read_etc_runtime_files(cupsd_config_t) init_use_fd(cupsd_config_t) -init_use_script_pty(cupsd_config_t) +init_use_script_ptys(cupsd_config_t) libs_use_ld_so(cupsd_config_t) libs_use_shared_libs(cupsd_config_t) @@ -574,8 +574,8 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(cupsd_config_t) - term_dontaudit_use_generic_pty(cupsd_config_t) + term_dontaudit_use_unallocated_ttys(cupsd_config_t) + term_dontaudit_use_generic_ptys(cupsd_config_t) files_dontaudit_read_root_files(cupsd_config_t) ') @@ -586,7 +586,7 @@ optional_policy(`cron',` optional_policy(`dbus',` dbus_system_bus_client_template(cupsd_config,cupsd_config_t) dbus_connect_system_bus(cupsd_config_t) - dbus_send_system_bus_msg(cupsd_config_t) + dbus_send_system_bus(cupsd_config_t) optional_policy(`hal',` hal_dbus_chat(cupsd_config_t) @@ -610,7 +610,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(cupsd_config_t) + nscd_socket_use(cupsd_config_t) ') optional_policy(`rpm',` @@ -633,9 +633,9 @@ allow cupsd_config_t printconf_t:file { getattr read }; allow cupsd_config_t initrc_exec_t:file getattr; ifdef(`targeted_policy', ` - init_unix_connect_script(cupsd_t) + init_stream_connect_script(cupsd_t) - unconfined_read_pipe(cupsd_t) + unconfined_read_pipes(cupsd_t) optional_policy(`dbus',` init_dbus_chat_script(cupsd_t) @@ -647,9 +647,9 @@ ifdef(`targeted_policy', ` ') ifdef(`targeted_policy',` - term_use_generic_pty(cupsd_config_t) + term_use_generic_ptys(cupsd_config_t) - unconfined_read_pipe(cupsd_config_t) + unconfined_read_pipes(cupsd_config_t) ') ######################################## @@ -725,5 +725,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(cupsd_lpd_t) + nscd_socket_use(cupsd_lpd_t) ') diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te index 60165e9..c4e324d 100644 --- a/refpolicy/policy/modules/services/cvs.te +++ b/refpolicy/policy/modules/services/cvs.te @@ -104,5 +104,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(cvs_t) + nscd_socket_use(cvs_t) ') diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te index 1a545a3..5478fa9 100644 --- a/refpolicy/policy/modules/services/cyrus.te +++ b/refpolicy/policy/modules/services/cyrus.te @@ -92,7 +92,7 @@ files_read_etc_files(cyrus_t) files_read_etc_runtime_files(cyrus_t) init_use_fd(cyrus_t) -init_use_script_pty(cyrus_t) +init_use_script_ptys(cyrus_t) libs_use_ld_so(cyrus_t) libs_use_shared_libs(cyrus_t) @@ -108,13 +108,13 @@ sysnet_read_config(cyrus_t) userdom_dontaudit_use_unpriv_user_fd(cyrus_t) userdom_dontaudit_search_sysadm_home_dir(cyrus_t) userdom_use_unpriv_users_fd(cyrus_t) -userdom_use_sysadm_pty(cyrus_t) +userdom_use_sysadm_ptys(cyrus_t) mta_manage_spool(cyrus_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(cyrus_t) - term_dontaudit_use_generic_pty(cyrus_t) + term_dontaudit_use_unallocated_ttys(cyrus_t) + term_dontaudit_use_generic_ptys(cyrus_t) files_dontaudit_read_root_files(cyrus_t) ') diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te index cd28ad7..f3494c6 100644 --- a/refpolicy/policy/modules/services/dbskk.te +++ b/refpolicy/policy/modules/services/dbskk.te @@ -81,5 +81,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(dbskkd_t) + nscd_socket_use(dbskkd_t) ') diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if index a7475ed..30a0bad 100644 --- a/refpolicy/policy/modules/services/dbus.if +++ b/refpolicy/policy/modules/services/dbus.if @@ -121,15 +121,15 @@ template(`dbus_per_userdomain_template',` selinux_compute_user_contexts($1_dbusd_t) corecmd_list_bin($1_dbusd_t) - corecmd_read_bin_symlink($1_dbusd_t) - corecmd_read_bin_file($1_dbusd_t) - corecmd_read_bin_pipe($1_dbusd_t) - corecmd_read_bin_socket($1_dbusd_t) + corecmd_read_bin_symlinks($1_dbusd_t) + corecmd_read_bin_files($1_dbusd_t) + corecmd_read_bin_pipes($1_dbusd_t) + corecmd_read_bin_sockets($1_dbusd_t) corecmd_list_sbin($1_dbusd_t) - corecmd_read_sbin_symlink($1_dbusd_t) - corecmd_read_sbin_file($1_dbusd_t) - corecmd_read_sbin_pipe($1_dbusd_t) - corecmd_read_sbin_socket($1_dbusd_t) + corecmd_read_sbin_symlinks($1_dbusd_t) + corecmd_read_sbin_files($1_dbusd_t) + corecmd_read_sbin_pipes($1_dbusd_t) + corecmd_read_sbin_sockets($1_dbusd_t) files_read_etc_files($1_dbusd_t) files_list_home($1_dbusd_t) @@ -161,7 +161,7 @@ template(`dbus_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_dbusd_t) + nscd_socket_use($1_dbusd_t) ') ifdef(`TODO',` @@ -246,7 +246,7 @@ interface(`dbus_connect_system_bus',` ## Domain allowed access. ## # -interface(`dbus_send_system_bus_msg',` +interface(`dbus_send_system_bus',` gen_require(` type system_dbusd_t; class dbus send_msg; diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te index 1e6b77a..b1ac037 100644 --- a/refpolicy/policy/modules/services/dbus.te +++ b/refpolicy/policy/modules/services/dbus.te @@ -76,15 +76,15 @@ auth_use_nsswitch(system_dbusd_t) auth_read_pam_console_data(system_dbusd_t) corecmd_list_bin(system_dbusd_t) -corecmd_read_bin_symlink(system_dbusd_t) -corecmd_read_bin_file(system_dbusd_t) -corecmd_read_bin_pipe(system_dbusd_t) -corecmd_read_bin_socket(system_dbusd_t) +corecmd_read_bin_symlinks(system_dbusd_t) +corecmd_read_bin_files(system_dbusd_t) +corecmd_read_bin_pipes(system_dbusd_t) +corecmd_read_bin_sockets(system_dbusd_t) corecmd_list_sbin(system_dbusd_t) -corecmd_read_sbin_symlink(system_dbusd_t) -corecmd_read_sbin_file(system_dbusd_t) -corecmd_read_sbin_pipe(system_dbusd_t) -corecmd_read_sbin_socket(system_dbusd_t) +corecmd_read_sbin_symlinks(system_dbusd_t) +corecmd_read_sbin_files(system_dbusd_t) +corecmd_read_sbin_pipes(system_dbusd_t) +corecmd_read_sbin_sockets(system_dbusd_t) corecmd_exec_sbin(system_dbusd_t) domain_use_wide_inherit_fd(system_dbusd_t) @@ -94,7 +94,7 @@ files_list_home(system_dbusd_t) files_read_usr_files(system_dbusd_t) init_use_fd(system_dbusd_t) -init_use_script_pty(system_dbusd_t) +init_use_script_ptys(system_dbusd_t) libs_use_ld_so(system_dbusd_t) libs_use_shared_libs(system_dbusd_t) @@ -111,8 +111,8 @@ userdom_dontaudit_use_unpriv_user_fd(system_dbusd_t) userdom_dontaudit_search_sysadm_home_dir(system_dbusd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(system_dbusd_t) - term_dontaudit_use_generic_pty(system_dbusd_t) + term_dontaudit_use_unallocated_ttys(system_dbusd_t) + term_dontaudit_use_generic_ptys(system_dbusd_t) files_dontaudit_read_root_files(system_dbusd_t) ') @@ -129,7 +129,7 @@ optional_policy(`bind',` ') optional_policy(`nscd',` - nscd_use_socket(system_dbusd_t) + nscd_socket_use(system_dbusd_t) ') optional_policy(`sysnetwork',` diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te index d13181c..18a570f 100644 --- a/refpolicy/policy/modules/services/dhcp.te +++ b/refpolicy/policy/modules/services/dhcp.te @@ -90,7 +90,7 @@ files_read_etc_runtime_files(dhcpd_t) files_search_var_lib(dhcpd_t) init_use_fd(dhcpd_t) -init_use_script_pty(dhcpd_t) +init_use_script_ptys(dhcpd_t) libs_use_ld_so(dhcpd_t) libs_use_shared_libs(dhcpd_t) @@ -110,8 +110,8 @@ ifdef(`distro_gentoo',` ') ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(dhcpd_t) - term_dontaudit_use_generic_pty(dhcpd_t) + term_dontaudit_use_unallocated_ttys(dhcpd_t) + term_dontaudit_use_generic_ptys(dhcpd_t) files_dontaudit_read_root_files(dhcpd_t) ') @@ -129,7 +129,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(dhcpd_t) + nscd_socket_use(dhcpd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/dictd.if b/refpolicy/policy/modules/services/dictd.if index 5fc1baa..d5b5adc 100644 --- a/refpolicy/policy/modules/services/dictd.if +++ b/refpolicy/policy/modules/services/dictd.if @@ -9,7 +9,7 @@ ## Domain allowed access. ## # -interface(`dictd_use',` +interface(`dictd_tcp_connect',` gen_require(` type dictd_t; ') diff --git a/refpolicy/policy/modules/services/dictd.te b/refpolicy/policy/modules/services/dictd.te index 56fb9ea..0095f29 100644 --- a/refpolicy/policy/modules/services/dictd.te +++ b/refpolicy/policy/modules/services/dictd.te @@ -68,7 +68,7 @@ files_search_var_lib(dictd_t) files_dontaudit_search_pids(dictd_t) init_use_fd(dictd_t) -init_use_script_pty(dictd_t) +init_use_script_ptys(dictd_t) libs_use_ld_so(dictd_t) libs_use_shared_libs(dictd_t) @@ -82,8 +82,8 @@ sysnet_read_config(dictd_t) userdom_dontaudit_use_unpriv_user_fd(dictd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(dictd_t) - term_dontaudit_use_generic_pty(dictd_t) + term_dontaudit_use_unallocated_ttys(dictd_t) + term_dontaudit_use_generic_ptys(dictd_t) files_dontaudit_read_root_files(dictd_t) ') @@ -92,7 +92,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(dictd_t) + nscd_socket_use(dictd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te index eb33762..ed88675 100644 --- a/refpolicy/policy/modules/services/distcc.te +++ b/refpolicy/policy/modules/services/distcc.te @@ -66,7 +66,7 @@ fs_search_auto_mountpoints(distccd_t) term_dontaudit_use_console(distccd_t) corecmd_exec_bin(distccd_t) -corecmd_read_sbin_symlink(distccd_t) +corecmd_read_sbin_symlinks(distccd_t) domain_use_wide_inherit_fd(distccd_t) @@ -74,7 +74,7 @@ files_read_etc_files(distccd_t) files_read_etc_runtime_files(distccd_t) init_use_fd(distccd_t) -init_use_script_pty(distccd_t) +init_use_script_ptys(distccd_t) libs_use_ld_so(distccd_t) libs_use_shared_libs(distccd_t) @@ -90,8 +90,8 @@ userdom_dontaudit_use_unpriv_user_fd(distccd_t) userdom_dontaudit_search_sysadm_home_dir(distccd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(distccd_t) - term_dontaudit_use_generic_pty(distccd_t) + term_dontaudit_use_unallocated_ttys(distccd_t) + term_dontaudit_use_generic_ptys(distccd_t) files_dontaudit_read_root_files(distccd_t) ') diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te index be406dc..6dd4f3d 100644 --- a/refpolicy/policy/modules/services/dovecot.te +++ b/refpolicy/policy/modules/services/dovecot.te @@ -98,7 +98,7 @@ files_search_tmp(dovecot_t) files_dontaudit_list_default(dovecot_t) init_use_fd(dovecot_t) -init_use_script_pty(dovecot_t) +init_use_script_ptys(dovecot_t) init_getattr_utmp(dovecot_t) libs_use_ld_so(dovecot_t) @@ -119,8 +119,8 @@ userdom_priveleged_home_dir_manager(dovecot_t) mta_manage_spool(dovecot_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(dovecot_t) - term_dontaudit_use_generic_pty(dovecot_t) + term_dontaudit_use_unallocated_ttys(dovecot_t) + term_dontaudit_use_generic_ptys(dovecot_t) files_dontaudit_read_root_files(dovecot_t) ') @@ -193,5 +193,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(dovecot_auth_t) + nscd_socket_use(dovecot_auth_t) ') diff --git a/refpolicy/policy/modules/services/fetchmail.te b/refpolicy/policy/modules/services/fetchmail.te index 31d197b..6ac08a7 100644 --- a/refpolicy/policy/modules/services/fetchmail.te +++ b/refpolicy/policy/modules/services/fetchmail.te @@ -75,7 +75,7 @@ term_dontaudit_use_console(fetchmail_t) domain_use_wide_inherit_fd(fetchmail_t) init_use_fd(fetchmail_t) -init_use_script_pty(fetchmail_t) +init_use_script_ptys(fetchmail_t) libs_use_ld_so(fetchmail_t) libs_use_shared_libs(fetchmail_t) @@ -91,8 +91,8 @@ userdom_dontaudit_use_unpriv_user_fd(fetchmail_t) userdom_dontaudit_search_sysadm_home_dir(fetchmail_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(fetchmail_t) - term_dontaudit_use_generic_pty(fetchmail_t) + term_dontaudit_use_unallocated_ttys(fetchmail_t) + term_dontaudit_use_generic_ptys(fetchmail_t) files_dontaudit_read_root_files(fetchmail_t) ') diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te index 86ef353..4f65524 100644 --- a/refpolicy/policy/modules/services/finger.te +++ b/refpolicy/policy/modules/services/finger.te @@ -84,7 +84,7 @@ files_read_etc_runtime_files(fingerd_t) init_read_utmp(fingerd_t) init_dontaudit_write_utmp(fingerd_t) init_use_fd(fingerd_t) -init_use_script_pty(fingerd_t) +init_use_script_ptys(fingerd_t) libs_use_ld_so(fingerd_t) libs_use_shared_libs(fingerd_t) @@ -105,8 +105,8 @@ userdom_dontaudit_search_sysadm_home_dir(fingerd_t) userdom_dontaudit_search_user_home_dirs(fingerd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(fingerd_t) - term_dontaudit_use_generic_pty(fingerd_t) + term_dontaudit_use_unallocated_ttys(fingerd_t) + term_dontaudit_use_generic_ptys(fingerd_t) files_dontaudit_read_root_files(fingerd_t) ') @@ -123,7 +123,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(fingerd_t) + nscd_socket_use(fingerd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te index 1539231..7ffe9f6 100644 --- a/refpolicy/policy/modules/services/ftp.te +++ b/refpolicy/policy/modules/services/ftp.te @@ -112,7 +112,7 @@ auth_append_login_records(ftpd_t) auth_write_login_records(ftpd_t) init_use_fd(ftpd_t) -init_use_script_pty(ftpd_t) +init_use_script_ptys(ftpd_t) libs_use_ld_so(ftpd_t) libs_use_shared_libs(ftpd_t) @@ -132,8 +132,8 @@ userdom_dontaudit_use_unpriv_user_fd(ftpd_t) ifdef(`targeted_policy',` files_dontaudit_read_root_files(ftpd_t) - term_dontaudit_use_generic_pty(ftpd_t) - term_dontaudit_use_unallocated_tty(ftpd_t) + term_dontaudit_use_generic_ptys(ftpd_t) + term_dontaudit_use_unallocated_ttys(ftpd_t) optional_policy(`ftp',` tunable_policy(`ftpd_is_daemon',` @@ -217,7 +217,7 @@ optional_policy(`mount',` ') optional_policy(`nscd',` - nscd_use_socket(ftpd_t) + nscd_socket_use(ftpd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/gpm.te b/refpolicy/policy/modules/services/gpm.te index 1904619..8000c4e 100644 --- a/refpolicy/policy/modules/services/gpm.te +++ b/refpolicy/policy/modules/services/gpm.te @@ -60,13 +60,13 @@ dev_rw_mouse(gpm_t) fs_getattr_all_fs(gpm_t) fs_search_auto_mountpoints(gpm_t) -term_use_unallocated_tty(gpm_t) +term_use_unallocated_ttys(gpm_t) term_dontaudit_use_console(gpm_t) domain_use_wide_inherit_fd(gpm_t) init_use_fd(gpm_t) -init_use_script_pty(gpm_t) +init_use_script_ptys(gpm_t) libs_use_ld_so(gpm_t) libs_use_shared_libs(gpm_t) @@ -79,8 +79,8 @@ userdom_dontaudit_use_unpriv_user_fd(gpm_t) userdom_dontaudit_search_sysadm_home_dir(gpm_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(gpm_t) - term_dontaudit_use_generic_pty(gpm_t) + term_dontaudit_use_unallocated_ttys(gpm_t) + term_dontaudit_use_generic_ptys(gpm_t) files_dontaudit_read_root_files(gpm_t) ') diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te index ac05ab6..9f05ae3 100644 --- a/refpolicy/policy/modules/services/hal.te +++ b/refpolicy/policy/modules/services/hal.te @@ -50,7 +50,7 @@ kernel_read_kernel_sysctls(hald_t) kernel_read_fs_sysctls(hald_t) kernel_write_proc_files(hald_t) -bootloader_getattr_boot_dir(hald_t) +bootloader_getattr_boot_dirs(hald_t) corecmd_exec_bin(hald_t) corecmd_exec_sbin(hald_t) @@ -111,10 +111,10 @@ storage_raw_write_fixed_disk(hald_t) term_dontaudit_use_console(hald_t) term_dontaudit_ioctl_unallocated_ttys(hald_t) -term_dontaudit_use_unallocated_tty(hald_t) +term_dontaudit_use_unallocated_ttys(hald_t) init_use_fd(hald_t) -init_use_script_pty(hald_t) +init_use_script_ptys(hald_t) init_domtrans_script(hald_t) init_write_initctl(hald_t) init_read_utmp(hald_t) @@ -138,8 +138,8 @@ userdom_dontaudit_use_unpriv_user_fd(hald_t) userdom_dontaudit_search_sysadm_home_dir(hald_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(hald_t) - term_dontaudit_use_generic_pty(hald_t) + term_dontaudit_use_unallocated_ttys(hald_t) + term_dontaudit_use_generic_ptys(hald_t) files_dontaudit_read_root_files(hald_t) files_dontaudit_getattr_home_dir(hald_t) ') @@ -165,7 +165,7 @@ optional_policy(`cups',` optional_policy(`dbus',` dbus_system_bus_client_template(hald,hald_t) - dbus_send_system_bus_msg(hald_t) + dbus_send_system_bus(hald_t) dbus_connect_system_bus(hald_t) allow hald_t self:dbus send_msg; @@ -194,12 +194,12 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(hald_t) + nscd_socket_use(hald_t) ') optional_policy(`pcmcia',` pcmcia_manage_pid(hald_t) - pcmcia_manage_runtime_chr(hald_t) + pcmcia_manage_pid_chr_files(hald_t) ') optional_policy(`rpc',` diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te index c5e0db2..8f7e2e4 100644 --- a/refpolicy/policy/modules/services/howl.te +++ b/refpolicy/policy/modules/services/howl.te @@ -61,7 +61,7 @@ domain_use_wide_inherit_fd(howl_t) files_read_etc_files(howl_t) init_use_fd(howl_t) -init_use_script_pty(howl_t) +init_use_script_ptys(howl_t) init_rw_utmp(howl_t) libs_use_ld_so(howl_t) @@ -77,8 +77,8 @@ userdom_dontaudit_use_unpriv_user_fd(howl_t) userdom_dontaudit_search_sysadm_home_dir(howl_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(howl_t) - term_dontaudit_use_generic_pty(howl_t) + term_dontaudit_use_unallocated_ttys(howl_t) + term_dontaudit_use_generic_ptys(howl_t) files_dontaudit_read_root_files(howl_t) ') diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te index 7e058a0..200b14e 100644 --- a/refpolicy/policy/modules/services/i18n_input.te +++ b/refpolicy/policy/modules/services/i18n_input.te @@ -70,8 +70,8 @@ files_read_etc_runtime_files(i18n_input_t) files_read_usr_files(i18n_input_t) init_use_fd(i18n_input_t) -init_use_script_pty(i18n_input_t) -init_unix_connect_script(i18n_input_t) +init_use_script_ptys(i18n_input_t) +init_stream_connect_script(i18n_input_t) libs_use_ld_so(i18n_input_t) libs_use_shared_libs(i18n_input_t) @@ -87,8 +87,8 @@ userdom_dontaudit_search_sysadm_home_dir(i18n_input_t) userdom_read_unpriv_user_home_files(i18n_input_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(i18n_input_t) - term_dontaudit_use_generic_pty(i18n_input_t) + term_dontaudit_use_unallocated_ttys(i18n_input_t) + term_dontaudit_use_generic_ptys(i18n_input_t) files_dontaudit_read_root_files(i18n_input_t) ') diff --git a/refpolicy/policy/modules/services/inetd.if b/refpolicy/policy/modules/services/inetd.if index 9c66cb1..cd20c23 100644 --- a/refpolicy/policy/modules/services/inetd.if +++ b/refpolicy/policy/modules/services/inetd.if @@ -220,7 +220,7 @@ interface(`inetd_udp_sendto',` ## The type of the process performing this action. ## # -interface(`inetd_rw_tcp_socket',` +interface(`inetd_rw_tcp_sockets',` gen_require(` type inetd_t; ') diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te index 201ae7f..4527f04 100644 --- a/refpolicy/policy/modules/services/inetd.te +++ b/refpolicy/policy/modules/services/inetd.te @@ -100,14 +100,14 @@ term_dontaudit_use_console(inetd_t) # Run other daemons in the inetd_child_t domain. corecmd_search_bin(inetd_t) -corecmd_read_sbin_symlink(inetd_t) +corecmd_read_sbin_symlinks(inetd_t) domain_use_wide_inherit_fd(inetd_t) files_read_etc_files(inetd_t) init_use_fd(inetd_t) -init_use_script_pty(inetd_t) +init_use_script_ptys(inetd_t) libs_use_ld_so(inetd_t) libs_use_shared_libs(inetd_t) @@ -122,8 +122,8 @@ userdom_dontaudit_use_unpriv_user_fd(inetd_t) userdom_dontaudit_search_sysadm_home_dir(inetd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(inetd_t) - term_dontaudit_use_generic_pty(inetd_t) + term_dontaudit_use_unallocated_ttys(inetd_t) + term_dontaudit_use_generic_ptys(inetd_t) files_dontaudit_read_root_files(inetd_t) ') @@ -137,7 +137,7 @@ optional_policy(`mount',` # Communicate with the portmapper. optional_policy(`portmap',` - portmap_udp_sendto(inetd_t) + portmap_udp_send(inetd_t) ') optional_policy(`selinuxutil',` @@ -232,5 +232,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(inetd_child_t) + nscd_socket_use(inetd_child_t) ') diff --git a/refpolicy/policy/modules/services/inn.if b/refpolicy/policy/modules/services/inn.if index d1aa502..2fbc7d7 100644 --- a/refpolicy/policy/modules/services/inn.if +++ b/refpolicy/policy/modules/services/inn.if @@ -47,7 +47,7 @@ interface(`inn_manage_log',` type innd_log_t; ') - logging_rw_log_dir($1) + logging_rw_generic_log_dirs($1) allow $1 innd_log_t:dir search; allow $1 innd_log_t:file create_file_perms; ') @@ -133,7 +133,7 @@ interface(`inn_read_news_spool',` ## Domain allowed access. ## # -interface(`inn_sendto_unix_dgram_socket',` +interface(`inn_dgram_send',` gen_require(` type innd_t; ') diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te index 0a97db4..c857d67 100644 --- a/refpolicy/policy/modules/services/inn.te +++ b/refpolicy/policy/modules/services/inn.te @@ -88,7 +88,7 @@ term_dontaudit_use_console(innd_t) corecmd_exec_bin(innd_t) corecmd_exec_shell(innd_t) corecmd_search_sbin(innd_t) -corecmd_read_sbin_symlink(innd_t) +corecmd_read_sbin_symlinks(innd_t) domain_use_wide_inherit_fd(innd_t) @@ -98,7 +98,7 @@ files_read_etc_runtime_files(innd_t) files_read_usr_files(innd_t) init_use_fd(innd_t) -init_use_script_pty(innd_t) +init_use_script_ptys(innd_t) libs_use_ld_so(innd_t) libs_use_shared_libs(innd_t) @@ -117,8 +117,8 @@ userdom_dontaudit_search_sysadm_home_dir(innd_t) mta_send_mail(innd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(innd_t) - term_dontaudit_use_generic_pty(innd_t) + term_dontaudit_use_unallocated_ttys(innd_t) + term_dontaudit_use_generic_ptys(innd_t) files_dontaudit_read_root_files(innd_t) ') diff --git a/refpolicy/policy/modules/services/irqbalance.te b/refpolicy/policy/modules/services/irqbalance.te index 1ce4180..683c658 100644 --- a/refpolicy/policy/modules/services/irqbalance.te +++ b/refpolicy/policy/modules/services/irqbalance.te @@ -39,7 +39,7 @@ term_dontaudit_use_console(irqbalance_t) domain_use_wide_inherit_fd(irqbalance_t) init_use_fd(irqbalance_t) -init_use_script_pty(irqbalance_t) +init_use_script_ptys(irqbalance_t) libs_use_ld_so(irqbalance_t) libs_use_shared_libs(irqbalance_t) @@ -52,8 +52,8 @@ userdom_dontaudit_use_unpriv_user_fd(irqbalance_t) userdom_dontaudit_search_sysadm_home_dir(irqbalance_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(irqbalance_t) - term_dontaudit_use_generic_pty(irqbalance_t) + term_dontaudit_use_unallocated_ttys(irqbalance_t) + term_dontaudit_use_generic_ptys(irqbalance_t) files_dontaudit_read_root_files(irqbalance_t) ') diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te index fc4392d..21e2f0c 100644 --- a/refpolicy/policy/modules/services/kerberos.te +++ b/refpolicy/policy/modules/services/kerberos.te @@ -117,7 +117,7 @@ domain_use_wide_inherit_fd(kadmind_t) files_read_etc_files(kadmind_t) init_use_fd(kadmind_t) -init_use_script_pty(kadmind_t) +init_use_script_ptys(kadmind_t) libs_use_ld_so(kadmind_t) libs_use_shared_libs(kadmind_t) @@ -132,8 +132,8 @@ userdom_dontaudit_use_unpriv_user_fd(kadmind_t) userdom_dontaudit_search_sysadm_home_dir(kadmind_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(kadmind_t) - term_dontaudit_use_generic_pty(kadmind_t) + term_dontaudit_use_unallocated_ttys(kadmind_t) + term_dontaudit_use_generic_ptys(kadmind_t) files_dontaudit_read_root_files(kadmind_t) ') @@ -217,7 +217,7 @@ domain_use_wide_inherit_fd(krb5kdc_t) files_read_etc_files(krb5kdc_t) init_use_fd(krb5kdc_t) -init_use_script_pty(krb5kdc_t) +init_use_script_ptys(krb5kdc_t) libs_use_ld_so(krb5kdc_t) libs_use_shared_libs(krb5kdc_t) @@ -232,8 +232,8 @@ userdom_dontaudit_use_unpriv_user_fd(krb5kdc_t) userdom_dontaudit_search_sysadm_home_dir(krb5kdc_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(krb5kdc_t) - term_dontaudit_use_generic_pty(krb5kdc_t) + term_dontaudit_use_unallocated_ttys(krb5kdc_t) + term_dontaudit_use_generic_ptys(krb5kdc_t) files_dontaudit_read_root_files(krb5kdc_t) ') diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te index 65864b9..f8bfffb 100644 --- a/refpolicy/policy/modules/services/ktalk.te +++ b/refpolicy/policy/modules/services/ktalk.te @@ -81,5 +81,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(ktalkd_t) + nscd_socket_use(ktalkd_t) ') diff --git a/refpolicy/policy/modules/services/ldap.if b/refpolicy/policy/modules/services/ldap.if index d0ee988..fba1456 100644 --- a/refpolicy/policy/modules/services/ldap.if +++ b/refpolicy/policy/modules/services/ldap.if @@ -9,7 +9,7 @@ ## Domain allowed access. ## # -interface(`ldap_list_db_dir',` +interface(`ldap_list_db',` gen_require(` type slapd_db_t; ') diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te index b5b609f..b8e97f7 100644 --- a/refpolicy/policy/modules/services/ldap.te +++ b/refpolicy/policy/modules/services/ldap.te @@ -108,7 +108,7 @@ files_read_usr_files(slapd_t) files_list_var_lib(slapd_t) init_use_fd(slapd_t) -init_use_script_pty(slapd_t) +init_use_script_ptys(slapd_t) libs_use_ld_so(slapd_t) libs_use_shared_libs(slapd_t) @@ -125,16 +125,16 @@ userdom_dontaudit_search_sysadm_home_dir(slapd_t) ifdef(`targeted_policy',` #reh slapcat will want to talk to the terminal - term_use_generic_pty(slapd_t) - term_use_unallocated_tty(slapd_t) + term_use_generic_ptys(slapd_t) + term_use_unallocated_ttys(slapd_t) userdom_search_generic_user_home_dir(slapd_t) #need to be able to read ldif files created by root # cjp: fix to not use templated interface: userdom_read_user_home_files(user,slapd_t) - term_dontaudit_use_unallocated_tty(slapd_t) - term_dontaudit_use_generic_pty(slapd_t) + term_dontaudit_use_unallocated_ttys(slapd_t) + term_dontaudit_use_generic_ptys(slapd_t) files_dontaudit_read_root_files(slapd_t) ') diff --git a/refpolicy/policy/modules/services/lpd.if b/refpolicy/policy/modules/services/lpd.if index 35ef521..5a3ce19 100644 --- a/refpolicy/policy/modules/services/lpd.if +++ b/refpolicy/policy/modules/services/lpd.if @@ -134,7 +134,7 @@ template(`lpd_per_userdomain_template',` # Access the terminal. term_use_controlling_term($1_lpr_t) - term_use_generic_pty($1_lpr_t) + term_use_generic_ptys($1_lpr_t) libs_use_ld_so($1_lpr_t) libs_use_shared_libs($1_lpr_t) @@ -190,7 +190,7 @@ template(`lpd_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_lpr_t) + nscd_socket_use($1_lpr_t) ') optional_policy(`nis',` diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te index 3c04e2a..856bbd5 100644 --- a/refpolicy/policy/modules/services/lpd.te +++ b/refpolicy/policy/modules/services/lpd.te @@ -90,7 +90,7 @@ domain_use_wide_inherit_fd(checkpc_t) files_read_etc_files(checkpc_t) files_read_etc_runtime_files(checkpc_t) -init_use_script_pty(checkpc_t) +init_use_script_ptys(checkpc_t) # Allow access to /dev/console through the fd: init_use_fd(checkpc_t) @@ -100,8 +100,8 @@ libs_use_shared_libs(checkpc_t) sysnet_read_config(checkpc_t) ifdef(`targeted_policy',` - term_use_generic_pty(checkpc_t) - term_use_unallocated_tty(checkpc_t) + term_use_generic_ptys(checkpc_t) + term_use_unallocated_ttys(checkpc_t) ') optional_policy(`cron',` @@ -202,7 +202,7 @@ files_read_var_lib_symlinks(lpd_t) files_read_etc_files(lpd_t) init_use_fd(lpd_t) -init_use_script_pty(lpd_t) +init_use_script_ptys(lpd_t) libs_use_ld_so(lpd_t) libs_use_shared_libs(lpd_t) @@ -218,8 +218,8 @@ userdom_dontaudit_use_unpriv_user_fd(lpd_t) userdom_dontaudit_search_sysadm_home_dir(lpd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(lpd_t) - term_dontaudit_use_generic_pty(lpd_t) + term_dontaudit_use_unallocated_ttys(lpd_t) + term_dontaudit_use_generic_ptys(lpd_t) files_dontaudit_read_root_files(lpd_t) ') @@ -229,7 +229,7 @@ optional_policy(`nis',` ') optional_policy(`portmap',` - portmap_udp_sendto(lpd_t) + portmap_udp_send(lpd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te index 312268c..1f6880b 100644 --- a/refpolicy/policy/modules/services/mailman.te +++ b/refpolicy/policy/modules/services/mailman.te @@ -61,7 +61,7 @@ optional_policy(`apache',` allow mailman_mail_t self:unix_dgram_socket create_socket_perms; -mta_dontaudit_rw_delivery_tcp_socket(mailman_mail_t) +mta_dontaudit_rw_delivery_tcp_sockets(mailman_mail_t) ifdef(`TODO',` optional_policy(`qmail',` @@ -110,5 +110,5 @@ optional_policy(`cron',` ') optional_policy(`nscd',` - nscd_use_socket(mailman_queue_t) + nscd_socket_use(mailman_queue_t) ') diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if index 99d095c..5e1384e 100644 --- a/refpolicy/policy/modules/services/mta.if +++ b/refpolicy/policy/modules/services/mta.if @@ -101,7 +101,7 @@ template(`mta_base_mail_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_mail_t) + nscd_socket_use($1_mail_t) ') optional_policy(`postfix',` @@ -422,8 +422,8 @@ interface(`mta_mailserver_user_agent',` optional_policy(`apache',` # apache should set close-on-exec - apache_dontaudit_rw_stream_socket($1) - apache_dontaudit_rw_sys_script_stream_socket($1) + apache_dontaudit_rw_stream_sockets($1) + apache_dontaudit_rw_sys_script_stream_sockets($1) ') ') @@ -507,7 +507,7 @@ interface(`mta_read_aliases',` ## Domain allowed access. ## # -interface(`mta_filetrans_etc_aliases',` +interface(`mta_filetrans_aliases',` gen_require(` type etc_aliases_t; ') @@ -537,7 +537,7 @@ interface(`mta_rw_aliases',` ## Mail server domain. ## # -interface(`mta_dontaudit_rw_delivery_tcp_socket',` +interface(`mta_dontaudit_rw_delivery_tcp_sockets',` gen_require(` attribute mailserver_delivery; ') @@ -572,7 +572,7 @@ interface(`mta_tcp_connect_all_mailservers',` ## Domain allowed access. ## # -interface(`mta_dontaudit_read_spool_symlink',` +interface(`mta_dontaudit_read_spool_symlinks',` gen_require(` type mail_spool_t; ') @@ -595,7 +595,7 @@ interface(`mta_getattr_spool',` allow $1 mail_spool_t:file getattr; ') -interface(`mta_dontaudit_getattr_spool',` +interface(`mta_dontaudit_getattr_spool_files',` gen_require(` type mail_spool_t; ') @@ -761,7 +761,7 @@ interface(`mta_read_sendmail_bin',` ## Domain allowed access. ## # -interface(`mta_rw_user_mail_stream_socket',` +interface(`mta_rw_user_mail_stream_sockets',` gen_require(` attribute user_mail_domain; ') diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te index a82b54f..9bc6a3f 100644 --- a/refpolicy/policy/modules/services/mta.te +++ b/refpolicy/policy/modules/services/mta.te @@ -55,7 +55,7 @@ dev_read_urand(system_mail_t) fs_read_eventpollfs(system_mail_t) -init_use_script_pty(system_mail_t) +init_use_script_ptys(system_mail_t) userdom_use_sysadm_terms(system_mail_t) @@ -101,22 +101,22 @@ optional_policy(`apache',` # apache should set close-on-exec apache_dontaudit_append_log(system_mail_t) - apache_dontaudit_rw_stream_socket(system_mail_t) - apache_dontaudit_rw_tcp_socket(system_mail_t) - apache_dontaudit_rw_sys_script_stream_socket(system_mail_t) + apache_dontaudit_rw_stream_sockets(system_mail_t) + apache_dontaudit_rw_tcp_sockets(system_mail_t) + apache_dontaudit_rw_sys_script_stream_sockets(system_mail_t) ') optional_policy(`arpwatch',` arpwatch_manage_tmp_files(system_mail_t) ifdef(`hide_broken_symptoms', ` - arpwatch_dontaudit_rw_packet_socket(system_mail_t) + arpwatch_dontaudit_rw_packet_sockets(system_mail_t) ') ') optional_policy(`cron',` cron_read_system_job_tmp_files(system_mail_t) - cron_dontaudit_write_pipe(system_mail_t) + cron_dontaudit_write_pipes(system_mail_t) ') optional_policy(`cvs',` @@ -157,7 +157,7 @@ optional_policy(`postfix',` ') optional_policy(`sendmail',` - userdom_dontaudit_use_unpriv_user_pty(system_mail_t) + userdom_dontaudit_use_unpriv_users_ptys(system_mail_t) optional_policy(`cron',` cron_dontaudit_append_system_job_tmp_files(system_mail_t) @@ -165,7 +165,7 @@ optional_policy(`sendmail',` ') optional_policy(`smartmon',` - smartmon_read_tmp(system_mail_t) + smartmon_read_tmp_files(system_mail_t) ') # should break this up among sections: @@ -175,7 +175,7 @@ optional_policy(`arpwatch',` arpwatch_search_data(mailserver_delivery) arpwatch_manage_tmp_files(mta_user_agent) ifdef(`hide_broken_symptoms', ` - arpwatch_dontaudit_rw_packet_socket(mta_user_agent) + arpwatch_dontaudit_rw_packet_sockets(mta_user_agent) ') optional_policy(`cron',` cron_read_system_job_tmp_files(mta_user_agent) diff --git a/refpolicy/policy/modules/services/mysql.if b/refpolicy/policy/modules/services/mysql.if index a19f112..43b0ed7 100644 --- a/refpolicy/policy/modules/services/mysql.if +++ b/refpolicy/policy/modules/services/mysql.if @@ -63,7 +63,7 @@ interface(`mysql_read_config',` # # cjp: "_dir" in the name is added to clarify that this # is not searching the database itself. -interface(`mysql_search_db_dir',` +interface(`mysql_search_db',` gen_require(` type mysqld_db_t; ') @@ -80,7 +80,7 @@ interface(`mysql_search_db_dir',` ## Domain allowed access. ## # -interface(`mysql_rw_db_dir',` +interface(`mysql_rw_db_dirs',` gen_require(` type mysqld_db_t; ') @@ -97,7 +97,7 @@ interface(`mysql_rw_db_dir',` ## Domain allowed access. ## # -interface(`mysql_manage_db_dir',` +interface(`mysql_manage_db_dirs',` gen_require(` type mysqld_db_t; ') @@ -115,7 +115,7 @@ interface(`mysql_manage_db_dir',` ## Domain allowed access. ## # -interface(`mysql_rw_db_socket',` +interface(`mysql_rw_db_sockets',` gen_require(` type mysqld_db_t; ') diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te index 80e8abf..49ef70f 100644 --- a/refpolicy/policy/modules/services/mysql.te +++ b/refpolicy/policy/modules/services/mysql.te @@ -95,7 +95,7 @@ files_read_usr_files(mysqld_t) files_search_var_lib(mysqld_t) init_use_fd(mysqld_t) -init_use_script_pty(mysqld_t) +init_use_script_ptys(mysqld_t) libs_use_ld_so(mysqld_t) libs_use_shared_libs(mysqld_t) @@ -116,8 +116,8 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(mysqld_t) - term_dontaudit_use_generic_pty(mysqld_t) + term_dontaudit_use_unallocated_ttys(mysqld_t) + term_dontaudit_use_generic_ptys(mysqld_t) files_dontaudit_read_root_files(mysqld_t) ') @@ -134,7 +134,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(mysqld_t) + nscd_socket_use(mysqld_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/networkmanager.if b/refpolicy/policy/modules/services/networkmanager.if index 200795e..0b9371b 100644 --- a/refpolicy/policy/modules/services/networkmanager.if +++ b/refpolicy/policy/modules/services/networkmanager.if @@ -9,7 +9,7 @@ ## # # cjp: added for named. -interface(`networkmanager_rw_udp_socket',` +interface(`networkmanager_rw_udp_sockets',` gen_require(` type NetworkManager_t; ') @@ -26,7 +26,7 @@ interface(`networkmanager_rw_udp_socket',` ## # # cjp: added for named. -interface(`networkmanager_rw_packet_socket',` +interface(`networkmanager_rw_packet_sockets',` gen_require(` type NetworkManager_t; ') @@ -44,7 +44,7 @@ interface(`networkmanager_rw_packet_socket',` ## # # cjp: added for named. -interface(`networkmanager_rw_routing_socket',` +interface(`networkmanager_rw_routing_sockets',` gen_require(` type NetworkManager_t; ') diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te index cb5058e..bd00b52 100644 --- a/refpolicy/policy/modules/services/networkmanager.te +++ b/refpolicy/policy/modules/services/networkmanager.te @@ -79,7 +79,7 @@ files_read_etc_runtime_files(NetworkManager_t) files_read_usr_files(NetworkManager_t) init_use_fd(NetworkManager_t) -init_use_script_pty(NetworkManager_t) +init_use_script_ptys(NetworkManager_t) init_read_utmp(NetworkManager_t) init_domtrans_script(NetworkManager_t) @@ -106,11 +106,11 @@ sysnet_filetrans_config(NetworkManager_t) userdom_dontaudit_use_unpriv_user_fd(NetworkManager_t) userdom_dontaudit_search_sysadm_home_dir(NetworkManager_t) -userdom_dontaudit_use_unpriv_user_tty(NetworkManager_t) +userdom_dontaudit_use_unpriv_users_ttys(NetworkManager_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(NetworkManager_t) - term_dontaudit_use_generic_pty(NetworkManager_t) + term_dontaudit_use_unallocated_ttys(NetworkManager_t) + term_dontaudit_use_generic_ptys(NetworkManager_t) files_dontaudit_read_root_files(NetworkManager_t) ') @@ -137,7 +137,7 @@ optional_policy(`dbus',` dbus_system_bus_client_template(NetworkManager,NetworkManager_t) dbus_connect_system_bus(NetworkManager_t) - dbus_send_system_bus_msg(NetworkManager_t) + dbus_send_system_bus(NetworkManager_t) ') optional_policy(`howl',` @@ -153,7 +153,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(NetworkManager_t) + nscd_socket_use(NetworkManager_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/nis.if b/refpolicy/policy/modules/services/nis.if index 297c4b7..63b0e3c 100644 --- a/refpolicy/policy/modules/services/nis.if +++ b/refpolicy/policy/modules/services/nis.if @@ -180,7 +180,7 @@ interface(`nis_list_var_yp',` ## The type of the process performing this action. ## # -interface(`nis_udp_sendto_ypbind',` +interface(`nis_udp_send_ypbind',` gen_require(` type ypbind_t; ') diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te index 2f63b1f..8492ba4 100644 --- a/refpolicy/policy/modules/services/nis.te +++ b/refpolicy/policy/modules/services/nis.te @@ -22,7 +22,7 @@ files_pid_file(ypbind_var_run_t) type yppasswdd_t; type yppasswdd_exec_t; init_daemon_domain(yppasswdd_t,yppasswdd_exec_t) -domain_obj_id_change_exempt(yppasswdd_t) +domain_obj_id_change_exemption(yppasswdd_t) type yppasswdd_var_run_t; files_pid_file(yppasswdd_var_run_t) @@ -100,8 +100,8 @@ files_read_etc_files(ypbind_t) files_list_var(ypbind_t) init_use_fd(ypbind_t) -init_use_script_pty(ypbind_t) -init_udp_sendto_script(ypbind_t) +init_use_script_ptys(ypbind_t) +init_udp_send_script(ypbind_t) libs_use_ld_so(ypbind_t) libs_use_shared_libs(ypbind_t) @@ -115,11 +115,11 @@ sysnet_read_config(ypbind_t) userdom_dontaudit_use_unpriv_user_fd(ypbind_t) userdom_dontaudit_search_sysadm_home_dir(ypbind_t) -portmap_udp_sendto(ypbind_t) +portmap_udp_send(ypbind_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(ypbind_t) - term_dontaudit_use_generic_pty(ypbind_t) + term_dontaudit_use_unallocated_ttys(ypbind_t) + term_dontaudit_use_generic_ptys(ypbind_t) files_dontaudit_read_root_files(ypbind_t) ') @@ -201,8 +201,8 @@ files_read_etc_runtime_files(yppasswdd_t) files_relabel_etc_files(yppasswdd_t) init_use_fd(yppasswdd_t) -init_use_script_pty(yppasswdd_t) -init_udp_sendto_script(yppasswdd_t) +init_use_script_ptys(yppasswdd_t) +init_udp_send_script(yppasswdd_t) libs_use_ld_so(yppasswdd_t) libs_use_shared_libs(yppasswdd_t) @@ -216,11 +216,11 @@ sysnet_read_config(yppasswdd_t) userdom_dontaudit_use_unpriv_user_fd(yppasswdd_t) userdom_dontaudit_search_sysadm_home_dir(yppasswdd_t) -portmap_udp_sendto(yppasswdd_t) +portmap_udp_send(yppasswdd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(yppasswdd_t) - term_dontaudit_use_generic_pty(yppasswdd_t) + term_dontaudit_use_unallocated_ttys(yppasswdd_t) + term_dontaudit_use_generic_ptys(yppasswdd_t) files_dontaudit_read_root_files(yppasswdd_t) ') @@ -296,8 +296,8 @@ domain_use_wide_inherit_fd(ypserv_t) files_read_var_files(ypserv_t) init_use_fd(ypserv_t) -init_use_script_pty(ypserv_t) -init_udp_sendto_script(ypserv_t) +init_use_script_ptys(ypserv_t) +init_udp_send_script(ypserv_t) libs_use_ld_so(ypserv_t) libs_use_shared_libs(ypserv_t) @@ -311,11 +311,11 @@ sysnet_read_config(ypserv_t) userdom_dontaudit_use_unpriv_user_fd(ypserv_t) userdom_dontaudit_search_sysadm_home_dir(ypserv_t) -portmap_udp_sendto(ypserv_t) +portmap_udp_send(ypserv_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(ypserv_t) - term_dontaudit_use_generic_pty(ypserv_t) + term_dontaudit_use_unallocated_ttys(ypserv_t) + term_dontaudit_use_generic_ptys(ypserv_t) files_dontaudit_read_root_files(ypserv_t) ') diff --git a/refpolicy/policy/modules/services/nscd.if b/refpolicy/policy/modules/services/nscd.if index aa0b51d..e35536c 100644 --- a/refpolicy/policy/modules/services/nscd.if +++ b/refpolicy/policy/modules/services/nscd.if @@ -31,7 +31,7 @@ interface(`nscd_domtrans',` ## Domain allowed access. ## # -interface(`nscd_use_socket',` +interface(`nscd_socket_use',` gen_require(` type nscd_t, nscd_var_run_t; class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost }; @@ -59,7 +59,7 @@ interface(`nscd_use_socket',` ## Domain allowed access. ## # -interface(`nscd_use_shared_mem',` +interface(`nscd_shm_use',` gen_require(` type nscd_t, nscd_var_run_t; class nscd { getpwd getgrp gethost shmempwd shmemgrp shmemhost }; diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te index f760218..4b16aab 100644 --- a/refpolicy/policy/modules/services/nscd.te +++ b/refpolicy/policy/modules/services/nscd.te @@ -94,7 +94,7 @@ files_read_etc_files(nscd_t) files_read_generic_tmp_symlinks(nscd_t) init_use_fd(nscd_t) -init_use_script_pty(nscd_t) +init_use_script_ptys(nscd_t) libs_use_ld_so(nscd_t) libs_use_shared_libs(nscd_t) @@ -114,11 +114,11 @@ userdom_dontaudit_use_unpriv_user_fd(nscd_t) userdom_dontaudit_search_sysadm_home_dir(nscd_t) ifdef(`targeted_policy',` - term_use_unallocated_tty(nscd_t) - term_use_generic_pty(nscd_t) + term_use_unallocated_ttys(nscd_t) + term_use_generic_ptys(nscd_t) - term_dontaudit_use_unallocated_tty(nscd_t) - term_dontaudit_use_generic_pty(nscd_t) + term_dontaudit_use_unallocated_ttys(nscd_t) + term_dontaudit_use_generic_ptys(nscd_t) files_dontaudit_read_root_files(nscd_t) ') @@ -127,7 +127,7 @@ optional_policy(`nis',` ') optional_policy(`samba',` - samba_connect_winbind(nscd_t) + samba_stream_connect_winbind(nscd_t) ') optional_policy(`udev',` diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te index 11d2820..0627cb0 100644 --- a/refpolicy/policy/modules/services/ntp.te +++ b/refpolicy/policy/modules/services/ntp.te @@ -92,7 +92,7 @@ corecmd_exec_ls(ntpd_t) corecmd_exec_shell(ntpd_t) domain_use_wide_inherit_fd(ntpd_t) -domain_dontaudit_list_all_domains_proc(ntpd_t) +domain_dontaudit_list_all_domains_state(ntpd_t) files_read_etc_files(ntpd_t) files_read_etc_runtime_files(ntpd_t) @@ -101,7 +101,7 @@ files_list_var_lib(ntpd_t) init_exec_script(ntpd_t) init_use_fd(ntpd_t) -init_use_script_pty(ntpd_t) +init_use_script_ptys(ntpd_t) libs_use_ld_so(ntpd_t) libs_use_shared_libs(ntpd_t) @@ -117,8 +117,8 @@ userdom_list_sysadm_home_dir(ntpd_t) userdom_dontaudit_list_sysadm_home_dir(ntpd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(ntpd_t) - term_dontaudit_use_generic_pty(ntpd_t) + term_dontaudit_use_unallocated_ttys(ntpd_t) + term_dontaudit_use_generic_ptys(ntpd_t) files_dontaudit_read_root_files(ntpd_t) ') @@ -144,11 +144,11 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(ntpd_t) + nscd_socket_use(ntpd_t) ') optional_policy(`samba',` - samba_connect_winbind(ntpd_t) + samba_stream_connect_winbind(ntpd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/openct.te b/refpolicy/policy/modules/services/openct.te index 48b7cb7..6e87759 100644 --- a/refpolicy/policy/modules/services/openct.te +++ b/refpolicy/policy/modules/services/openct.te @@ -44,7 +44,7 @@ fs_search_auto_mountpoints(openct_t) term_dontaudit_use_console(openct_t) init_use_fd(openct_t) -init_use_script_pty(openct_t) +init_use_script_ptys(openct_t) libs_use_ld_so(openct_t) libs_use_shared_libs(openct_t) @@ -57,8 +57,8 @@ userdom_dontaudit_use_unpriv_user_fd(openct_t) userdom_dontaudit_search_sysadm_home_dir(openct_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(openct_t) - term_dontaudit_use_generic_pty(openct_t) + term_dontaudit_use_unallocated_ttys(openct_t) + term_dontaudit_use_generic_ptys(openct_t) files_dontaudit_read_root_files(openct_t) ') diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te index c731210..a98889b 100644 --- a/refpolicy/policy/modules/services/pegasus.te +++ b/refpolicy/policy/modules/services/pegasus.te @@ -98,7 +98,7 @@ files_read_var_lib_files(pegasus_t) files_read_var_lib_symlinks(pegasus_t) init_use_fd(pegasus_t) -init_use_script_pty(pegasus_t) +init_use_script_ptys(pegasus_t) init_rw_utmp(pegasus_t) libs_use_ld_so(pegasus_t) @@ -112,8 +112,8 @@ userdom_dontaudit_use_unpriv_user_fd(pegasus_t) userdom_dontaudit_search_sysadm_home_dir(pegasus_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(pegasus_t) - term_dontaudit_use_generic_pty(pegasus_t) + term_dontaudit_use_unallocated_ttys(pegasus_t) + term_dontaudit_use_generic_ptys(pegasus_t) files_dontaudit_read_root_files(pegasus_t) ') @@ -122,7 +122,7 @@ optional_policy(`logging',` ') optional_policy(`nscd',` - nscd_use_socket(pegasus_t) + nscd_socket_use(pegasus_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/portmap.if b/refpolicy/policy/modules/services/portmap.if index b0ae4a4..55d72b7 100644 --- a/refpolicy/policy/modules/services/portmap.if +++ b/refpolicy/policy/modules/services/portmap.if @@ -64,7 +64,7 @@ interface(`portmap_run_helper',` ## The type of the process performing this action. ## # -interface(`portmap_udp_sendto',` +interface(`portmap_udp_send',` gen_require(` type portmap_t; ') @@ -81,7 +81,7 @@ interface(`portmap_udp_sendto',` ## Domain allowed access. ## # -interface(`portmap_udp_sendrecv',` +interface(`portmap_udp_chat',` gen_require(` type portmap_t; ') diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te index f754662..db41eac 100644 --- a/refpolicy/policy/modules/services/portmap.te +++ b/refpolicy/policy/modules/services/portmap.te @@ -81,9 +81,9 @@ domain_use_wide_inherit_fd(portmap_t) files_read_etc_files(portmap_t) init_use_fd(portmap_t) -init_use_script_pty(portmap_t) -init_udp_sendto(portmap_t) -init_udp_sendto_script(portmap_t) +init_use_script_ptys(portmap_t) +init_udp_send(portmap_t) +init_udp_send_script(portmap_t) libs_use_ld_so(portmap_t) libs_use_shared_libs(portmap_t) @@ -98,8 +98,8 @@ userdom_dontaudit_use_unpriv_user_fd(portmap_t) userdom_dontaudit_search_sysadm_home_dir(portmap_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(portmap_t) - term_dontaudit_use_generic_pty(portmap_t) + term_dontaudit_use_unallocated_ttys(portmap_t) + term_dontaudit_use_generic_ptys(portmap_t) files_dontaudit_read_root_files(portmap_t) ') @@ -113,15 +113,15 @@ optional_policy(`mount',` optional_policy(`nis',` nis_use_ypbind(portmap_t) - nis_udp_sendto_ypbind(portmap_t) + nis_udp_send_ypbind(portmap_t) ') optional_policy(`nscd',` - nscd_use_socket(portmap_t) + nscd_socket_use(portmap_t) ') optional_policy(`rpc',` - rpc_udp_sendto_nfs(portmap_t) + rpc_udp_send_nfs(portmap_t) ') optional_policy(`selinuxutil',` @@ -198,8 +198,8 @@ sysnet_read_config(portmap_helper_t) userdom_dontaudit_use_all_user_fd(portmap_helper_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(portmap_helper_t) - term_dontaudit_use_generic_pty(portmap_helper_t) + term_dontaudit_use_unallocated_ttys(portmap_helper_t) + term_dontaudit_use_generic_ptys(portmap_helper_t) ') optional_policy(`mount',` @@ -215,6 +215,6 @@ gen_require(` type rpcd_t, nfsd_t; ') # rpcd_t needs to talk to the portmap_t domain -portmap_udp_sendrecv(rpcd_t) +portmap_udp_chat(rpcd_t) portmap_tcp_connect(nfsd_t) -portmap_udp_sendrecv(nfsd_t) +portmap_udp_chat(nfsd_t) diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if index e9f661d..807b5ab 100644 --- a/refpolicy/policy/modules/services/postfix.if +++ b/refpolicy/policy/modules/services/postfix.if @@ -60,8 +60,8 @@ template(`postfix_domain_template',` corecmd_list_bin(postfix_$1_t) corecmd_list_sbin(postfix_$1_t) - corecmd_read_bin_symlink(postfix_$1_t) - corecmd_read_sbin_symlink(postfix_$1_t) + corecmd_read_bin_symlinks(postfix_$1_t) + corecmd_read_sbin_symlinks(postfix_$1_t) corecmd_exec_shell(postfix_$1_t) files_read_etc_files(postfix_$1_t) @@ -84,13 +84,13 @@ template(`postfix_domain_template',` userdom_dontaudit_use_unpriv_user_fd(postfix_$1_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(postfix_$1_t) - term_dontaudit_use_generic_pty(postfix_$1_t) + term_dontaudit_use_unallocated_ttys(postfix_$1_t) + term_dontaudit_use_generic_ptys(postfix_$1_t) files_dontaudit_read_root_files(postfix_$1_t) ') optional_policy(`nscd',` - nscd_use_socket(postfix_$1_t) + nscd_socket_use(postfix_$1_t) ') optional_policy(`udev',` @@ -232,7 +232,7 @@ interface(`postfix_filetrans_config',` ## Domain to not audit. ## # -interface(`postfix_dontaudit_rw_local_tcp_socket',` +interface(`postfix_dontaudit_rw_local_tcp_sockets',` gen_require(` type postfix_local_t; ') diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te index 3450bc7..6749d3f 100644 --- a/refpolicy/policy/modules/services/postfix.te +++ b/refpolicy/policy/modules/services/postfix.te @@ -161,7 +161,7 @@ domain_use_wide_inherit_fd(postfix_master_t) files_read_usr_files(postfix_master_t) -init_use_script_pty(postfix_master_t) +init_use_script_ptys(postfix_master_t) miscfiles_dontaudit_search_man_pages(postfix_master_t) @@ -318,15 +318,15 @@ corenet_udp_bind_all_nodes(postfix_map_t) corenet_tcp_connect_all_ports(postfix_map_t) corecmd_list_bin(postfix_map_t) -corecmd_read_bin_symlink(postfix_map_t) -corecmd_read_bin_file(postfix_map_t) -corecmd_read_bin_pipe(postfix_map_t) -corecmd_read_bin_socket(postfix_map_t) +corecmd_read_bin_symlinks(postfix_map_t) +corecmd_read_bin_files(postfix_map_t) +corecmd_read_bin_pipes(postfix_map_t) +corecmd_read_bin_sockets(postfix_map_t) corecmd_list_sbin(postfix_map_t) -corecmd_read_sbin_symlink(postfix_map_t) -corecmd_read_sbin_file(postfix_map_t) -corecmd_read_sbin_pipe(postfix_map_t) -corecmd_read_sbin_socket(postfix_map_t) +corecmd_read_sbin_symlinks(postfix_map_t) +corecmd_read_sbin_files(postfix_map_t) +corecmd_read_sbin_pipes(postfix_map_t) +corecmd_read_sbin_sockets(postfix_map_t) files_list_home(postfix_map_t) files_read_usr_files(postfix_map_t) @@ -423,18 +423,18 @@ term_dontaudit_use_all_user_ttys(postfix_postdrop_t) sysnet_dontaudit_read_config(postfix_postdrop_t) -mta_rw_user_mail_stream_socket(postfix_postdrop_t) +mta_rw_user_mail_stream_sockets(postfix_postdrop_t) ifdef(`targeted_policy', ` - term_use_unallocated_tty(postfix_postdrop_t) - term_use_generic_pty(postfix_postdrop_t) + term_use_unallocated_ttys(postfix_postdrop_t) + term_use_generic_ptys(postfix_postdrop_t) ') optional_policy(`crond',` cron_use_fd(postfix_postdrop_t) - cron_rw_pipe(postfix_postdrop_t) + cron_rw_pipes(postfix_postdrop_t) cron_use_system_job_fd(postfix_postdrop_t) - cron_rw_system_job_pipe(postfix_postdrop_t) + cron_rw_system_job_pipes(postfix_postdrop_t) ') optional_policy(`ppp',` diff --git a/refpolicy/policy/modules/services/postgresql.if b/refpolicy/policy/modules/services/postgresql.if index 692d8b1..bcba99c 100644 --- a/refpolicy/policy/modules/services/postgresql.if +++ b/refpolicy/policy/modules/services/postgresql.if @@ -8,7 +8,7 @@ ## Domain allowed access. ## # -interface(`postgresql_search_db_dir',` +interface(`postgresql_search_db',` gen_require(` type postgresql_db_t; ') @@ -99,7 +99,7 @@ interface(`postgresql_tcp_connect',` ## Domain allowed access. ## # -interface(`postgresql_unix_connect',` +interface(`postgresql_stream_connect',` gen_require(` type postgresql_t, postgresql_var_run_t; ') diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te index ecfb1f9..c040b80 100644 --- a/refpolicy/policy/modules/services/postgresql.te +++ b/refpolicy/policy/modules/services/postgresql.te @@ -112,7 +112,7 @@ corecmd_exec_ls(postgresql_t) corecmd_exec_sbin(postgresql_t) corecmd_exec_shell(postgresql_t) -domain_dontaudit_list_all_domains_proc(postgresql_t) +domain_dontaudit_list_all_domains_state(postgresql_t) domain_use_wide_inherit_fd(postgresql_t) files_dontaudit_search_home(postgresql_t) @@ -123,7 +123,7 @@ files_read_usr_files(postgresql_t) init_read_utmp(postgresql_t) init_use_fd(postgresql_t) -init_use_script_pty(postgresql_t) +init_use_script_ptys(postgresql_t) libs_use_ld_so(postgresql_t) libs_use_shared_libs(postgresql_t) @@ -137,15 +137,15 @@ seutil_dontaudit_search_config(postgresql_t) sysnet_read_config(postgresql_t) userdom_dontaudit_search_sysadm_home_dir(postgresql_t) -userdom_dontaudit_use_sysadm_tty(postgresql_t) +userdom_dontaudit_use_sysadm_ttys(postgresql_t) userdom_dontaudit_use_unpriv_user_fd(postgresql_t) mta_getattr_spool(postgresql_t) ifdef(`targeted_policy', ` files_dontaudit_read_root_files(postgresql_t) - term_dontaudit_use_generic_pty(postgresql_t) - term_dontaudit_use_unallocated_tty(postgresql_t) + term_dontaudit_use_generic_ptys(postgresql_t) + term_dontaudit_use_unallocated_ttys(postgresql_t) ') tunable_policy(`allow_execmem',` @@ -207,7 +207,7 @@ ifdef(`distro_debian', ` ifdef(`distro_gentoo', ` allow postgresql_t initrc_su_t:process { sigchld }; # "su - postgres ..." is called from initrc_t - postgresql_search_db_dir(initrc_su_t) + postgresql_search_db(initrc_su_t) dontaudit initrc_su_t sysadm_devpts_t:chr_file rw_file_perms; ') ') diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te index e7fd70a..274fd73 100644 --- a/refpolicy/policy/modules/services/ppp.te +++ b/refpolicy/policy/modules/services/ppp.te @@ -134,9 +134,9 @@ corenet_use_ppp_device(pppd_t) fs_getattr_all_fs(pppd_t) fs_search_auto_mountpoints(pppd_t) -term_use_unallocated_tty(pppd_t) +term_use_unallocated_ttys(pppd_t) term_setattr_unallocated_ttys(pppd_t) -term_ioctl_generic_pty(pppd_t) +term_ioctl_generic_ptys(pppd_t) # for pppoe term_create_pty(pppd_t,pppd_devpts_t) term_dontaudit_use_console(pppd_t) @@ -156,7 +156,7 @@ files_read_etc_files(pppd_t) init_read_utmp(pppd_t) init_dontaudit_write_utmp(pppd_t) init_use_fd(pppd_t) -init_use_script_pty(pppd_t) +init_use_script_ptys(pppd_t) libs_use_ld_so(pppd_t) libs_use_shared_libs(pppd_t) @@ -177,8 +177,8 @@ userdom_search_sysadm_home_dir(pppd_t) userdom_search_unpriv_user_home_dirs(pppd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(pppd_t) - term_dontaudit_use_generic_pty(pppd_t) + term_dontaudit_use_unallocated_ttys(pppd_t) + term_dontaudit_use_generic_ptys(pppd_t) files_dontaudit_read_root_files(pppd_t) optional_policy(`postfix',` @@ -211,7 +211,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(pppd_t) + nscd_socket_use(pppd_t) ') optional_policy(`selinuxutil',` @@ -275,14 +275,14 @@ fs_getattr_all_fs(pptp_t) fs_search_auto_mountpoints(pptp_t) term_dontaudit_use_console(pptp_t) -term_ioctl_generic_pty(pptp_t) +term_ioctl_generic_ptys(pptp_t) term_search_ptys(pptp_t) term_use_ptmx(pptp_t) domain_use_wide_inherit_fd(pptp_t) init_use_fd(pptp_t) -init_use_script_pty(pptp_t) +init_use_script_ptys(pptp_t) libs_use_ld_so(pptp_t) libs_use_shared_libs(pptp_t) @@ -297,8 +297,8 @@ userdom_dontaudit_use_unpriv_user_fd(pptp_t) userdom_dontaudit_search_sysadm_home_dir(pptp_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(pptp_t) - term_dontaudit_use_generic_pty(pptp_t) + term_dontaudit_use_unallocated_ttys(pptp_t) + term_dontaudit_use_generic_ptys(pptp_t) files_dontaudit_read_root_files(pptp_t) ') @@ -307,7 +307,7 @@ optional_policy(`hostname',` ') optional_policy(`nscd',` - nscd_use_socket(pptp_t) + nscd_socket_use(pptp_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te index 3d594d8..c007c93 100644 --- a/refpolicy/policy/modules/services/privoxy.te +++ b/refpolicy/policy/modules/services/privoxy.te @@ -64,7 +64,7 @@ domain_use_wide_inherit_fd(privoxy_t) files_read_etc_files(privoxy_t) init_use_fd(privoxy_t) -init_use_script_pty(privoxy_t) +init_use_script_ptys(privoxy_t) libs_use_ld_so(privoxy_t) libs_use_shared_libs(privoxy_t) @@ -81,8 +81,8 @@ userdom_dontaudit_search_sysadm_home_dir(privoxy_t) userdom_use_sysadm_terms(privoxy_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(privoxy_t) - term_dontaudit_use_generic_pty(privoxy_t) + term_dontaudit_use_unallocated_ttys(privoxy_t) + term_dontaudit_use_generic_ptys(privoxy_t) files_dontaudit_read_root_files(privoxy_t) ') diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te index 8ea75fc..514119f 100644 --- a/refpolicy/policy/modules/services/procmail.te +++ b/refpolicy/policy/modules/services/procmail.te @@ -84,18 +84,18 @@ optional_policy(`logging',` ') optional_policy(`nscd',` - nscd_use_socket(procmail_t) + nscd_socket_use(procmail_t) ') optional_policy(`postfix',` # for a bug in the postfix local program - postfix_dontaudit_rw_local_tcp_socket(procmail_t) + postfix_dontaudit_rw_local_tcp_sockets(procmail_t) postfix_dontaudit_use_fd(procmail_t) ') optional_policy(`sendmail',` mta_read_config(procmail_t) - sendmail_rw_tcp_socket(procmail_t) + sendmail_rw_tcp_sockets(procmail_t) ') optional_policy(`spamassassin',` diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te index 9e17238..e116279 100644 --- a/refpolicy/policy/modules/services/radius.te +++ b/refpolicy/policy/modules/services/radius.te @@ -87,7 +87,7 @@ files_read_etc_files(radiusd_t) files_read_etc_runtime_files(radiusd_t) init_use_fd(radiusd_t) -init_use_script_pty(radiusd_t) +init_use_script_ptys(radiusd_t) libs_use_ld_so(radiusd_t) libs_use_shared_libs(radiusd_t) @@ -101,11 +101,11 @@ sysnet_read_config(radiusd_t) userdom_dontaudit_use_unpriv_user_fd(radiusd_t) userdom_dontaudit_search_sysadm_home_dir(radiusd_t) -userdom_dontaudit_getattr_sysadm_home_dir(radiusd_t) +userdom_dontaudit_getattr_sysadm_home_dirs(radiusd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(radiusd_t) - term_dontaudit_use_generic_pty(radiusd_t) + term_dontaudit_use_unallocated_ttys(radiusd_t) + term_dontaudit_use_generic_ptys(radiusd_t) files_dontaudit_read_root_files(radiusd_t) ') diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te index 0251303..f97dfe7 100644 --- a/refpolicy/policy/modules/services/radvd.te +++ b/refpolicy/policy/modules/services/radvd.te @@ -64,7 +64,7 @@ files_read_etc_files(radvd_t) files_list_usr(radvd_t) init_use_fd(radvd_t) -init_use_script_pty(radvd_t) +init_use_script_ptys(radvd_t) libs_use_ld_so(radvd_t) libs_use_shared_libs(radvd_t) @@ -79,8 +79,8 @@ userdom_dontaudit_use_unpriv_user_fd(radvd_t) userdom_dontaudit_search_sysadm_home_dir(radvd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(radvd_t) - term_dontaudit_use_generic_pty(radvd_t) + term_dontaudit_use_unallocated_ttys(radvd_t) + term_dontaudit_use_generic_ptys(radvd_t) files_dontaudit_read_root_files(radvd_t) ') diff --git a/refpolicy/policy/modules/services/rdisc.te b/refpolicy/policy/modules/services/rdisc.te index 864a5ce..c24f18b 100644 --- a/refpolicy/policy/modules/services/rdisc.te +++ b/refpolicy/policy/modules/services/rdisc.te @@ -45,7 +45,7 @@ domain_use_wide_inherit_fd(rdisc_t) files_read_etc_files(rdisc_t) init_use_fd(rdisc_t) -init_use_script_pty(rdisc_t) +init_use_script_ptys(rdisc_t) libs_use_ld_so(rdisc_t) libs_use_shared_libs(rdisc_t) @@ -57,8 +57,8 @@ sysnet_read_config(rdisc_t) userdom_dontaudit_use_unpriv_user_fd(rdisc_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(rdisc_t) - term_dontaudit_use_generic_pty(rdisc_t) + term_dontaudit_use_unallocated_ttys(rdisc_t) + term_dontaudit_use_generic_ptys(rdisc_t) files_dontaudit_read_root_files(rdisc_t) ') diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te index e917daf..95bd519 100644 --- a/refpolicy/policy/modules/services/remotelogin.te +++ b/refpolicy/policy/modules/services/remotelogin.te @@ -7,9 +7,9 @@ policy_module(remotelogin,1.1.0) # type remote_login_t; -domain_obj_id_change_exempt(remote_login_t) -domain_subj_id_change_exempt(remote_login_t) -domain_role_change_exempt(remote_login_t) +domain_obj_id_change_exemption(remote_login_t) +domain_subj_id_change_exemption(remote_login_t) +domain_role_change_exemption(remote_login_t) domain_type(remote_login_t) domain_wide_inherit_fd(remote_login_t) auth_login_entry_type(remote_login_t) @@ -74,15 +74,15 @@ auth_domtrans_pam_console(remote_login_t) corecmd_list_bin(remote_login_t) corecmd_list_sbin(remote_login_t) -corecmd_read_bin_symlink(remote_login_t) -corecmd_read_sbin_symlink(remote_login_t) +corecmd_read_bin_symlinks(remote_login_t) +corecmd_read_sbin_symlinks(remote_login_t) # cjp: these are probably not needed: -corecmd_read_bin_file(remote_login_t) -corecmd_read_bin_pipe(remote_login_t) -corecmd_read_bin_socket(remote_login_t) -corecmd_read_sbin_file(remote_login_t) -corecmd_read_sbin_pipe(remote_login_t) -corecmd_read_sbin_socket(remote_login_t) +corecmd_read_bin_files(remote_login_t) +corecmd_read_bin_pipes(remote_login_t) +corecmd_read_bin_sockets(remote_login_t) +corecmd_read_sbin_files(remote_login_t) +corecmd_read_sbin_pipes(remote_login_t) +corecmd_read_sbin_sockets(remote_login_t) domain_read_all_entry_files(remote_login_t) @@ -157,7 +157,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(remote_login_t) + nscd_socket_use(remote_login_t) ') optional_policy(`usermanage',` diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te index da68a2c..fe539fc 100644 --- a/refpolicy/policy/modules/services/rlogin.te +++ b/refpolicy/policy/modules/services/rlogin.te @@ -106,7 +106,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(rlogind_t) + nscd_socket_use(rlogind_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/services/roundup.te b/refpolicy/policy/modules/services/roundup.te index cc0a0bf..2cbbba7 100644 --- a/refpolicy/policy/modules/services/roundup.te +++ b/refpolicy/policy/modules/services/roundup.te @@ -74,7 +74,7 @@ fs_search_auto_mountpoints(roundup_t) term_dontaudit_use_console(roundup_t) init_use_fd(roundup_t) -init_use_script_pty(roundup_t) +init_use_script_ptys(roundup_t) libs_use_ld_so(roundup_t) libs_use_shared_libs(roundup_t) @@ -90,8 +90,8 @@ userdom_dontaudit_search_sysadm_home_dir(roundup_t) ifdef(`targeted_policy',` files_dontaudit_read_root_files(roundup_t) - term_dontaudit_use_unallocated_tty(roundup_t) - term_dontaudit_use_generic_pty(roundup_t) + term_dontaudit_use_unallocated_ttys(roundup_t) + term_dontaudit_use_generic_ptys(roundup_t) ') optional_policy(`mount',` @@ -100,7 +100,7 @@ optional_policy(`mount',` optional_policy(`mysql',` mysql_stream_connect(roundup_t) - mysql_search_db_dir(roundup_t) + mysql_search_db(roundup_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if index f3267c6..3e17634 100644 --- a/refpolicy/policy/modules/services/rpc.if +++ b/refpolicy/policy/modules/services/rpc.if @@ -80,7 +80,7 @@ template(`rpc_domain_template', ` files_search_var_lib($1_t) init_use_fd($1_t) - init_use_script_pty($1_t) + init_use_script_ptys($1_t) libs_use_ld_so($1_t) libs_use_shared_libs($1_t) @@ -94,8 +94,8 @@ template(`rpc_domain_template', ` userdom_dontaudit_use_unpriv_user_fd($1_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty($1_t) - term_dontaudit_use_generic_pty($1_t) + term_dontaudit_use_unallocated_ttys($1_t) + term_dontaudit_use_generic_ptys($1_t) files_dontaudit_read_root_files($1_t) ') @@ -124,7 +124,7 @@ template(`rpc_domain_template', ` ## The type of the process performing this action. ## # -interface(`rpc_udp_sendto',` +interface(`rpc_udp_send',` gen_require(` type rpc_t; ') @@ -264,7 +264,7 @@ interface(`rpc_udp_rw_nfs_sockets',` ## Domain allowed access. ## # -interface(`rpc_udp_sendto_nfs',` +interface(`rpc_udp_send_nfs',` gen_require(` type nfsd_t; ') diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te index 55d562e..df3c4cd 100644 --- a/refpolicy/policy/modules/services/rshd.te +++ b/refpolicy/policy/modules/services/rshd.te @@ -8,8 +8,8 @@ policy_module(rshd,1.1.0) type rshd_t; type rshd_exec_t; inetd_tcp_service_domain(rshd_t,rshd_exec_t) -domain_subj_id_change_exempt(rshd_t) -domain_role_change_exempt(rshd_t) +domain_subj_id_change_exemption(rshd_t) +domain_role_change_exemption(rshd_t) role system_r types rshd_t; ######################################## @@ -46,8 +46,8 @@ selinux_compute_user_contexts(rshd_t) auth_domtrans_chk_passwd(rshd_t) -corecmd_read_bin_symlink(rshd_t) -corecmd_read_sbin_symlink(rshd_t) +corecmd_read_bin_symlinks(rshd_t) +corecmd_read_sbin_symlinks(rshd_t) files_list_home(rshd_t) files_read_etc_files(rshd_t) @@ -87,7 +87,7 @@ optional_policy(`kerberos',` ') optional_policy(`nscd',` - nscd_use_socket(rshd_t) + nscd_socket_use(rshd_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te index 94db6d0..5b4b55e 100644 --- a/refpolicy/policy/modules/services/rsync.te +++ b/refpolicy/policy/modules/services/rsync.te @@ -104,5 +104,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(rsync_t) + nscd_socket_use(rsync_t) ') diff --git a/refpolicy/policy/modules/services/samba.if b/refpolicy/policy/modules/services/samba.if index d2854a5..34a7cad 100644 --- a/refpolicy/policy/modules/services/samba.if +++ b/refpolicy/policy/modules/services/samba.if @@ -241,7 +241,7 @@ interface(`samba_rw_var_files',` ## Domain allowed access. ## # -interface(`samba_write_smbmount_tcp_socket',` +interface(`samba_write_smbmount_tcp_sockets',` gen_require(` type smbmount_t; ') @@ -257,7 +257,7 @@ interface(`samba_write_smbmount_tcp_socket',` ## Domain allowed access. ## # -interface(`samba_rw_smbmount_tcp_socket',` +interface(`samba_rw_smbmount_tcp_sockets',` gen_require(` type smbmount_t; ') @@ -336,7 +336,7 @@ interface(`samba_read_winbind_pid',` ## Domain allowed access. ## # -interface(`samba_connect_winbind',` +interface(`samba_stream_connect_winbind',` gen_require(` type samba_var_t, winbind_t, winbind_var_run_t; ') diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te index 0ffedb0..070be06 100644 --- a/refpolicy/policy/modules/services/samba.te +++ b/refpolicy/policy/modules/services/samba.te @@ -142,8 +142,8 @@ sysnet_read_config(samba_net_t) userdom_dontaudit_search_sysadm_home_dir(samba_net_t) ifdef(`targeted_policy',` - term_use_generic_pty(samba_net_t) - term_use_unallocated_tty(samba_net_t) + term_use_generic_ptys(samba_net_t) + term_use_unallocated_ttys(samba_net_t) ') optional_policy(`kerberos',` @@ -163,7 +163,7 @@ optional_policy(`ldap',` ') optional_policy(`nscd',` - nscd_use_socket(samba_net_t) + nscd_socket_use(samba_net_t) ') ifdef(`TODO',` @@ -269,7 +269,7 @@ files_search_spool(smbd_t) files_list_mnt(smbd_t) init_use_fd(smbd_t) -init_use_script_pty(smbd_t) +init_use_script_ptys(smbd_t) libs_use_ld_so(smbd_t) libs_use_shared_libs(smbd_t) @@ -290,8 +290,8 @@ userdom_use_unpriv_users_fd(smbd_t) ifdef(`targeted_policy', ` files_dontaudit_read_root_files(smbd_t) - term_dontaudit_use_generic_pty(smbd_t) - term_dontaudit_use_unallocated_tty(smbd_t) + term_dontaudit_use_generic_ptys(smbd_t) + term_dontaudit_use_unallocated_ttys(smbd_t) ') tunable_policy(`allow_smbd_anon_write',` @@ -311,7 +311,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(smbd_t) + nscd_socket_use(smbd_t) ') optional_policy(`selinuxutil',` @@ -403,7 +403,7 @@ files_read_usr_files(nmbd_t) files_read_etc_files(nmbd_t) init_use_fd(nmbd_t) -init_use_script_pty(nmbd_t) +init_use_script_ptys(nmbd_t) libs_use_ld_so(nmbd_t) libs_use_shared_libs(nmbd_t) @@ -421,8 +421,8 @@ userdom_use_unpriv_users_fd(nmbd_t) ifdef(`targeted_policy', ` files_dontaudit_read_root_files(nmbd_t) - term_dontaudit_use_generic_pty(nmbd_t) - term_dontaudit_use_unallocated_tty(nmbd_t) + term_dontaudit_use_generic_ptys(nmbd_t) + term_dontaudit_use_unallocated_ttys(nmbd_t) ') optional_policy(`nis',` @@ -512,15 +512,15 @@ logging_search_logs(smbmount_t) sysnet_read_config(smbmount_t) -userdom_use_all_user_fd(smbmount_t) -userdom_use_sysadm_tty(smbmount_t) +userdom_use_all_users_fd(smbmount_t) +userdom_use_sysadm_ttys(smbmount_t) optional_policy(`nis',` nis_use_ypbind(smbmount_t) ') optional_policy(`nscd',` - nscd_use_socket(smbmount_t) + nscd_socket_use(smbmount_t) ') ifdef(`TODO',` @@ -618,7 +618,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(swat_t) + nscd_socket_use(swat_t) ') ######################################## @@ -695,7 +695,7 @@ domain_use_wide_inherit_fd(winbind_t) files_read_etc_files(winbind_t) init_use_fd(winbind_t) -init_use_script_pty(winbind_t) +init_use_script_ptys(winbind_t) libs_use_ld_so(winbind_t) libs_use_shared_libs(winbind_t) @@ -712,8 +712,8 @@ userdom_dontaudit_search_sysadm_home_dir(winbind_t) userdom_priveleged_home_dir_manager(winbind_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(winbind_t) - term_dontaudit_use_generic_pty(winbind_t) + term_dontaudit_use_unallocated_ttys(winbind_t) + term_dontaudit_use_generic_ptys(winbind_t) files_dontaudit_read_root_files(winbind_t) ') @@ -726,7 +726,7 @@ optional_policy(`mount',` ') optional_policy(`nscd',` - nscd_use_socket(winbind_t) + nscd_socket_use(winbind_t) ') optional_policy(`selinuxutil',` @@ -767,12 +767,12 @@ logging_send_syslog_msg(winbind_helper_t) miscfiles_read_localization(winbind_helper_t) ifdef(`targeted_policy',` - term_use_generic_pty(winbind_helper_t) - term_use_unallocated_tty(winbind_helper_t) + term_use_generic_ptys(winbind_helper_t) + term_use_unallocated_ttys(winbind_helper_t) ') optional_policy(`nscd',` - nscd_use_socket(winbind_helper_t) + nscd_socket_use(winbind_helper_t) ') optional_policy(`squid',` diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te index 38e85d6..56fc9de 100644 --- a/refpolicy/policy/modules/services/sasl.te +++ b/refpolicy/policy/modules/services/sasl.te @@ -63,8 +63,8 @@ files_dontaudit_getattr_home_dir(saslauthd_t) files_dontaudit_getattr_tmp_dirs(saslauthd_t) init_use_fd(saslauthd_t) -init_use_script_pty(saslauthd_t) -init_dontaudit_unix_connect_script(saslauthd_t) +init_use_script_ptys(saslauthd_t) +init_dontaudit_stream_connect_script(saslauthd_t) libs_use_ld_so(saslauthd_t) libs_use_shared_libs(saslauthd_t) @@ -82,8 +82,8 @@ userdom_dontaudit_use_unpriv_user_fd(saslauthd_t) userdom_dontaudit_search_sysadm_home_dir(saslauthd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(saslauthd_t) - term_dontaudit_use_generic_pty(saslauthd_t) + term_dontaudit_use_unallocated_ttys(saslauthd_t) + term_dontaudit_use_generic_ptys(saslauthd_t) files_dontaudit_read_root_files(saslauthd_t) ') @@ -94,7 +94,7 @@ tunable_policy(`allow_saslauthd_read_shadow',` ') optional_policy(`mysql',` - mysql_search_db_dir(saslauthd_t) + mysql_search_db(saslauthd_t) mysql_stream_connect(saslauthd_t) ') diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if index 0ab0a34..c5e4bc1 100644 --- a/refpolicy/policy/modules/services/sendmail.if +++ b/refpolicy/policy/modules/services/sendmail.if @@ -45,7 +45,7 @@ interface(`sendmail_domtrans',` ## Domain allowed access. ## # -interface(`sendmail_rw_tcp_socket',` +interface(`sendmail_rw_tcp_sockets',` gen_require(` type sendmail_t; ') diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te index fca880d..ec350f6 100644 --- a/refpolicy/policy/modules/services/sendmail.te +++ b/refpolicy/policy/modules/services/sendmail.te @@ -74,7 +74,7 @@ files_search_spool(sendmail_t) files_read_etc_runtime_files(sendmail_t) init_use_fd(sendmail_t) -init_use_script_pty(sendmail_t) +init_use_script_ptys(sendmail_t) # sendmail wants to read /var/run/utmp if the controlling tty is /dev/console init_read_utmp(sendmail_t) init_dontaudit_write_utmp(sendmail_t) @@ -82,7 +82,7 @@ init_dontaudit_write_utmp(sendmail_t) libs_use_ld_so(sendmail_t) libs_use_shared_libs(sendmail_t) # Read /usr/lib/sasl2/.* -libs_read_lib(sendmail_t) +libs_read_lib_files(sendmail_t) logging_send_syslog_msg(sendmail_t) @@ -94,7 +94,7 @@ userdom_dontaudit_use_unpriv_user_fd(sendmail_t) userdom_dontaudit_search_sysadm_home_dir(sendmail_t) mta_read_config(sendmail_t) -mta_filetrans_etc_aliases(sendmail_t) +mta_filetrans_aliases(sendmail_t) # Write to /etc/aliases and /etc/mail. mta_rw_aliases(sendmail_t) # Write to /var/spool/mail and /var/spool/mqueue. @@ -103,8 +103,8 @@ mta_manage_spool(sendmail_t) ifdef(`targeted_policy',` unconfined_domain_template(sendmail_t) - term_dontaudit_use_unallocated_tty(sendmail_t) - term_dontaudit_use_generic_pty(sendmail_t) + term_dontaudit_use_unallocated_ttys(sendmail_t) + term_dontaudit_use_generic_ptys(sendmail_t) files_dontaudit_read_root_files(sendmail_t) ',` allow sendmail_t sendmail_tmp_t:dir create_dir_perms; @@ -120,7 +120,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(sendmail_t) + nscd_socket_use(sendmail_t) ') optional_policy(`postfix',` diff --git a/refpolicy/policy/modules/services/slrnpull.te b/refpolicy/policy/modules/services/slrnpull.te index 8ccc475..4cdda12 100644 --- a/refpolicy/policy/modules/services/slrnpull.te +++ b/refpolicy/policy/modules/services/slrnpull.te @@ -56,7 +56,7 @@ fs_search_auto_mountpoints(slrnpull_t) term_dontaudit_use_console(slrnpull_t) init_use_fd(slrnpull_t) -init_use_script_pty(slrnpull_t) +init_use_script_ptys(slrnpull_t) libs_use_ld_so(slrnpull_t) libs_use_shared_libs(slrnpull_t) @@ -70,8 +70,8 @@ userdom_dontaudit_search_sysadm_home_dir(slrnpull_t) ifdef(`targeted_policy',` files_dontaudit_read_root_files(slrnpull_t) - term_dontaudit_use_unallocated_tty(slrnpull_t) - term_dontaudit_use_generic_pty(slrnpull_t) + term_dontaudit_use_unallocated_ttys(slrnpull_t) + term_dontaudit_use_generic_ptys(slrnpull_t) ') optional_policy(`cron',` diff --git a/refpolicy/policy/modules/services/smartmon.if b/refpolicy/policy/modules/services/smartmon.if index d9772b2..5b83f56 100644 --- a/refpolicy/policy/modules/services/smartmon.if +++ b/refpolicy/policy/modules/services/smartmon.if @@ -8,7 +8,7 @@ ## The process type reading the temporary files. ## # -interface(`smartmon_read_tmp',` +interface(`smartmon_read_tmp_files',` gen_require(` type fsdaemon_tmp_t; ') diff --git a/refpolicy/policy/modules/services/smartmon.te b/refpolicy/policy/modules/services/smartmon.te index 7681839..9a3a1cc 100644 --- a/refpolicy/policy/modules/services/smartmon.te +++ b/refpolicy/policy/modules/services/smartmon.te @@ -72,7 +72,7 @@ term_dontaudit_use_console(fsdaemon_t) term_dontaudit_search_ptys(fsdaemon_t) init_use_fd(fsdaemon_t) -init_use_script_pty(fsdaemon_t) +init_use_script_ptys(fsdaemon_t) libs_use_ld_so(fsdaemon_t) libs_use_shared_libs(fsdaemon_t) @@ -89,8 +89,8 @@ userdom_dontaudit_use_unpriv_user_fd(fsdaemon_t) userdom_dontaudit_search_sysadm_home_dir(fsdaemon_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(fsdaemon_t) - term_dontaudit_use_generic_pty(fsdaemon_t) + term_dontaudit_use_unallocated_ttys(fsdaemon_t) + term_dontaudit_use_generic_ptys(fsdaemon_t) files_dontaudit_read_root_files(fsdaemon_t) ') diff --git a/refpolicy/policy/modules/services/snmp.if b/refpolicy/policy/modules/services/snmp.if index 93cf004..1c1cf99 100644 --- a/refpolicy/policy/modules/services/snmp.if +++ b/refpolicy/policy/modules/services/snmp.if @@ -43,7 +43,7 @@ interface(`snmp_udp_chat',` ## Domain allowed access. ## # -interface(`snmp_read_snmp_var_lib',` +interface(`snmp_read_snmp_var_lib_files',` gen_require(` type snmpd_var_lib_t; ') diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te index 03e0612..50c3343 100644 --- a/refpolicy/policy/modules/services/snmp.te +++ b/refpolicy/policy/modules/services/snmp.te @@ -99,7 +99,7 @@ term_dontaudit_use_console(snmpd_t) init_read_utmp(snmpd_t) init_use_fd(snmpd_t) -init_use_script_pty(snmpd_t) +init_use_script_ptys(snmpd_t) init_dontaudit_write_utmp(snmpd_t) libs_use_ld_so(snmpd_t) @@ -124,8 +124,8 @@ ifdef(`distro_redhat', ` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(snmpd_t) - term_dontaudit_use_generic_pty(snmpd_t) + term_dontaudit_use_unallocated_ttys(snmpd_t) + term_dontaudit_use_generic_ptys(snmpd_t) files_dontaudit_read_root_files(snmpd_t) ') @@ -142,7 +142,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(snmpd_t) + nscd_socket_use(snmpd_t) ') optional_policy(`rpc',` diff --git a/refpolicy/policy/modules/services/spamassassin.if b/refpolicy/policy/modules/services/spamassassin.if index 6d3ac33..1d7aca6 100644 --- a/refpolicy/policy/modules/services/spamassassin.if +++ b/refpolicy/policy/modules/services/spamassassin.if @@ -109,15 +109,15 @@ template(`spamassassin_per_userdomain_template',` # cjp: these should probably be removed: corecmd_list_bin($1_spamc_t) - corecmd_read_bin_symlink($1_spamc_t) - corecmd_read_bin_file($1_spamc_t) - corecmd_read_bin_pipe($1_spamc_t) - corecmd_read_bin_socket($1_spamc_t) + corecmd_read_bin_symlinks($1_spamc_t) + corecmd_read_bin_files($1_spamc_t) + corecmd_read_bin_pipes($1_spamc_t) + corecmd_read_bin_sockets($1_spamc_t) corecmd_list_sbin($1_spamc_t) - corecmd_read_sbin_symlink($1_spamc_t) - corecmd_read_sbin_file($1_spamc_t) - corecmd_read_sbin_pipe($1_spamc_t) - corecmd_read_sbin_socket($1_spamc_t) + corecmd_read_sbin_symlinks($1_spamc_t) + corecmd_read_sbin_files($1_spamc_t) + corecmd_read_sbin_pipes($1_spamc_t) + corecmd_read_sbin_sockets($1_spamc_t) domain_use_wide_inherit_fd($1_spamc_t) @@ -143,7 +143,7 @@ template(`spamassassin_per_userdomain_template',` userdom_use_unpriv_users_fd($1_spamc_t) # cjp: this really should just be the # terminal specific to the role - userdom_use_unpriv_user_pty($1_spamc_t) + userdom_use_unpriv_users_ptys($1_spamc_t) # cjp: this should probably be removed: tunable_policy(`read_default_t',` @@ -163,7 +163,7 @@ template(`spamassassin_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_spamc_t) + nscd_socket_use($1_spamc_t) ') optional_policy(`sendmail',` @@ -225,15 +225,15 @@ template(`spamassassin_per_userdomain_template',` # this should probably be removed corecmd_list_bin($1_spamassassin_t) - corecmd_read_bin_symlink($1_spamassassin_t) - corecmd_read_bin_file($1_spamassassin_t) - corecmd_read_bin_pipe($1_spamassassin_t) - corecmd_read_bin_socket($1_spamassassin_t) + corecmd_read_bin_symlinks($1_spamassassin_t) + corecmd_read_bin_files($1_spamassassin_t) + corecmd_read_bin_pipes($1_spamassassin_t) + corecmd_read_bin_sockets($1_spamassassin_t) corecmd_list_sbin($1_spamassassin_t) - corecmd_read_sbin_symlink($1_spamassassin_t) - corecmd_read_sbin_file($1_spamassassin_t) - corecmd_read_sbin_pipe($1_spamassassin_t) - corecmd_read_sbin_socket($1_spamassassin_t) + corecmd_read_sbin_symlinks($1_spamassassin_t) + corecmd_read_sbin_files($1_spamassassin_t) + corecmd_read_sbin_pipes($1_spamassassin_t) + corecmd_read_sbin_sockets($1_spamassassin_t) domain_use_wide_inherit_fd($1_spamassassin_t) @@ -259,7 +259,7 @@ template(`spamassassin_per_userdomain_template',` userdom_search_user_home($1,$1_spamassassin_t) # cjp: this really should just be the # terminal specific to the role - userdom_use_unpriv_user_pty($1_spamassassin_t) + userdom_use_unpriv_users_ptys($1_spamassassin_t) # this should probably be removed: tunable_policy(`read_default_t',` diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te index 066909c..8150fe1 100644 --- a/refpolicy/policy/modules/services/spamassassin.te +++ b/refpolicy/policy/modules/services/spamassassin.te @@ -98,13 +98,13 @@ files_read_etc_files(spamd_t) files_read_etc_runtime_files(spamd_t) init_use_fd(spamd_t) -init_use_script_pty(spamd_t) +init_use_script_ptys(spamd_t) init_dontaudit_rw_utmp(spamd_t) libs_use_ld_so(spamd_t) libs_use_shared_libs(spamd_t) # Various Perl bits -libs_use_lib(spamd_t) +libs_use_lib_files(spamd_t) logging_send_syslog_msg(spamd_t) @@ -117,8 +117,8 @@ userdom_search_unpriv_user_home_dirs(spamd_t) userdom_dontaudit_search_sysadm_home_dir(spamd_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(spamd_t) - term_dontaudit_use_generic_pty(spamd_t) + term_dontaudit_use_unallocated_ttys(spamd_t) + term_dontaudit_use_generic_ptys(spamd_t) files_dontaudit_read_root_files(spamd_t) userdom_manage_generic_user_home_dirs(spamd_t) userdom_manage_generic_user_home_files(spamd_t) diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te index d3dc381..95cafc0 100644 --- a/refpolicy/policy/modules/services/squid.te +++ b/refpolicy/policy/modules/services/squid.te @@ -68,7 +68,7 @@ kernel_read_kernel_sysctls(squid_t) kernel_read_system_state(squid_t) kernel_tcp_recvfrom(squid_t) -bootloader_dontaudit_getattr_boot_dir(squid_t) +bootloader_dontaudit_getattr_boot_dirs(squid_t) corenet_tcp_sendrecv_all_if(squid_t) corenet_raw_sendrecv_all_if(squid_t) @@ -100,7 +100,7 @@ fs_search_auto_mountpoints(squid_t) selinux_dontaudit_getattr_dir(squid_t) term_dontaudit_use_console(squid_t) -term_dontaudit_getattr_pty_dir(squid_t) +term_dontaudit_getattr_pty_dirs(squid_t) # to allow running programs from /usr/lib/squid (IE unlinkd) corecmd_exec_bin(squid_t) @@ -117,7 +117,7 @@ files_dontaudit_getattr_tmp_dirs(squid_t) files_getattr_home_dir(squid_t) init_use_fd(squid_t) -init_use_script_pty(squid_t) +init_use_script_ptys(squid_t) libs_use_ld_so(squid_t) libs_use_shared_libs(squid_t) @@ -136,8 +136,8 @@ userdom_dontaudit_use_unpriv_user_fd(squid_t) userdom_dontaudit_search_sysadm_home_dir(squid_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(squid_t) - term_dontaudit_use_generic_pty(squid_t) + term_dontaudit_use_unallocated_ttys(squid_t) + term_dontaudit_use_generic_ptys(squid_t) files_dontaudit_read_root_files(squid_t) ') @@ -149,8 +149,8 @@ optional_policy(`logrotate',` allow squid_t self:capability kill; cron_use_fd(squid_t) cron_use_system_job_fd(squid_t) - cron_rw_pipe(squid_t) - cron_write_system_job_pipe(squid_t) + cron_rw_pipes(squid_t) + cron_write_system_job_pipes(squid_t) ') optional_policy(`mount',` @@ -162,7 +162,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(squid_t) + nscd_socket_use(squid_t) ') optional_policy(`samba',` diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if index d51727a..f7861ca 100644 --- a/refpolicy/policy/modules/services/ssh.if +++ b/refpolicy/policy/modules/services/ssh.if @@ -138,11 +138,11 @@ template(`ssh_per_userdomain_template',` corecmd_exec_shell($1_ssh_t) corecmd_exec_bin($1_ssh_t) corecmd_list_sbin($1_ssh_t) - corecmd_read_sbin_symlink($1_ssh_t) + corecmd_read_sbin_symlinks($1_ssh_t) # cjp: these are probably not needed: - corecmd_read_sbin_file($1_ssh_t) - corecmd_read_sbin_pipe($1_ssh_t) - corecmd_read_sbin_socket($1_ssh_t) + corecmd_read_sbin_files($1_ssh_t) + corecmd_read_sbin_pipes($1_ssh_t) + corecmd_read_sbin_sockets($1_ssh_t) domain_use_wide_inherit_fd($1_ssh_t) @@ -201,7 +201,7 @@ template(`ssh_per_userdomain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_ssh_t) + nscd_socket_use($1_ssh_t) ') optional_policy(`xserver',` @@ -308,7 +308,7 @@ template(`ssh_per_userdomain_template',` files_read_etc_runtime_files($1_ssh_agent_t) files_search_home($1_ssh_agent_t) - libs_read_lib($1_ssh_agent_t) + libs_read_lib_files($1_ssh_agent_t) libs_use_ld_so($1_ssh_agent_t) libs_use_shared_libs($1_ssh_agent_t) @@ -382,7 +382,7 @@ template(`ssh_per_userdomain_template',` # optional_policy(`nscd',` - nscd_use_socket($1_ssh_keysign_t) + nscd_socket_use($1_ssh_keysign_t) ') ') @@ -466,15 +466,15 @@ template(`ssh_server_template', ` auth_rw_lastlog($1_t) auth_append_faillog($1_t) - corecmd_read_bin_symlink($1_t) - corecmd_getattr_bin_file($1_t) + corecmd_read_bin_symlinks($1_t) + corecmd_getattr_bin_files($1_t) # for sshd subsystems, such as sftp-server. - corecmd_getattr_bin_file($1_t) + corecmd_getattr_bin_files($1_t) domain_wide_inherit_fd($1_t) - domain_subj_id_change_exempt($1_t) - domain_role_change_exempt($1_t) - domain_obj_id_change_exempt($1_t) + domain_subj_id_change_exemption($1_t) + domain_role_change_exemption($1_t) + domain_obj_id_change_exemption($1_t) files_read_etc_files($1_t) files_read_etc_runtime_files($1_t) @@ -499,7 +499,7 @@ template(`ssh_server_template', ` sysnet_read_config($1_t) - userdom_dontaudit_relabelfrom_unpriv_user_pty($1_t) + userdom_dontaudit_relabelfrom_unpriv_users_ptys($1_t) userdom_search_all_users_home($1_t) # Allow checking users mail at login @@ -522,14 +522,14 @@ template(`ssh_server_template', ` # ',` # corenet_tcp_bind_ssh_port($1_t) # init_use_fd($1_t) - # init_use_script_pty($1_t) + # init_use_script_ptys($1_t) # ') #',` # These rules should match the else block # of the run_ssh_inetd tunable directly above corenet_tcp_bind_ssh_port($1_t) init_use_fd($1_t) - init_use_script_pty($1_t) + init_use_script_ptys($1_t) #') optional_policy(`kerberos',` @@ -541,7 +541,7 @@ template(`ssh_server_template', ` ') optional_policy(`nscd',` - nscd_use_socket($1_t) + nscd_socket_use($1_t) ') ') @@ -569,7 +569,7 @@ interface(`ssh_sigchld',` ## Domain allowed access. ## # -interface(`ssh_read_pipe',` +interface(`ssh_read_pipes',` gen_require(` type sshd_t; ') @@ -586,7 +586,7 @@ interface(`ssh_read_pipe',` ## Domain to not audit. ## # -interface(`ssh_dontaudit_rw_tcp_socket',` +interface(`ssh_dontaudit_rw_tcp_sockets',` gen_require(` type sshd_t; ') diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te index 51eb4d3..0253278 100644 --- a/refpolicy/policy/modules/services/ssh.te +++ b/refpolicy/policy/modules/services/ssh.te @@ -114,7 +114,7 @@ ifdef(`targeted_policy',`',` userdom_setattr_unpriv_user_pty(sshd_t) userdom_relabelto_unpriv_user_pty(sshd_t) - userdom_use_unpriv_user_pty(sshd_t) + userdom_use_unpriv_users_ptys(sshd_t) ') optional_policy(`daemontools',` @@ -233,7 +233,7 @@ ifdef(`targeted_policy',`',` files_read_etc_files(ssh_keygen_t) init_use_fd(ssh_keygen_t) - init_use_script_pty(ssh_keygen_t) + init_use_script_ptys(ssh_keygen_t) libs_use_ld_so(ssh_keygen_t) libs_use_shared_libs(ssh_keygen_t) @@ -243,7 +243,7 @@ ifdef(`targeted_policy',`',` allow ssh_keygen_t proc_t:dir r_dir_perms; allow ssh_keygen_t proc_t:lnk_file read; - userdom_use_sysadm_tty(ssh_keygen_t) + userdom_use_sysadm_ttys(ssh_keygen_t) userdom_dontaudit_use_unpriv_user_fd(ssh_keygen_t) # cjp: with the old daemon_(base_)domain being broken up into @@ -253,8 +253,8 @@ ifdef(`targeted_policy',`',` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(ssh_keygen_t) - term_dontaudit_use_generic_pty(ssh_keygen_t) + term_dontaudit_use_unallocated_ttys(ssh_keygen_t) + term_dontaudit_use_generic_ptys(ssh_keygen_t) files_dontaudit_read_root_files(ssh_keygen_t) ') diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te index b2e32f1..e851f18 100644 --- a/refpolicy/policy/modules/services/stunnel.te +++ b/refpolicy/policy/modules/services/stunnel.te @@ -92,14 +92,14 @@ ifdef(`distro_gentoo', ` domain_use_wide_inherit_fd(stunnel_t) init_use_fd(stunnel_t) - init_use_script_pty(stunnel_t) + init_use_script_ptys(stunnel_t) userdom_dontaudit_use_unpriv_user_fd(stunnel_t) userdom_dontaudit_search_sysadm_home_dir(stunnel_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(stunnel_t) - term_dontaudit_use_generic_pty(stunnel_t) + term_dontaudit_use_unallocated_ttys(stunnel_t) + term_dontaudit_use_generic_ptys(stunnel_t) files_dontaudit_read_root_files(stunnel_t) ') @@ -135,7 +135,7 @@ ifdef(`distro_gentoo', ` ') optional_policy(`nscd',` - nscd_use_socket(stunnel_t) + nscd_socket_use(stunnel_t) ') ') diff --git a/refpolicy/policy/modules/services/sysstat.te b/refpolicy/policy/modules/services/sysstat.te index 5bfdc8f..f0a84f2 100644 --- a/refpolicy/policy/modules/services/sysstat.te +++ b/refpolicy/policy/modules/services/sysstat.te @@ -52,7 +52,7 @@ fs_getattr_xattr_fs(sysstat_t) term_use_console(sysstat_t) init_use_fd(sysstat_t) -init_use_script_pty(sysstat_t) +init_use_script_ptys(sysstat_t) libs_use_ld_so(sysstat_t) libs_use_shared_libs(sysstat_t) diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te index 186d25f..447c3e2 100644 --- a/refpolicy/policy/modules/services/tcpd.te +++ b/refpolicy/policy/modules/services/tcpd.te @@ -61,7 +61,7 @@ optional_policy(`nis',` ') optional_policy(`portmap',` - portmap_udp_sendto(tcpd_t) + portmap_udp_send(tcpd_t) ') optional_policy(`rlogin',` diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te index ad044f5..e707da1 100644 --- a/refpolicy/policy/modules/services/telnet.te +++ b/refpolicy/policy/modules/services/telnet.te @@ -99,7 +99,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(telnetd_t) + nscd_socket_use(telnetd_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te index b51075b..0cb4f6b 100644 --- a/refpolicy/policy/modules/services/tftp.te +++ b/refpolicy/policy/modules/services/tftp.te @@ -69,7 +69,7 @@ files_read_var_symlinks(tftpd_t) files_search_var(tftpd_t) init_use_fd(tftpd_t) -init_use_script_pty(tftpd_t) +init_use_script_ptys(tftpd_t) libs_use_ld_so(tftpd_t) libs_use_shared_libs(tftpd_t) @@ -81,12 +81,12 @@ miscfiles_read_localization(tftpd_t) sysnet_read_config(tftpd_t) userdom_dontaudit_use_unpriv_user_fd(tftpd_t) -userdom_dontaudit_use_sysadm_tty(tftpd_t) +userdom_dontaudit_use_sysadm_ttys(tftpd_t) userdom_dontaudit_search_sysadm_home_dir(tftpd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(tftpd_t) - term_dontaudit_use_generic_pty(tftpd_t) + term_dontaudit_use_unallocated_ttys(tftpd_t) + term_dontaudit_use_generic_ptys(tftpd_t) files_dontaudit_read_root_files(tftpd_t) ') @@ -95,7 +95,7 @@ optional_policy(`mount',` ') optional_policy(`nscd',` - nscd_use_socket(tftpd_t) + nscd_socket_use(tftpd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/timidity.te b/refpolicy/policy/modules/services/timidity.te index da3e5a6..e89ff56 100644 --- a/refpolicy/policy/modules/services/timidity.te +++ b/refpolicy/policy/modules/services/timidity.te @@ -68,12 +68,12 @@ files_read_usr_files(timidity_t) files_read_etc_files(timidity_t) init_use_fd(timidity_t) -init_use_script_pty(timidity_t) +init_use_script_ptys(timidity_t) libs_use_ld_so(timidity_t) libs_use_shared_libs(timidity_t) # read libartscbackend.la -libs_read_lib(timidity_t) +libs_read_lib_files(timidity_t) logging_send_syslog_msg(timidity_t) @@ -86,8 +86,8 @@ userdom_dontaudit_use_unpriv_user_fd(timidity_t) userdom_search_sysadm_home_dir(timidity_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(timidity_t) - term_dontaudit_use_generic_pty(timidity_t) + term_dontaudit_use_unallocated_ttys(timidity_t) + term_dontaudit_use_generic_ptys(timidity_t) files_dontaudit_read_root_files(timidity_t) ') diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te index 56aca2f..75c1bee 100644 --- a/refpolicy/policy/modules/services/uucp.te +++ b/refpolicy/policy/modules/services/uucp.te @@ -107,5 +107,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(uucpd_t) + nscd_socket_use(uucpd_t) ') diff --git a/refpolicy/policy/modules/services/xfs.if b/refpolicy/policy/modules/services/xfs.if index 93e0241..bb2fa26 100644 --- a/refpolicy/policy/modules/services/xfs.if +++ b/refpolicy/policy/modules/services/xfs.if @@ -8,7 +8,7 @@ ## Domain allowed access. ## # -interface(`xfs_read_socket',` +interface(`xfs_read_sockets',` gen_require(` type xfs_tmp_t; ') diff --git a/refpolicy/policy/modules/services/xfs.te b/refpolicy/policy/modules/services/xfs.te index a805e4c..6e1e30a 100644 --- a/refpolicy/policy/modules/services/xfs.te +++ b/refpolicy/policy/modules/services/xfs.te @@ -55,7 +55,7 @@ files_read_etc_files(xfs_t) files_read_etc_runtime_files(xfs_t) init_use_fd(xfs_t) -init_use_script_pty(xfs_t) +init_use_script_ptys(xfs_t) libs_use_ld_so(xfs_t) libs_use_shared_libs(xfs_t) @@ -74,8 +74,8 @@ ifdef(`distro_debian',` ') ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(xfs_t) - term_dontaudit_use_generic_pty(xfs_t) + term_dontaudit_use_unallocated_ttys(xfs_t) + term_dontaudit_use_generic_ptys(xfs_t) files_dontaudit_read_root_files(xfs_t) ') diff --git a/refpolicy/policy/modules/services/xserver.if b/refpolicy/policy/modules/services/xserver.if index be61ef3..0696a34 100644 --- a/refpolicy/policy/modules/services/xserver.if +++ b/refpolicy/policy/modules/services/xserver.if @@ -123,7 +123,7 @@ template(`xserver_common_domain_template',` fs_search_auto_mountpoints($1_xserver_t) term_setattr_unallocated_ttys($1_xserver_t) - term_use_unallocated_tty($1_xserver_t) + term_use_unallocated_ttys($1_xserver_t) libs_use_ld_so($1_xserver_t) libs_use_shared_libs($1_xserver_t) @@ -148,7 +148,7 @@ template(`xserver_common_domain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_xserver_t) + nscd_socket_use($1_xserver_t) ') optional_policy(`xfs',` @@ -351,8 +351,8 @@ template(`xserver_per_userdomain_template',` optional_policy(`ssh',` ssh_sigchld($1_xauth_t) - ssh_read_pipe($1_xauth_t) - ssh_dontaudit_rw_tcp_socket($1_xauth_t) + ssh_read_pipes($1_xauth_t) + ssh_dontaudit_rw_tcp_sockets($1_xauth_t) ') ############################## @@ -457,7 +457,7 @@ interface(`xserver_stream_connect_xdm',` ## Domain allowed access. ## # -interface(`xserver_create_xdm_tmp_socket',` +interface(`xserver_create_xdm_tmp_sockets',` gen_require(` type xdm_tmp_t; ') diff --git a/refpolicy/policy/modules/services/xserver.te b/refpolicy/policy/modules/services/xserver.te index 01a4284..e1b5cff 100644 --- a/refpolicy/policy/modules/services/xserver.te +++ b/refpolicy/policy/modules/services/xserver.te @@ -164,15 +164,15 @@ selinux_compute_user_contexts(xdm_t) storage_dontaudit_read_fixed_disk(xdm_t) storage_dontaudit_write_fixed_disk(xdm_t) -storage_dontaudit_setattr_fixed_disk(xdm_t) +storage_dontaudit_setattr_fixed_disk_dev(xdm_t) storage_dontaudit_raw_read_removable_device(xdm_t) storage_dontaudit_raw_write_removable_device(xdm_t) -storage_dontaudit_setattr_removable_device(xdm_t) +storage_dontaudit_setattr_removable_dev(xdm_t) storage_dontaudit_rw_scsi_generic(xdm_t) term_setattr_console(xdm_t) term_dontaudit_use_console(xdm_t) -term_use_unallocated_tty(xdm_t) +term_use_unallocated_ttys(xdm_t) term_setattr_unallocated_ttys(xdm_t) auth_rw_lastlog(xdm_t) @@ -183,7 +183,7 @@ auth_exec_pam(xdm_t) auth_manage_pam_console_data(xdm_t) init_rw_utmp(xdm_t) -init_use_script_pty(xdm_t) +init_use_script_ptys(xdm_t) # Run telinit->init to shutdown. init_exec(xdm_t) init_write_initctl(xdm_t) @@ -208,7 +208,7 @@ userdom_dontaudit_search_sysadm_home_dir(xdm_t) # for .dmrc userdom_read_unpriv_user_home_files(xdm_t) # Search /proc for any user domain processes. -userdom_read_all_userdomains_state(xdm_t) +userdom_read_all_users_state(xdm_t) userdom_signal_all_users(xdm_t) ifdef(`enable_polyinstantiation',` @@ -271,9 +271,9 @@ ifdef(`strict_policy',` allow xdm_t xserver_log_t:fifo_file manage_file_perms; logging_filetrans_log(xdm_t,xserver_log_t,file) - domain_subj_id_change_exempt(xdm_t) - domain_role_change_exempt(xdm_t) - domain_obj_id_change_exempt(xdm_t) + domain_subj_id_change_exemption(xdm_t) + domain_role_change_exemption(xdm_t) + domain_obj_id_change_exemption(xdm_t) auth_domtrans_chk_passwd(xdm_t) auth_domtrans_pam_console(xdm_t) @@ -338,11 +338,11 @@ optional_policy(`locallogin',` optional_policy(`mta',` # Do not audit attempts to check whether user root has email - mta_dontaudit_getattr_spool(xdm_t) + mta_dontaudit_getattr_spool_files(xdm_t) ') optional_policy(`nscd',` - nscd_use_socket(xdm_t) + nscd_socket_use(xdm_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te index 2f6fc24..14369df 100644 --- a/refpolicy/policy/modules/services/zebra.te +++ b/refpolicy/policy/modules/services/zebra.te @@ -92,7 +92,7 @@ files_read_etc_files(zebra_t) files_read_etc_runtime_files(zebra_t) init_use_fd(zebra_t) -init_use_script_pty(zebra_t) +init_use_script_ptys(zebra_t) libs_use_ld_so(zebra_t) libs_use_shared_libs(zebra_t) @@ -107,8 +107,8 @@ userdom_dontaudit_use_unpriv_user_fd(zebra_t) userdom_dontaudit_search_sysadm_home_dir(zebra_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(zebra_t) - term_dontaudit_use_generic_pty(zebra_t) + term_dontaudit_use_unallocated_ttys(zebra_t) + term_dontaudit_use_generic_ptys(zebra_t) files_dontaudit_read_root_files(zebra_t) unconfined_sigchld(zebra_t) ') @@ -122,7 +122,7 @@ optional_policy(`nis',` ') optional_policy(`zebra',` - rpm_read_pipe(zebra_t) + rpm_read_pipes(zebra_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if index 519a80a..a940335 100644 --- a/refpolicy/policy/modules/system/authlogin.if +++ b/refpolicy/policy/modules/system/authlogin.if @@ -65,11 +65,11 @@ template(`authlogin_common_auth_domain_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_chkpwd_t) + nscd_socket_use($1_chkpwd_t) ') optional_policy(`samba',` - samba_connect_winbind($1_chkpwd_t) + samba_stream_connect_winbind($1_chkpwd_t) ') ') @@ -264,7 +264,7 @@ interface(`auth_domtrans_chk_passwd',` ') optional_policy(`samba',` - samba_connect_winbind($1) + samba_stream_connect_winbind($1) ') ') @@ -1030,7 +1030,7 @@ interface(`auth_manage_login_records',` type wtmp_t; ') - logging_rw_log_dir($1) + logging_rw_generic_log_dirs($1) allow $1 wtmp_t:file create_file_perms; ') @@ -1059,7 +1059,7 @@ interface(`auth_use_nsswitch',` ') optional_policy(`samba',` - samba_connect_winbind($1) + samba_stream_connect_winbind($1) ') ') diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te index 6cc38e1..0581c91 100644 --- a/refpolicy/policy/modules/system/authlogin.te +++ b/refpolicy/policy/modules/system/authlogin.te @@ -126,7 +126,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(pam_t) + nscd_socket_use(pam_t) ') ######################################## @@ -172,12 +172,12 @@ dev_setattr_xserver_misc_dev(pam_console_t) fs_search_auto_mountpoints(pam_console_t) -storage_getattr_fixed_disk(pam_console_t) -storage_setattr_fixed_disk(pam_console_t) -storage_getattr_removable_device(pam_console_t) -storage_setattr_removable_device(pam_console_t) -storage_getattr_scsi_generic(pam_console_t) -storage_setattr_scsi_generic(pam_console_t) +storage_getattr_fixed_disk_dev(pam_console_t) +storage_setattr_fixed_disk_dev(pam_console_t) +storage_getattr_removable_dev(pam_console_t) +storage_setattr_removable_dev(pam_console_t) +storage_getattr_scsi_generic_dev(pam_console_t) +storage_setattr_scsi_generic_dev(pam_console_t) term_use_console(pam_console_t) term_setattr_console(pam_console_t) @@ -195,7 +195,7 @@ files_list_mnt(pam_console_t) files_read_etc_runtime_files(pam_console_t) init_use_fd(pam_console_t) -init_use_script_pty(pam_console_t) +init_use_script_ptys(pam_console_t) libs_use_ld_so(pam_console_t) libs_use_shared_libs(pam_console_t) @@ -216,8 +216,8 @@ ifdef(`direct_sysadm_daemon', ` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(pam_console_t) - term_dontaudit_use_generic_pty(pam_console_t) + term_dontaudit_use_unallocated_ttys(pam_console_t) + term_dontaudit_use_generic_ptys(pam_console_t) files_dontaudit_read_root_files(pam_console_t) ') @@ -232,7 +232,7 @@ optional_policy(`hotplug',` ') optional_policy(`nscd',` - nscd_use_socket(pam_console_t) + nscd_socket_use(pam_console_t) ') optional_policy(`selinuxutil',` @@ -262,10 +262,10 @@ corecmd_search_sbin(system_chkpwd_t) domain_dontaudit_use_wide_inherit_fd(system_chkpwd_t) -term_dontaudit_use_unallocated_tty(system_chkpwd_t) -term_dontaudit_use_generic_pty(system_chkpwd_t) +term_dontaudit_use_unallocated_ttys(system_chkpwd_t) +term_dontaudit_use_generic_ptys(system_chkpwd_t) -userdom_dontaudit_use_unpriv_user_tty(system_chkpwd_t) +userdom_dontaudit_use_unpriv_users_ttys(system_chkpwd_t) ######################################## # @@ -300,7 +300,7 @@ logging_search_logs(utempter_t) userdom_write_unpriv_user_tmp(utempter_t) optional_policy(`nscd',` - nscd_use_socket(utempter_t) + nscd_socket_use(utempter_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/system/clock.te b/refpolicy/policy/modules/system/clock.te index 92d9fe5..25bd938 100644 --- a/refpolicy/policy/modules/system/clock.te +++ b/refpolicy/policy/modules/system/clock.te @@ -41,14 +41,14 @@ fs_getattr_xattr_fs(hwclock_t) fs_search_auto_mountpoints(hwclock_t) term_dontaudit_use_console(hwclock_t) -term_use_unallocated_tty(hwclock_t) +term_use_unallocated_ttys(hwclock_t) term_use_all_user_ttys(hwclock_t) term_use_all_user_ptys(hwclock_t) domain_use_wide_inherit_fd(hwclock_t) init_use_fd(hwclock_t) -init_use_script_pty(hwclock_t) +init_use_script_ptys(hwclock_t) files_read_etc_files(hwclock_t) # for when /usr is not mounted: @@ -62,18 +62,18 @@ logging_send_syslog_msg(hwclock_t) miscfiles_read_localization(hwclock_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(hwclock_t) - term_dontaudit_use_generic_pty(hwclock_t) + term_dontaudit_use_unallocated_ttys(hwclock_t) + term_dontaudit_use_generic_ptys(hwclock_t) files_dontaudit_read_root_files(hwclock_t) ') optional_policy(`apm',` apm_append_log(hwclock_t) - apm_rw_stream_socket(hwclock_t) + apm_rw_stream_sockets(hwclock_t) ') optional_policy(`nscd',` - nscd_use_socket(hwclock_t) + nscd_socket_use(hwclock_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/system/daemontools.te b/refpolicy/policy/modules/system/daemontools.te index 037c993..a933e78 100644 --- a/refpolicy/policy/modules/system/daemontools.te +++ b/refpolicy/policy/modules/system/daemontools.te @@ -104,7 +104,7 @@ allow svc_start_t self:unix_stream_socket create_socket_perms; can_exec(svc_start_t svc_start_exec_t) -corecmd_read_sbin_symlink(svc_start_t) +corecmd_read_sbin_symlinks(svc_start_t) corecmd_exec_bin(svc_start_t) corecmd_exec_shell(svc_start_t) diff --git a/refpolicy/policy/modules/system/fstools.te b/refpolicy/policy/modules/system/fstools.te index 9828823..0d3b9d2 100644 --- a/refpolicy/policy/modules/system/fstools.te +++ b/refpolicy/policy/modules/system/fstools.te @@ -96,15 +96,15 @@ term_use_console(fsadm_t) corecmd_list_bin(fsadm_t) corecmd_list_sbin(fsadm_t) -corecmd_read_bin_symlink(fsadm_t) -corecmd_read_sbin_symlink(fsadm_t) +corecmd_read_bin_symlinks(fsadm_t) +corecmd_read_sbin_symlinks(fsadm_t) # cjp: these are probably not needed: -corecmd_read_bin_file(fsadm_t) -corecmd_read_bin_pipe(fsadm_t) -corecmd_read_bin_socket(fsadm_t) -corecmd_read_sbin_file(fsadm_t) -corecmd_read_sbin_pipe(fsadm_t) -corecmd_read_sbin_socket(fsadm_t) +corecmd_read_bin_files(fsadm_t) +corecmd_read_bin_pipes(fsadm_t) +corecmd_read_bin_sockets(fsadm_t) +corecmd_read_sbin_files(fsadm_t) +corecmd_read_sbin_pipes(fsadm_t) +corecmd_read_sbin_sockets(fsadm_t) domain_use_wide_inherit_fd(fsadm_t) @@ -124,7 +124,7 @@ files_manage_mnt_dirs(fsadm_t) files_search_all(fsadm_t) init_use_fd(fsadm_t) -init_use_script_pty(fsadm_t) +init_use_script_ptys(fsadm_t) libs_use_ld_so(fsadm_t) libs_use_shared_libs(fsadm_t) @@ -133,15 +133,15 @@ logging_send_syslog_msg(fsadm_t) miscfiles_read_localization(fsadm_t) -modutils_read_module_conf(fsadm_t) +modutils_read_module_config(fsadm_t) seutil_read_config(fsadm_t) userdom_use_unpriv_users_fd(fsadm_t) ifdef(`targeted_policy',` - term_use_unallocated_tty(fsadm_t) - term_use_generic_pty(fsadm_t) + term_use_unallocated_ttys(fsadm_t) + term_use_generic_ptys(fsadm_t) ') tunable_policy(`read_default_t',` diff --git a/refpolicy/policy/modules/system/getty.if b/refpolicy/policy/modules/system/getty.if index 0491609..85b8951 100644 --- a/refpolicy/policy/modules/system/getty.if +++ b/refpolicy/policy/modules/system/getty.if @@ -80,7 +80,7 @@ interface(`getty_read_config',` ## Domain allowed access. ## # -interface(`getty_modify_config',` +interface(`getty_rw_config',` gen_require(` type getty_etc_t; ') diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te index cf2f19d..f58810f 100644 --- a/refpolicy/policy/modules/system/getty.te +++ b/refpolicy/policy/modules/system/getty.te @@ -74,7 +74,7 @@ mls_file_write_down(getty_t) # Chown, chmod, read and write ttys. term_use_all_user_ttys(getty_t) -term_use_unallocated_tty(getty_t) +term_use_unallocated_ttys(getty_t) term_setattr_all_user_ttys(getty_t) term_setattr_unallocated_ttys(getty_t) term_setattr_console(getty_t) @@ -90,8 +90,8 @@ files_read_etc_runtime_files(getty_t) files_read_etc_files(getty_t) init_rw_utmp(getty_t) -init_use_script_pty(getty_t) -init_dontaudit_use_script_pty(getty_t) +init_use_script_ptys(getty_t) +init_dontaudit_use_script_ptys(getty_t) libs_use_ld_so(getty_t) libs_use_shared_libs(getty_t) @@ -103,12 +103,12 @@ logging_send_syslog_msg(getty_t) miscfiles_read_localization(getty_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(getty_t) - term_dontaudit_use_generic_pty(getty_t) + term_dontaudit_use_unallocated_ttys(getty_t) + term_dontaudit_use_generic_ptys(getty_t) ') optional_policy(`nscd',` - nscd_use_socket(getty_t) + nscd_socket_use(getty_t) ') optional_policy(`ppp',` diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te index 317c055..59eb546 100644 --- a/refpolicy/policy/modules/system/hostname.te +++ b/refpolicy/policy/modules/system/hostname.te @@ -37,7 +37,7 @@ term_use_all_user_ptys(hostname_t) init_use_fd(hostname_t) init_use_script_fd(hostname_t) -init_use_script_pty(hostname_t) +init_use_script_ptys(hostname_t) domain_use_wide_inherit_fd(hostname_t) diff --git a/refpolicy/policy/modules/system/hotplug.if b/refpolicy/policy/modules/system/hotplug.if index 4971f29..74ae242 100644 --- a/refpolicy/policy/modules/system/hotplug.if +++ b/refpolicy/policy/modules/system/hotplug.if @@ -78,7 +78,7 @@ interface(`hotplug_dontaudit_search_config',` ## Domain allowed access. ## # -interface(`hotplug_getattr_config_dir',` +interface(`hotplug_getattr_config_dirs',` gen_require(` type hotplug_etc_t; ') diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te index 1ce3c8c..31d008f 100644 --- a/refpolicy/policy/modules/system/hotplug.te +++ b/refpolicy/policy/modules/system/hotplug.te @@ -74,8 +74,8 @@ dev_read_urand(hotplug_t) fs_getattr_all_fs(hotplug_t) fs_search_auto_mountpoints(hotplug_t) -storage_setattr_fixed_disk(hotplug_t) -storage_setattr_removable_device(hotplug_t) +storage_setattr_fixed_disk_dev(hotplug_t) +storage_setattr_removable_dev(hotplug_t) term_dontaudit_use_console(hotplug_t) @@ -96,13 +96,13 @@ files_exec_etc_files(hotplug_t) files_dontaudit_search_isid_type_dirs(hotplug_t) init_use_fd(hotplug_t) -init_use_script_pty(hotplug_t) -init_read_script_process_state(hotplug_t) +init_use_script_ptys(hotplug_t) +init_read_script_state(hotplug_t) # Allow hotplug (including /sbin/ifup-local) to start/stop services and # run sendmail -q init_domtrans_script(hotplug_t) # kernel threads inherit from shared descriptor table used by init -init_dontaudit_use_initctl(hotplug_t) +init_dontaudit_rw_initctl(hotplug_t) logging_send_syslog_msg(hotplug_t) logging_search_logs(hotplug_t) @@ -110,13 +110,13 @@ logging_search_logs(hotplug_t) libs_use_ld_so(hotplug_t) libs_use_shared_libs(hotplug_t) # Read /usr/lib/gconv/.* -libs_read_lib(hotplug_t) +libs_read_lib_files(hotplug_t) miscfiles_read_hwdata(hotplug_t) miscfiles_read_localization(hotplug_t) modutils_domtrans_insmod(hotplug_t) -modutils_read_mods_deps(hotplug_t) +modutils_read_module_deps(hotplug_t) seutil_dontaudit_search_config(hotplug_t) @@ -135,8 +135,8 @@ ifdef(`distro_redhat', ` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(hotplug_t) - term_dontaudit_use_generic_pty(hotplug_t) + term_dontaudit_use_unallocated_ttys(hotplug_t) + term_dontaudit_use_generic_ptys(hotplug_t) optional_policy(`consoletype',` consoletype_domtrans(hotplug_t) @@ -176,7 +176,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(hotplug_t) + nscd_socket_use(hotplug_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if index bfb8c09..fa1654f 100644 --- a/refpolicy/policy/modules/system/init.if +++ b/refpolicy/policy/modules/system/init.if @@ -102,7 +102,7 @@ interface(`init_daemon_domain',` ') optional_policy(`nscd',` - nscd_use_socket($1) + nscd_socket_use($1) ') ') @@ -173,9 +173,9 @@ interface(`init_exec',` ######################################## # -# init_get_process_group(domain) +# init_getpgid(domain) # -interface(`init_get_process_group',` +interface(`init_getpgid',` gen_require(` type init_t; ') @@ -222,9 +222,9 @@ interface(`init_write_initctl',` ######################################## # -# init_use_initctl(domain) +# init_rw_initctl(domain) # -interface(`init_use_initctl',` +interface(`init_rw_initctl',` gen_require(` type initctl_t; ') @@ -235,9 +235,9 @@ interface(`init_use_initctl',` ######################################## # -# init_dontaudit_use_initctl(domain) +# init_dontaudit_rw_initctl(domain) # -interface(`init_dontaudit_use_initctl',` +interface(`init_dontaudit_rw_initctl',` gen_require(` type initctl_t; ') @@ -309,7 +309,7 @@ interface(`init_dontaudit_use_fd',` ## Domain allowed access. ## # -interface(`init_udp_sendto',` +interface(`init_udp_send',` gen_require(` type init_t; ') @@ -376,7 +376,7 @@ interface(`init_run_daemon',` ## Domain allowed access. ## # -interface(`init_write_script_pipe',` +interface(`init_write_script_pipes',` gen_require(` type initrc_t; ') @@ -439,7 +439,7 @@ interface(`init_exec_script',` ## Domain allowed access. ## # -interface(`init_read_script_process_state',` +interface(`init_read_script_state',` gen_require(` type initrc_t; ') @@ -482,9 +482,9 @@ interface(`init_dontaudit_use_script_fd',` ######################################## # -# init_get_script_process_group(domain) +# init_getpgid_script(domain) # -interface(`init_get_script_process_group',` +interface(`init_getpgid_script',` gen_require(` type initrc_t; ') @@ -548,7 +548,7 @@ interface(`init_signull_script',` ## Domain allowed access. ## # -interface(`init_rw_script_pipe',` +interface(`init_rw_script_pipes',` gen_require(` type initrc_t; ') @@ -564,7 +564,7 @@ interface(`init_rw_script_pipe',` ## Domain allowed access. ## # -interface(`init_udp_sendto_script',` +interface(`init_udp_send_script',` gen_require(` type initrc_t; ') @@ -582,7 +582,7 @@ interface(`init_udp_sendto_script',` ## Domain allowed access. ## # -interface(`init_unix_connect_script',` +interface(`init_stream_connect_script',` gen_require(` type initrc_t; ') @@ -599,7 +599,7 @@ interface(`init_unix_connect_script',` ## Domain allowed access. ## # -interface(`init_dontaudit_unix_connect_script',` +interface(`init_dontaudit_stream_connect_script',` gen_require(` type initrc_t; ') @@ -643,7 +643,7 @@ interface(`init_dbus_chat_script',` ## Domain allowed access. ## # -interface(`init_use_script_pty',` +interface(`init_use_script_ptys',` gen_require(` type initrc_devpts_t; ') @@ -661,7 +661,7 @@ interface(`init_use_script_pty',` ## Domain to not audit. ## # -interface(`init_dontaudit_use_script_pty',` +interface(`init_dontaudit_use_script_ptys',` gen_require(` type initrc_devpts_t; ') @@ -677,7 +677,7 @@ interface(`init_dontaudit_use_script_pty',` ## Domain allowed access. ## # -interface(`init_read_script_file',` +interface(`init_read_script_files',` gen_require(` type initrc_exec_t; ') diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index 13d819a..c3f68b9 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -177,11 +177,11 @@ optional_policy(`authlogin',` ') optional_policy(`nscd',` - nscd_use_socket(init_t) + nscd_socket_use(init_t) ') optional_policy(`portmap',` - portmap_udp_sendto(init_t) + portmap_udp_send(init_t) ') # Run the shell in the sysadm_t domain for single-user mode. @@ -284,9 +284,9 @@ fs_getattr_all_fs(initrc_t) selinux_get_enforce_mode(initrc_t) -storage_getattr_fixed_disk(initrc_t) -storage_setattr_fixed_disk(initrc_t) -storage_setattr_removable_device(initrc_t) +storage_getattr_fixed_disk_dev(initrc_t) +storage_setattr_fixed_disk_dev(initrc_t) +storage_setattr_removable_dev(initrc_t) term_use_all_terms(initrc_t) term_reset_tty_labels(initrc_t) @@ -354,7 +354,7 @@ logging_send_syslog_msg(initrc_t) logging_manage_generic_logs(initrc_t) logging_read_all_logs(initrc_t) logging_append_all_logs(initrc_t) -logging_read_auditd_config(initrc_t) +logging_read_audit_config(initrc_t) miscfiles_read_localization(initrc_t) # slapd needs to read cert files from its initscript @@ -366,7 +366,7 @@ mls_process_read_up(initrc_t) mls_process_write_down(initrc_t) mls_rangetrans_source(initrc_t) -modutils_read_module_conf(initrc_t) +modutils_read_module_config(initrc_t) modutils_domtrans_insmod(initrc_t) seutil_read_config(initrc_t) @@ -431,7 +431,7 @@ ifdef(`distro_redhat',` fs_rw_tmpfs_chr_files(initrc_t) storage_create_fixed_disk(initrc_t) - storage_getattr_removable_device(initrc_t) + storage_getattr_removable_dev(initrc_t) files_create_boot_flag(initrc_t) # wants to read /.fonts directory @@ -445,7 +445,7 @@ ifdef(`distro_redhat',` auth_dontaudit_read_shadow(initrc_t) optional_policy(`bind',` - bind_manage_config_dir(initrc_t) + bind_manage_config_dirs(initrc_t) ') optional_policy(`rpc',` @@ -455,7 +455,7 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy',` - domain_subj_id_change_exempt(initrc_t) + domain_subj_id_change_exemption(initrc_t) unconfined_domain_template(initrc_t) ',` # cjp: require doesnt work in optionals :\ @@ -483,7 +483,7 @@ optional_policy(`bind',` bind_read_config(initrc_t) # for chmod in start script - bind_setattr_pid_dir(initrc_t) + bind_setattr_pid_dirs(initrc_t) # for /etc/rndc.key ifdef(`distro_redhat',` @@ -512,7 +512,7 @@ optional_policy(`daemontools',` optional_policy(`dbus',` dbus_connect_system_bus(initrc_t) - dbus_send_system_bus_msg(initrc_t) + dbus_send_system_bus(initrc_t) dbus_system_bus_client_template(initrc,initrc_t) dbus_read_config(initrc_t) @@ -535,7 +535,7 @@ optional_policy(`hotplug',` # init scripts run /etc/hotplug/usb.rc hotplug_read_config(initrc_t) - modutils_read_mods_deps(initrc_t) + modutils_read_module_deps(initrc_t) ') optional_policy(`inn',` @@ -553,7 +553,7 @@ optional_policy(`kerberos',` optional_policy(`ldap',` ldap_read_config(initrc_t) - ldap_list_db_dir(initrc_t) + ldap_list_db(initrc_t) ') optional_policy(`loadkeys',` @@ -587,12 +587,12 @@ optional_policy(`mailman',` optional_policy(`mta',` mta_read_config(initrc_t) - mta_dontaudit_read_spool_symlink(initrc_t) + mta_dontaudit_read_spool_symlinks(initrc_t) ') optional_policy(`mysql',` ifdef(`distro_redhat',` - mysql_manage_db_dir(initrc_t) + mysql_manage_db_dirs(initrc_t) ') mysql_stream_connect(initrc_t) @@ -601,12 +601,12 @@ optional_policy(`mysql',` optional_policy(`nis',` nis_use_ypbind(initrc_t) - nis_udp_sendto_ypbind(initrc_t) + nis_udp_send_ypbind(initrc_t) nis_list_var_yp(initrc_t) ') optional_policy(`nscd',` - nscd_use_socket(initrc_t) + nscd_socket_use(initrc_t) ') optional_policy(`raid',` @@ -679,7 +679,7 @@ optional_policy(`xfs',` miscfiles_manage_fonts(initrc_t) # cjp: is this really needed? - xfs_read_socket(initrc_t) + xfs_read_sockets(initrc_t) ') optional_policy(`zebra',` diff --git a/refpolicy/policy/modules/system/ipsec.if b/refpolicy/policy/modules/system/ipsec.if index 0294ab2..237622a 100644 --- a/refpolicy/policy/modules/system/ipsec.if +++ b/refpolicy/policy/modules/system/ipsec.if @@ -48,7 +48,7 @@ interface(`ipsec_stream_connect',` ## The type of the process performing this action. ## # -interface(`ipsec_getattr_key_socket',` +interface(`ipsec_getattr_key_sockets',` gen_require(` type ipsec_t; ') diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te index 5ba6060..8838c20 100644 --- a/refpolicy/policy/modules/system/ipsec.te +++ b/refpolicy/policy/modules/system/ipsec.te @@ -110,7 +110,7 @@ domain_use_wide_inherit_fd(ipsec_t) files_read_etc_files(ipsec_t) init_use_fd(ipsec_t) -init_use_script_pty(ipsec_t) +init_use_script_ptys(ipsec_t) libs_use_ld_so(ipsec_t) libs_use_shared_libs(ipsec_t) @@ -125,8 +125,8 @@ userdom_dontaudit_use_unpriv_user_fd(ipsec_t) userdom_dontaudit_search_sysadm_home_dir(ipsec_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(ipsec_t) - term_dontaudit_use_generic_pty(ipsec_t) + term_dontaudit_use_unallocated_ttys(ipsec_t) + term_dontaudit_use_generic_ptys(ipsec_t) files_dontaudit_read_root_files(ipsec_t) ') @@ -227,7 +227,7 @@ corecmd_exec_bin(ipsec_mgmt_t) domain_use_wide_inherit_fd(ipsec_mgmt_t) # denials when ps tries to search /proc. Do not audit these denials. -domain_dontaudit_list_all_domains_proc(ipsec_mgmt_t) +domain_dontaudit_list_all_domains_state(ipsec_mgmt_t) # suppress audit messages about unnecessary socket access # cjp: this seems excessive domain_dontaudit_rw_all_udp_sockets(ipsec_mgmt_t) @@ -239,7 +239,7 @@ files_read_etc_runtime_files(ipsec_mgmt_t) files_dontaudit_getattr_default_dirs(ipsec_mgmt_t) files_dontaudit_getattr_default_files(ipsec_mgmt_t) -init_use_script_pty(ipsec_mgmt_t) +init_use_script_ptys(ipsec_mgmt_t) init_exec_script(ipsec_mgmt_t) init_use_fd(ipsec_mgmt_t) @@ -261,7 +261,7 @@ optional_policy(`consoletype',` ') optional_policy(`nscd',` - nscd_use_socket(ipsec_mgmt_t) + nscd_socket_use(ipsec_mgmt_t) ') ifdef(`TODO',` diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te index 5de2de2..919d173 100644 --- a/refpolicy/policy/modules/system/iptables.te +++ b/refpolicy/policy/modules/system/iptables.te @@ -57,7 +57,7 @@ domain_use_wide_inherit_fd(iptables_t) files_read_etc_files(iptables_t) init_use_fd(iptables_t) -init_use_script_pty(iptables_t) +init_use_script_ptys(iptables_t) # to allow rules to be saved on reboot: init_rw_script_tmp_files(iptables_t) @@ -73,17 +73,17 @@ miscfiles_read_localization(iptables_t) sysnet_domtrans_ifconfig(iptables_t) sysnet_dns_name_resolve(iptables_t) -userdom_use_all_user_fd(iptables_t) +userdom_use_all_users_fd(iptables_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(iptables_t) - term_dontaudit_use_generic_pty(iptables_t) + term_dontaudit_use_unallocated_ttys(iptables_t) + term_dontaudit_use_generic_ptys(iptables_t) files_dontaudit_read_root_files(iptables_t) ') optional_policy(`firstboot',` firstboot_use_fd(iptables_t) - firstboot_write_pipe(iptables_t) + firstboot_write_pipes(iptables_t) ') optional_policy(`modutils',` diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if index ba832f8..812fc7f 100644 --- a/refpolicy/policy/modules/system/libraries.if +++ b/refpolicy/policy/modules/system/libraries.if @@ -187,7 +187,7 @@ interface(`libs_search_lib',` ## The type of the process performing this action. ## # -interface(`libs_read_lib',` +interface(`libs_read_lib_files',` gen_require(` type lib_t; ') @@ -225,7 +225,7 @@ interface(`libs_exec_lib_files',` ## The type of the process performing this action. ## # -interface(`libs_use_lib',` +interface(`libs_use_lib_files',` gen_require(` type lib_t; ') diff --git a/refpolicy/policy/modules/system/libraries.te b/refpolicy/policy/modules/system/libraries.te index 2b31a94..9cc4ce7 100644 --- a/refpolicy/policy/modules/system/libraries.te +++ b/refpolicy/policy/modules/system/libraries.te @@ -74,15 +74,15 @@ files_search_tmp(ldconfig_t) # for when /etc/ld.so.cache is mislabeled: files_delete_etc_files(ldconfig_t) -init_use_script_pty(ldconfig_t) +init_use_script_ptys(ldconfig_t) logging_send_syslog_msg(ldconfig_t) -userdom_use_all_user_fd(ldconfig_t) +userdom_use_all_users_fd(ldconfig_t) ifdef(`hide_broken_symptoms',` optional_policy(`unconfined',` - unconfined_dontaudit_rw_tcp_socket(ldconfig_t) + unconfined_dontaudit_rw_tcp_sockets(ldconfig_t) ') ') diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te index d4ca0a6..852815d 100644 --- a/refpolicy/policy/modules/system/locallogin.te +++ b/refpolicy/policy/modules/system/locallogin.te @@ -9,9 +9,9 @@ policy_module(locallogin,1.1.2) type local_login_t; auth_login_entry_type(local_login_t) domain_type(local_login_t) -domain_obj_id_change_exempt(local_login_t) -domain_subj_id_change_exempt(local_login_t) -domain_role_change_exempt(local_login_t) +domain_obj_id_change_exemption(local_login_t) +domain_subj_id_change_exemption(local_login_t) +domain_role_change_exemption(local_login_t) domain_wide_inherit_fd(local_login_t) role system_r types local_login_t; @@ -23,9 +23,9 @@ files_tmp_file(local_login_tmp_t) type sulogin_t; type sulogin_exec_t; -domain_obj_id_change_exempt(sulogin_t) -domain_subj_id_change_exempt(sulogin_t) -domain_role_change_exempt(sulogin_t) +domain_obj_id_change_exemption(sulogin_t) +domain_subj_id_change_exemption(sulogin_t) +domain_role_change_exemption(sulogin_t) domain_wide_inherit_fd(sulogin_t) init_domain(sulogin_t,sulogin_exec_t) init_system_domain(sulogin_t,sulogin_exec_t) @@ -95,13 +95,13 @@ selinux_compute_create_context(local_login_t) selinux_compute_relabel_context(local_login_t) selinux_compute_user_contexts(local_login_t) -storage_dontaudit_getattr_fixed_disk(local_login_t) -storage_dontaudit_setattr_fixed_disk(local_login_t) -storage_dontaudit_getattr_removable_device(local_login_t) -storage_dontaudit_setattr_removable_device(local_login_t) +storage_dontaudit_getattr_fixed_disk_dev(local_login_t) +storage_dontaudit_setattr_fixed_disk_dev(local_login_t) +storage_dontaudit_getattr_removable_dev(local_login_t) +storage_dontaudit_setattr_removable_dev(local_login_t) term_use_all_user_ttys(local_login_t) -term_use_unallocated_tty(local_login_t) +term_use_unallocated_ttys(local_login_t) term_relabel_unallocated_ttys(local_login_t) term_relabel_all_user_ttys(local_login_t) term_setattr_all_user_ttys(local_login_t) @@ -118,15 +118,15 @@ auth_domtrans_pam_console(local_login_t) corecmd_list_bin(local_login_t) corecmd_list_sbin(local_login_t) -corecmd_read_bin_symlink(local_login_t) -corecmd_read_sbin_symlink(local_login_t) +corecmd_read_bin_symlinks(local_login_t) +corecmd_read_sbin_symlinks(local_login_t) # cjp: these are probably not needed: -corecmd_read_bin_file(local_login_t) -corecmd_read_bin_pipe(local_login_t) -corecmd_read_bin_socket(local_login_t) -corecmd_read_sbin_file(local_login_t) -corecmd_read_sbin_pipe(local_login_t) -corecmd_read_sbin_socket(local_login_t) +corecmd_read_bin_files(local_login_t) +corecmd_read_bin_pipes(local_login_t) +corecmd_read_bin_sockets(local_login_t) +corecmd_read_sbin_files(local_login_t) +corecmd_read_sbin_pipes(local_login_t) +corecmd_read_sbin_sockets(local_login_t) domain_read_all_entry_files(local_login_t) @@ -203,7 +203,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(local_login_t) + nscd_socket_use(local_login_t) ') optional_policy(`usermanage',` @@ -245,7 +245,7 @@ files_read_etc_files(sulogin_t) # because file systems are not mounted: files_dontaudit_search_isid_type_dirs(sulogin_t) -init_get_script_process_group(sulogin_t) +init_getpgid_script(sulogin_t) libs_use_ld_so(sulogin_t) libs_use_shared_libs(sulogin_t) @@ -259,7 +259,7 @@ auth_read_shadow(sulogin_t) userdom_shell_domtrans_sysadm(sulogin_t) userdom_use_unpriv_users_fd(sulogin_t) -userdom_use_sysadm_pty(sulogin_t) +userdom_use_sysadm_ptys(sulogin_t) userdom_search_staff_home_dir(sulogin_t) userdom_search_sysadm_home_dir(sulogin_t) @@ -269,7 +269,7 @@ ifdef(`distro_debian', `define(`sulogin_no_pam')') ifdef(`sulogin_no_pam', ` allow sulogin_t self:capability sys_tty_config; - init_get_process_group(sulogin_t) + init_getpgid(sulogin_t) ', ` allow sulogin_t self:process setexec; selinux_get_fs_mount(sulogin_t) @@ -285,5 +285,5 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(sulogin_t) + nscd_socket_use(sulogin_t) ') diff --git a/refpolicy/policy/modules/system/logging.if b/refpolicy/policy/modules/system/logging.if index 106ab76..992de9d 100644 --- a/refpolicy/policy/modules/system/logging.if +++ b/refpolicy/policy/modules/system/logging.if @@ -129,7 +129,7 @@ interface(`logging_send_syslog_msg',` ## Domain allowed access. ## # -interface(`logging_read_auditd_config',` +interface(`logging_read_audit_config',` gen_require(` type auditd_etc_t; ') @@ -182,7 +182,7 @@ interface(`logging_list_logs',` ## The type of the process performing this action. ## # -interface(`logging_rw_log_dir',` +interface(`logging_rw_generic_log_dirs',` gen_require(` type var_log_t; ') diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te index 2c601ed..50b3a47 100644 --- a/refpolicy/policy/modules/system/logging.te +++ b/refpolicy/policy/modules/system/logging.te @@ -80,7 +80,7 @@ domain_use_wide_inherit_fd(auditctl_t) mls_file_read_up(auditctl_t) -init_use_script_pty(auditctl_t) +init_use_script_ptys(auditctl_t) init_dontaudit_use_fd(auditctl_t) locallogin_dontaudit_use_fd(auditctl_t) @@ -88,8 +88,8 @@ locallogin_dontaudit_use_fd(auditctl_t) logging_send_syslog_msg(auditctl_t) ifdef(`targeted_policy',` - term_use_generic_pty(auditctl_t) - term_use_unallocated_tty(auditctl_t) + term_use_generic_ptys(auditctl_t) + term_use_unallocated_ttys(auditctl_t) ') ifdef(`TODO',` @@ -153,7 +153,7 @@ files_list_usr(auditd_t) init_use_fd(auditd_t) init_exec(auditd_t) init_write_initctl(auditd_t) -init_use_script_pty(auditd_t) +init_use_script_ptys(auditd_t) logging_send_syslog_msg(auditd_t) @@ -170,12 +170,12 @@ seutil_dontaudit_read_config(auditd_t) userdom_dontaudit_use_unpriv_user_fd(auditd_t) userdom_dontaudit_search_sysadm_home_dir(auditd_t) # cjp: this is questionable -userdom_use_sysadm_tty(auditd_t) +userdom_use_sysadm_ttys(auditd_t) ifdef(`targeted_policy',` - term_dontaudit_use_generic_pty(auditd_t) - term_dontaudit_use_unallocated_tty(auditd_t) - unconfined_dontaudit_read_pipe(auditd_t) + term_dontaudit_use_generic_ptys(auditd_t) + term_dontaudit_use_unallocated_ttys(auditd_t) + unconfined_dontaudit_read_pipes(auditd_t) ') optional_policy(`selinuxutil',` @@ -227,7 +227,7 @@ files_read_etc_runtime_files(klogd_t) files_read_etc_files(klogd_t) init_use_fd(klogd_t) -init_use_script_pty(klogd_t) +init_use_script_ptys(klogd_t) libs_use_ld_so(klogd_t) libs_use_shared_libs(klogd_t) @@ -245,8 +245,8 @@ optional_policy(`udev',` ') ifdef(`targeted_policy',` - term_dontaudit_use_generic_pty(klogd_t) - term_dontaudit_use_unallocated_tty(klogd_t) + term_dontaudit_use_generic_ptys(klogd_t) + term_dontaudit_use_unallocated_ttys(klogd_t) ') optional_policy(`selinuxutil',` @@ -328,7 +328,7 @@ corenet_udp_bind_syslogd_port(syslogd_t) fs_getattr_all_fs(syslogd_t) init_use_fd(syslogd_t) -init_use_script_pty(syslogd_t) +init_use_script_ptys(syslogd_t) domain_use_wide_inherit_fd(syslogd_t) @@ -357,8 +357,8 @@ ifdef(`distro_suse',` ifdef(`targeted_policy',` allow syslogd_t var_run_t:fifo_file { ioctl read write }; - term_dontaudit_use_unallocated_tty(syslogd_t) - term_dontaudit_use_generic_pty(syslogd_t) + term_dontaudit_use_unallocated_ttys(syslogd_t) + term_dontaudit_use_generic_ptys(syslogd_t) files_dontaudit_read_root_files(syslogd_t) ') @@ -371,7 +371,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(syslogd_t) + nscd_socket_use(syslogd_t) ') optional_policy(`selinuxutil',` diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te index f2b8a4b..33c10a8 100644 --- a/refpolicy/policy/modules/system/lvm.te +++ b/refpolicy/policy/modules/system/lvm.te @@ -18,7 +18,7 @@ type lvm_exec_t; init_system_domain(lvm_t,lvm_exec_t) # needs privowner because it assigns the identity system_u to device nodes # but runs as the identity of the sysadmin -domain_obj_id_change_exempt(lvm_t) +domain_obj_id_change_exemption(lvm_t) role system_r types lvm_t; type lvm_etc_t; @@ -83,7 +83,7 @@ domain_use_wide_inherit_fd(clvmd_t) files_list_usr(clvmd_t) init_use_fd(clvmd_t) -init_use_script_pty(clvmd_t) +init_use_script_ptys(clvmd_t) libs_use_ld_so(clvmd_t) libs_use_shared_libs(clvmd_t) @@ -101,8 +101,8 @@ userdom_dontaudit_use_unpriv_user_fd(clvmd_t) userdom_dontaudit_search_sysadm_home_dir(clvmd_t) ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(clvmd_t) - term_dontaudit_use_generic_pty(clvmd_t) + term_dontaudit_use_unallocated_ttys(clvmd_t) + term_dontaudit_use_generic_ptys(clvmd_t) files_dontaudit_read_root_files(clvmd_t) ') @@ -210,10 +210,10 @@ storage_create_fixed_disk(lvm_t) storage_manage_fixed_disk(lvm_t) term_dontaudit_getattr_all_user_ttys(lvm_t) -term_dontaudit_getattr_pty_dir(lvm_t) +term_dontaudit_getattr_pty_dirs(lvm_t) corecmd_search_sbin(lvm_t) -corecmd_dontaudit_getattr_sbin_file(lvm_t) +corecmd_dontaudit_getattr_sbin_files(lvm_t) domain_use_wide_inherit_fd(lvm_t) @@ -224,7 +224,7 @@ files_dontaudit_search_isid_type_dirs(lvm_t) init_use_fd(lvm_t) init_dontaudit_getattr_initctl(lvm_t) -init_use_script_pty(lvm_t) +init_use_script_ptys(lvm_t) libs_use_ld_so(lvm_t) libs_use_shared_libs(lvm_t) @@ -244,14 +244,14 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(lvm_t) - term_dontaudit_use_generic_pty(lvm_t) + term_dontaudit_use_unallocated_ttys(lvm_t) + term_dontaudit_use_generic_ptys(lvm_t) files_dontaudit_read_root_files(lvm_t) ') optional_policy(`bootloader',` - bootloader_rw_tmp_file(lvm_t) + bootloader_rw_tmp_files(lvm_t) ') optional_policy(`gpm',` diff --git a/refpolicy/policy/modules/system/miscfiles.if b/refpolicy/policy/modules/system/miscfiles.if index 964d0fd..644d6bd 100644 --- a/refpolicy/policy/modules/system/miscfiles.if +++ b/refpolicy/policy/modules/system/miscfiles.if @@ -101,7 +101,7 @@ interface(`miscfiles_read_localization',` allow $1 locale_t:file r_file_perms; # why? - libs_read_lib($1) + libs_read_lib_files($1) ') ######################################## diff --git a/refpolicy/policy/modules/system/modutils.if b/refpolicy/policy/modules/system/modutils.if index 11724cd..dab722c 100644 --- a/refpolicy/policy/modules/system/modutils.if +++ b/refpolicy/policy/modules/system/modutils.if @@ -8,7 +8,7 @@ ## The type of the process performing this action. ## # -interface(`modutils_read_mods_deps',` +interface(`modutils_read_module_deps',` gen_require(` type modules_dep_t; ') @@ -26,7 +26,7 @@ interface(`modutils_read_mods_deps',` ## The type of the process performing this action. ## # -interface(`modutils_read_module_conf',` +interface(`modutils_read_module_config',` gen_require(` type modules_conf_t; ') @@ -48,7 +48,7 @@ interface(`modutils_read_module_conf',` ## The type of the process performing this action. ## # -interface(`modutils_rename_module_conf',` +interface(`modutils_rename_module_config',` gen_require(` type modules_conf_t; ') diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te index 8ac532c..3599408 100644 --- a/refpolicy/policy/modules/system/modutils.te +++ b/refpolicy/policy/modules/system/modutils.te @@ -100,10 +100,10 @@ files_dontaudit_search_pids(insmod_t) # for when /var is not mounted early in the boot: files_dontaudit_search_isid_type_dirs(insmod_t) -init_use_initctl(insmod_t) +init_rw_initctl(insmod_t) init_use_fd(insmod_t) init_use_script_fd(insmod_t) -init_use_script_pty(insmod_t) +init_use_script_ptys(insmod_t) libs_use_ld_so(insmod_t) libs_use_shared_libs(insmod_t) @@ -140,11 +140,11 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(insmod_t) + nscd_socket_use(insmod_t) ') optional_policy(`rpm',` - rpm_rw_pipe(insmod_t) + rpm_rw_pipes(insmod_t) ') ifdef(`TODO',` @@ -184,7 +184,7 @@ domain_use_wide_inherit_fd(depmod_t) init_use_fd(depmod_t) init_use_script_fd(depmod_t) -init_use_script_pty(depmod_t) +init_use_script_ptys(depmod_t) files_read_etc_runtime_files(depmod_t) files_read_etc_files(depmod_t) @@ -200,12 +200,12 @@ userdom_read_staff_home_files(depmod_t) userdom_read_sysadm_home_files(depmod_t) ifdef(`targeted_policy', ` - term_use_unallocated_tty(depmod_t) - term_use_generic_pty(depmod_t) + term_use_unallocated_ttys(depmod_t) + term_use_generic_ptys(depmod_t) ') optional_policy(`rpm',` - rpm_rw_pipe(depmod_t) + rpm_rw_pipes(depmod_t) ') ifdef(`TODO',` @@ -253,7 +253,7 @@ term_use_console(update_modules_t) init_use_fd(update_modules_t) init_use_script_fd(update_modules_t) -init_use_script_pty(update_modules_t) +init_use_script_ptys(update_modules_t) domain_use_wide_inherit_fd(update_modules_t) @@ -275,6 +275,6 @@ miscfiles_read_localization(update_modules_t) userdom_dontaudit_search_sysadm_home_dir(update_modules_t) ifdef(`targeted_policy',` - term_use_generic_pty(update_modules_t) - term_use_unallocated_tty(update_modules_t) + term_use_generic_ptys(update_modules_t) + term_use_unallocated_ttys(update_modules_t) ') diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te index d942538..d57696d 100644 --- a/refpolicy/policy/modules/system/mount.te +++ b/refpolicy/policy/modules/system/mount.te @@ -70,7 +70,7 @@ files_unmount_all_file_type_fs(mount_t) files_read_isid_type_files(mount_t) init_use_fd(mount_t) -init_use_script_pty(mount_t) +init_use_script_ptys(mount_t) libs_use_ld_so(mount_t) libs_use_shared_libs(mount_t) @@ -84,7 +84,7 @@ mls_file_write_down(mount_t) sysnet_use_portmap(mount_t) -userdom_use_all_user_fd(mount_t) +userdom_use_all_users_fd(mount_t) ifdef(`distro_redhat',` optional_policy(`authlogin',` @@ -115,7 +115,7 @@ optional_policy(`portmap',` fs_search_rpc(mount_t) - portmap_udp_sendrecv(mount_t) + portmap_udp_chat(mount_t) optional_policy(`nis',` nis_use_ypbind(mount_t) @@ -128,7 +128,7 @@ optional_policy(`apm',` # for kernel package installation optional_policy(`rpm',` - rpm_rw_pipe(mount_t) + rpm_rw_pipes(mount_t) ') optional_policy(`samba',` diff --git a/refpolicy/policy/modules/system/pcmcia.if b/refpolicy/policy/modules/system/pcmcia.if index 3f9ca2f..77d6c24 100644 --- a/refpolicy/policy/modules/system/pcmcia.if +++ b/refpolicy/policy/modules/system/pcmcia.if @@ -144,7 +144,7 @@ interface(`pcmcia_manage_pid',` ## Domain allowed access. ## # -interface(`pcmcia_manage_runtime_chr',` +interface(`pcmcia_manage_pid_chr_files',` gen_require(` type cardmgr_var_run_t; ') diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te index 64c6099..4fb62a2 100644 --- a/refpolicy/policy/modules/system/pcmcia.te +++ b/refpolicy/policy/modules/system/pcmcia.te @@ -65,7 +65,7 @@ dev_read_urand(cardmgr_t) fs_getattr_all_fs(cardmgr_t) fs_search_auto_mountpoints(cardmgr_t) -term_use_unallocated_tty(cardmgr_t) +term_use_unallocated_ttys(cardmgr_t) term_getattr_all_user_ttys(cardmgr_t) term_dontaudit_use_console(cardmgr_t) term_dontaudit_getattr_all_user_ptys(cardmgr_t) @@ -99,7 +99,7 @@ files_dontaudit_getattr_all_pipes(cardmgr_t) files_dontaudit_getattr_all_sockets(cardmgr_t) init_use_fd(cardmgr_t) -init_use_script_pty(cardmgr_t) +init_use_script_ptys(cardmgr_t) libs_use_ld_so(cardmgr_t) libs_use_shared_libs(cardmgr_t) @@ -121,10 +121,10 @@ userdom_dontaudit_use_unpriv_user_fd(cardmgr_t) userdom_dontaudit_search_sysadm_home_dir(cardmgr_t) ifdef(`targeted_policy',` - term_use_unallocated_tty(cardmgr_t) - term_use_generic_pty(cardmgr_t) - term_dontaudit_use_unallocated_tty(cardmgr_t) - term_dontaudit_use_generic_pty(cardmgr_t) + term_use_unallocated_ttys(cardmgr_t) + term_use_generic_ptys(cardmgr_t) + term_dontaudit_use_unallocated_ttys(cardmgr_t) + term_dontaudit_use_generic_ptys(cardmgr_t) files_dontaudit_read_root_files(cardmgr_t) ') diff --git a/refpolicy/policy/modules/system/raid.te b/refpolicy/policy/modules/system/raid.te index 3a2135e..2620d8c 100644 --- a/refpolicy/policy/modules/system/raid.te +++ b/refpolicy/policy/modules/system/raid.te @@ -54,7 +54,7 @@ files_read_etc_files(mdadm_t) files_read_etc_runtime_files(mdadm_t) init_use_fd(mdadm_t) -init_use_script_pty(mdadm_t) +init_use_script_ptys(mdadm_t) init_dontaudit_getattr_initctl(mdadm_t) libs_use_ld_so(mdadm_t) @@ -65,13 +65,13 @@ logging_send_syslog_msg(mdadm_t) miscfiles_read_localization(mdadm_t) userdom_dontaudit_use_unpriv_user_fd(mdadm_t) -userdom_dontaudit_use_sysadm_tty(mdadm_t) +userdom_dontaudit_use_sysadm_ttys(mdadm_t) mta_send_mail(mdadm_t) ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(mdadm_t) - term_dontaudit_use_generic_pty(mdadm_t) + term_dontaudit_use_unallocated_ttys(mdadm_t) + term_dontaudit_use_generic_ptys(mdadm_t) files_dontaudit_read_root_files(mdadm_t) ') diff --git a/refpolicy/policy/modules/system/selinuxutil.if b/refpolicy/policy/modules/system/selinuxutil.if index e78929b..02d3074 100644 --- a/refpolicy/policy/modules/system/selinuxutil.if +++ b/refpolicy/policy/modules/system/selinuxutil.if @@ -8,7 +8,7 @@ ## The type of the process performing this action. ## # -interface(`seutil_domtrans_checkpol',` +interface(`seutil_domtrans_checkpolicy',` gen_require(` type checkpolicy_t, checkpolicy_exec_t; ') @@ -39,21 +39,21 @@ interface(`seutil_domtrans_checkpol',` ## The type of the terminal allow the checkpolicy domain to use. ## # -interface(`seutil_run_checkpol',` +interface(`seutil_run_checkpolicy',` gen_require(` type checkpolicy_t; ') - seutil_domtrans_checkpol($1) + seutil_domtrans_checkpolicy($1) role $2 types checkpolicy_t; allow checkpolicy_t $3:chr_file rw_term_perms; ') ####################################### # -# seutil_exec_checkpol(domain) +# seutil_exec_checkpolicy(domain) # -interface(`seutil_exec_checkpol',` +interface(`seutil_exec_checkpolicy',` gen_require(` type checkpolicy_exec_t; ') @@ -71,7 +71,7 @@ interface(`seutil_exec_checkpol',` ## The type of the process performing this action. ## # -interface(`seutil_domtrans_loadpol',` +interface(`seutil_domtrans_loadpolicy',` gen_require(` type load_policy_t, load_policy_exec_t; ') @@ -102,21 +102,21 @@ interface(`seutil_domtrans_loadpol',` ## The type of the terminal allow the load_policy domain to use. ## # -interface(`seutil_run_loadpol',` +interface(`seutil_run_loadpolicy',` gen_require(` type load_policy_t; ') - seutil_domtrans_loadpol($1) + seutil_domtrans_loadpolicy($1) role $2 types load_policy_t; allow load_policy_t $3:chr_file rw_term_perms; ') ####################################### # -# seutil_exec_loadpol(domain) +# seutil_exec_loadpolicy(domain) # -interface(`seutil_exec_loadpol',` +interface(`seutil_exec_loadpolicy',` gen_require(` type load_policy_exec_t; ') @@ -127,9 +127,9 @@ interface(`seutil_exec_loadpol',` ####################################### # -# seutil_read_loadpol(domain) +# seutil_read_loadpolicy(domain) # -interface(`seutil_read_loadpol',` +interface(`seutil_read_loadpolicy',` gen_require(` type load_policy_exec_t; ') @@ -531,9 +531,9 @@ interface(`seutil_read_file_contexts',` ######################################## # -# seutil_read_binary_pol(domain) +# seutil_read_bin_policy(domain) # -interface(`seutil_read_binary_pol',` +interface(`seutil_read_bin_policy',` gen_require(` type selinux_config_t, policy_config_t; ') @@ -546,9 +546,9 @@ interface(`seutil_read_binary_pol',` ######################################## # -# seutil_create_binary_pol(domain) +# seutil_create_bin_policy(domain) # -interface(`seutil_create_binary_pol',` +interface(`seutil_create_bin_policy',` gen_require(` # attribute can_write_binary_policy; type selinux_config_t, policy_config_t; @@ -569,7 +569,7 @@ interface(`seutil_create_binary_pol',` ## The type of the process performing this action. ## # -interface(`seutil_relabelto_binary_pol',` +interface(`seutil_relabelto_bin_policy',` gen_require(` attribute can_relabelto_binary_policy; type policy_config_t; @@ -581,9 +581,9 @@ interface(`seutil_relabelto_binary_pol',` ######################################## # -# seutil_manage_binary_pol(domain) +# seutil_manage_bin_policy(domain) # -interface(`seutil_manage_binary_pol',` +interface(`seutil_manage_bin_policy',` gen_require(` attribute can_write_binary_policy; type selinux_config_t, policy_config_t; @@ -598,9 +598,9 @@ interface(`seutil_manage_binary_pol',` ######################################## # -# seutil_read_src_pol(domain) +# seutil_read_src_policy(domain) # -interface(`seutil_read_src_pol',` +interface(`seutil_read_src_policy',` gen_require(` type selinux_config_t, policy_src_t; ') @@ -613,9 +613,9 @@ interface(`seutil_read_src_pol',` ######################################## # -# seutil_manage_src_pol(domain) +# seutil_manage_src_policy(domain) # -interface(`seutil_manage_src_pol',` +interface(`seutil_manage_src_policy',` gen_require(` type selinux_config_t, policy_src_t; ') diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te index 63e4ed2..0cf800a 100644 --- a/refpolicy/policy/modules/system/selinuxutil.te +++ b/refpolicy/policy/modules/system/selinuxutil.te @@ -52,8 +52,8 @@ type load_policy_exec_t; domain_entry_file(load_policy_t,load_policy_exec_t) type newrole_t; -domain_role_change_exempt(newrole_t) -domain_obj_id_change_exempt(newrole_t) +domain_role_change_exemption(newrole_t) +domain_obj_id_change_exemption(newrole_t) domain_type(newrole_t) domain_wide_inherit_fd(newrole_t) @@ -79,7 +79,7 @@ files_type(policy_src_t) type restorecon_t, can_relabelto_binary_policy; type restorecon_exec_t; -domain_obj_id_change_exempt(restorecon_t) +domain_obj_id_change_exemption(restorecon_t) init_system_domain(restorecon_t,restorecon_exec_t) role system_r types restorecon_t; @@ -87,10 +87,10 @@ type run_init_t; type run_init_exec_t; domain_type(run_init_t) domain_entry_file(run_init_t,run_init_exec_t) -domain_system_change_exempt(run_init_t) +domain_system_change_exemption(run_init_t) type setfiles_t, can_relabelto_binary_policy; -domain_obj_id_change_exempt(setfiles_t) +domain_obj_id_change_exemption(setfiles_t) domain_type(setfiles_t) role system_r types setfiles_t; @@ -133,16 +133,16 @@ files_list_usr(checkpolicy_t) files_search_etc(checkpolicy_t) init_use_fd(checkpolicy_t) -init_use_script_pty(checkpolicy_t) +init_use_script_ptys(checkpolicy_t) libs_use_ld_so(checkpolicy_t) libs_use_shared_libs(checkpolicy_t) -userdom_use_all_user_fd(checkpolicy_t) +userdom_use_all_users_fd(checkpolicy_t) ifdef(`targeted_policy',` - term_use_generic_pty(checkpolicy_t) - term_use_unallocated_tty(checkpolicy_t) + term_use_generic_ptys(checkpolicy_t) + term_use_unallocated_ttys(checkpolicy_t) ') ######################################## @@ -172,7 +172,7 @@ term_use_console(load_policy_t) term_list_ptys(load_policy_t) init_use_script_fd(load_policy_t) -init_use_script_pty(load_policy_t) +init_use_script_ptys(load_policy_t) domain_use_wide_inherit_fd(load_policy_t) @@ -185,19 +185,19 @@ libs_use_shared_libs(load_policy_t) miscfiles_read_localization(load_policy_t) -userdom_use_all_user_fd(load_policy_t) +userdom_use_all_users_fd(load_policy_t) ifdef(`hide_broken_symptoms',` # cjp: cover up stray file descriptors. dontaudit load_policy_t selinux_config_t:file write; optional_policy(`unconfined',` - unconfined_dontaudit_read_pipe(load_policy_t) + unconfined_dontaudit_read_pipes(load_policy_t) ') ') ifdef(`targeted_policy',` - term_use_unallocated_tty(load_policy_t) - term_use_generic_pty(load_policy_t) + term_use_unallocated_ttys(load_policy_t) + term_use_generic_ptys(load_policy_t) ') ######################################## @@ -253,7 +253,7 @@ term_relabel_all_user_ptys(newrole_t) auth_domtrans_chk_passwd(newrole_t) corecmd_list_bin(newrole_t) -corecmd_read_bin_symlink(newrole_t) +corecmd_read_bin_symlinks(newrole_t) domain_use_wide_inherit_fd(newrole_t) # for when the user types "exec newrole" at the command line: @@ -299,7 +299,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(newrole_t) + nscd_socket_use(newrole_t) ') ifdef(`TODO',` @@ -340,12 +340,12 @@ selinux_compute_create_context(restorecon_t) selinux_compute_relabel_context(restorecon_t) selinux_compute_user_contexts(restorecon_t) -term_use_unallocated_tty(restorecon_t) +term_use_unallocated_ttys(restorecon_t) term_use_all_user_ttys(restorecon_t) term_use_all_user_ptys(restorecon_t) init_use_fd(restorecon_t) -init_use_script_pty(restorecon_t) +init_use_script_ptys(restorecon_t) domain_use_wide_inherit_fd(restorecon_t) @@ -357,7 +357,7 @@ libs_use_shared_libs(restorecon_t) logging_send_syslog_msg(restorecon_t) -userdom_use_all_user_fd(restorecon_t) +userdom_use_all_users_fd(restorecon_t) # relabeling rules kernel_relabel_unlabeled(restorecon_t) @@ -376,7 +376,7 @@ ifdef(`distro_redhat', ` ') ifdef(`hide_broken_symptoms',` - udev_dontaudit_rw_unix_dgram_socket(restorecon_t) + udev_dontaudit_rw_dgram_sockets(restorecon_t) ') optional_policy(`hotplug',` @@ -493,11 +493,11 @@ selinux_compute_user_contexts(setfiles_t) term_use_all_user_ttys(setfiles_t) term_use_all_user_ptys(setfiles_t) -term_use_unallocated_tty(setfiles_t) +term_use_unallocated_ttys(setfiles_t) init_use_fd(setfiles_t) init_use_script_fd(setfiles_t) -init_use_script_pty(setfiles_t) +init_use_script_ptys(setfiles_t) domain_use_wide_inherit_fd(setfiles_t) @@ -511,7 +511,7 @@ logging_send_syslog_msg(setfiles_t) miscfiles_read_localization(setfiles_t) -userdom_use_all_user_fd(setfiles_t) +userdom_use_all_users_fd(setfiles_t) # for config files in a home directory userdom_read_all_user_files(setfiles_t) diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te index 3ae35f7..addc4a0 100644 --- a/refpolicy/policy/modules/system/sysnetwork.te +++ b/refpolicy/policy/modules/system/sysnetwork.te @@ -115,15 +115,15 @@ fs_search_auto_mountpoints(dhcpc_t) term_dontaudit_use_console(dhcpc_t) term_dontaudit_use_all_user_ttys(dhcpc_t) term_dontaudit_use_all_user_ptys(dhcpc_t) -term_dontaudit_use_unallocated_tty(dhcpc_t) -term_dontaudit_use_generic_pty(dhcpc_t) +term_dontaudit_use_unallocated_ttys(dhcpc_t) +term_dontaudit_use_generic_ptys(dhcpc_t) corecmd_exec_bin(dhcpc_t) corecmd_exec_sbin(dhcpc_t) corecmd_exec_shell(dhcpc_t) domain_use_wide_inherit_fd(dhcpc_t) -domain_dontaudit_list_all_domains_proc(dhcpc_t) +domain_dontaudit_list_all_domains_state(dhcpc_t) files_read_etc_files(dhcpc_t) files_read_etc_runtime_files(dhcpc_t) @@ -132,7 +132,7 @@ files_search_var_lib(dhcpc_t) files_dontaudit_search_locks(dhcpc_t) init_use_fd(dhcpc_t) -init_use_script_pty(dhcpc_t) +init_use_script_ptys(dhcpc_t) init_rw_utmp(dhcpc_t) logging_send_syslog_msg(dhcpc_t) @@ -151,8 +151,8 @@ ifdef(`distro_redhat', ` ') ifdef(`targeted_policy', ` - term_dontaudit_use_unallocated_tty(dhcpc_t) - term_dontaudit_use_generic_pty(dhcpc_t) + term_dontaudit_use_unallocated_ttys(dhcpc_t) + term_dontaudit_use_generic_ptys(dhcpc_t) files_dontaudit_read_root_files(dhcpc_t) ') @@ -172,7 +172,7 @@ optional_policy(`dbus',` dbus_system_bus_client_template(dhcpc,dhcpc_t) dbus_connect_system_bus(dhcpc_t) - dbus_send_system_bus_msg(dhcpc_t) + dbus_send_system_bus(dhcpc_t) optional_policy(`networkmanager',` networkmanager_dbus_chat(dhcpc_t) @@ -189,7 +189,7 @@ optional_policy(`hostname',` ') optional_policy(`hotplug',` - hotplug_getattr_config_dir(dhcpc_t) + hotplug_getattr_config_dirs(dhcpc_t) hotplug_search_config(dhcpc_t) ifdef(`distro_redhat',` @@ -243,7 +243,7 @@ optional_policy(`udev',` ') optional_policy(`userdomain',` - userdom_use_all_user_fd(dhcpc_t) + userdom_use_all_users_fd(dhcpc_t) ') ######################################## @@ -297,11 +297,11 @@ domain_use_wide_inherit_fd(ifconfig_t) files_dontaudit_read_root_files(ifconfig_t) init_use_fd(ifconfig_t) -init_use_script_pty(ifconfig_t) +init_use_script_ptys(ifconfig_t) libs_use_ld_so(ifconfig_t) libs_use_shared_libs(ifconfig_t) -libs_read_lib(ifconfig_t) +libs_read_lib_files(ifconfig_t) logging_send_syslog_msg(ifconfig_t) @@ -311,7 +311,7 @@ modutils_domtrans_insmod(ifconfig_t) seutil_use_runinit_fd(ifconfig_t) -userdom_use_all_user_fd(ifconfig_t) +userdom_use_all_users_fd(ifconfig_t) ifdef(`hide_broken_symptoms',` optional_policy(`pcmcia',` @@ -319,13 +319,13 @@ ifdef(`hide_broken_symptoms',` ') optional_policy(`udev',` - udev_dontaudit_rw_unix_dgram_socket(ifconfig_t) + udev_dontaudit_rw_dgram_sockets(ifconfig_t) ') ') ifdef(`targeted_policy',` - term_use_generic_pty(ifconfig_t) - term_use_unallocated_tty(ifconfig_t) + term_use_generic_ptys(ifconfig_t) + term_use_unallocated_ttys(ifconfig_t) ') optional_policy(`netutils',` diff --git a/refpolicy/policy/modules/system/udev.if b/refpolicy/policy/modules/system/udev.if index 01d1920..afb0a11 100644 --- a/refpolicy/policy/modules/system/udev.if +++ b/refpolicy/policy/modules/system/udev.if @@ -86,7 +86,7 @@ interface(`udev_dontaudit_use_fd',` ## Domain to not audit. ## # -interface(`udev_dontaudit_rw_unix_dgram_socket',` +interface(`udev_dontaudit_rw_dgram_sockets',` gen_require(` type udev_t; ') diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te index f831dde..89f69ca 100644 --- a/refpolicy/policy/modules/system/udev.te +++ b/refpolicy/policy/modules/system/udev.te @@ -15,7 +15,7 @@ gen_require(` type udev_t; type udev_helper_exec_t; kernel_domtrans_to(udev_t,udev_exec_t) -domain_obj_id_change_exempt(udev_t) +domain_obj_id_change_exemption(udev_t) domain_entry_file(udev_t,udev_helper_exec_t) domain_wide_inherit_fd(udev_t) init_daemon_domain(udev_t,udev_exec_t) @@ -106,7 +106,7 @@ corecmd_exec_sbin(udev_t) corecmd_exec_shell(udev_t) domain_exec_all_entry_files(udev_t) -domain_dontaudit_list_all_domains_proc(udev_t) +domain_dontaudit_list_all_domains_state(udev_t) files_read_etc_runtime_files(udev_t) files_read_etc_files(udev_t) @@ -142,7 +142,7 @@ seutil_domtrans_restorecon(udev_t) sysnet_domtrans_ifconfig(udev_t) -userdom_use_sysadm_tty(udev_t) +userdom_use_sysadm_ttys(udev_t) userdom_dontaudit_search_all_users_home(udev_t) ifdef(`distro_redhat',` @@ -160,8 +160,8 @@ ifdef(`distro_redhat',` ') ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty(udev_t) - term_dontaudit_use_generic_pty(udev_t) + term_dontaudit_use_unallocated_ttys(udev_t) + term_dontaudit_use_generic_ptys(udev_t) unconfined_domain_template(udev_t) ') @@ -192,7 +192,7 @@ optional_policy(`nis',` ') optional_policy(`nscd',` - nscd_use_socket(udev_t) + nscd_socket_use(udev_t) ') optional_policy(`sysnetwork',` diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if index b330404..d7b46c0 100644 --- a/refpolicy/policy/modules/system/unconfined.if +++ b/refpolicy/policy/modules/system/unconfined.if @@ -83,8 +83,8 @@ template(`unconfined_domain_template',` ') optional_policy(`selinuxutil',` - seutil_create_binary_pol($1) - seutil_relabelto_binary_pol($1) + seutil_create_bin_policy($1) + seutil_relabelto_bin_policy($1) ') optional_policy(`storage',` @@ -218,7 +218,7 @@ interface(`unconfined_signal',` ## Domain allowed access. ## # -interface(`unconfined_read_pipe',` +interface(`unconfined_read_pipes',` gen_require(` type unconfined_t; ') @@ -234,7 +234,7 @@ interface(`unconfined_read_pipe',` ## Domain allowed access. ## # -interface(`unconfined_dontaudit_read_pipe',` +interface(`unconfined_dontaudit_read_pipes',` gen_require(` type unconfined_t; ') @@ -250,7 +250,7 @@ interface(`unconfined_dontaudit_read_pipe',` ## Domain allowed access. ## # -interface(`unconfined_rw_pipe',` +interface(`unconfined_rw_pipes',` gen_require(` type unconfined_t; ') @@ -277,7 +277,7 @@ interface(`unconfined_rw_pipe',` ## Domain to not audit. ## # -interface(`unconfined_dontaudit_rw_tcp_socket',` +interface(`unconfined_dontaudit_rw_tcp_sockets',` gen_require(` type unconfined_t; ') diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index 70fafca..d95ac0c 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -200,7 +200,7 @@ template(`base_user_template',` selinux_compute_user_contexts($1_t) # for eject - storage_getattr_fixed_disk($1_t) + storage_getattr_fixed_disk_dev($1_t) auth_read_login_records($1_t) auth_dontaudit_write_login_records($1_t) @@ -233,7 +233,7 @@ template(`base_user_template',` files_dontaudit_getattr_non_security_chr_files($1_t) # Caused by su - init scripts - init_dontaudit_use_script_pty($1_t) + init_dontaudit_use_script_ptys($1_t) libs_use_ld_so($1_t) libs_use_shared_libs($1_t) @@ -346,7 +346,7 @@ template(`base_user_template',` ') optional_policy(`dictd',` - dictd_use($1_t) + dictd_tcp_connect($1_t) ') optional_policy(`ftp',` @@ -367,7 +367,7 @@ template(`base_user_template',` inetd_tcp_connect($1_t) inetd_udp_sendto($1_t) inetd_use_fd($1_t) - inetd_rw_tcp_socket($1_t) + inetd_rw_tcp_sockets($1_t) ') optional_policy(`inn',` @@ -389,7 +389,7 @@ template(`base_user_template',` ') optional_policy(`nscd',` - nscd_use_socket($1_t) + nscd_socket_use($1_t) ') optional_policy(`pcmcia',` @@ -416,7 +416,7 @@ template(`base_user_template',` ') optional_policy(`samba',` - samba_connect_winbind($1_t) + samba_stream_connect_winbind($1_t) ') optional_policy(`slrnpull',` @@ -444,7 +444,7 @@ template(`base_user_template',` # certain apps want to read xdm.pid file xserver_read_xdm_pid($1_t) # gnome-session creates socket under /tmp/.ICE-unix/ - xserver_create_xdm_tmp_socket($1_t) + xserver_create_xdm_tmp_sockets($1_t) ') ifdef(`TODO',` @@ -593,7 +593,7 @@ template(`unpriv_user_template', ` seutil_read_config($1_t) # Allow users to execute checkpolicy without a domain transition # so it can be used without privilege to write real binary policy file - seutil_exec_checkpol($1_t) + seutil_exec_checkpolicy($1_t) ifdef(`enable_polyinstantiation',` type_member $1_t $1_home_dir_t:dir $1_home_t; @@ -631,7 +631,7 @@ template(`unpriv_user_template', ` # for running depmod as part of the kernel packaging process optional_policy(`modutils',` - modutils_read_module_conf($1_t) + modutils_read_module_config($1_t) ') optional_policy(`netutils',` @@ -779,11 +779,11 @@ template(`admin_user_template',` base_user_template($1) typeattribute $1_t privhome; - domain_obj_id_change_exempt($1_t) + domain_obj_id_change_exemption($1_t) role system_r types $1_t; ifdef(`direct_sysadm_daemon',` - domain_system_change_exempt($1_t) + domain_system_change_exemption($1_t) ') typeattribute $1_devpts_t admin_terminal; @@ -859,7 +859,7 @@ template(`admin_user_template',` storage_raw_write_removable_device($1_t) term_use_console($1_t) - term_use_unallocated_tty($1_t) + term_use_unallocated_ttys($1_t) term_use_all_user_ptys($1_t) term_use_all_user_ttys($1_t) @@ -885,7 +885,7 @@ template(`admin_user_template',` files_exec_usr_src_files($1_t) - init_use_initctl($1_t) + init_rw_initctl($1_t) logging_send_syslog_msg($1_t) @@ -895,10 +895,10 @@ template(`admin_user_template',` # The following rule is temporary until such time that a complete # policy management infrastructure is in place so that an administrator # cannot directly manipulate policy files with arbitrary programs. - seutil_manage_src_pol($1_t) + seutil_manage_src_policy($1_t) # Violates the goal of limiting write access to checkpolicy. # But presently necessary for installing the file_contexts file. - seutil_manage_binary_pol($1_t) + seutil_manage_bin_policy($1_t) optional_policy(`cron',` cron_admin_template($1,$1_t,$1_r) @@ -2439,7 +2439,7 @@ template(`userdom_setattr_user_tty',` # template(`userdom_use_user_tty',` ifdef(`targeted_policy',` - term_use_unallocated_tty($2) + term_use_unallocated_ttys($2) ',` gen_require(` type $1_tty_device_t; @@ -2472,8 +2472,8 @@ template(`userdom_use_user_tty',` # template(`userdom_use_user_terminals',` ifdef(`targeted_policy',` - term_use_unallocated_tty($2) - term_use_generic_pty($2) + term_use_unallocated_ttys($2) + term_use_generic_ptys($2) ',` gen_require(` type $1_tty_device_t, $1_devpts_t; @@ -2699,7 +2699,7 @@ interface(`userdom_entry_spec_domtrans_unpriv_users',` attribute unpriv_userdomain; ') - domain_entry_spec_domtrans($1,unpriv_userdomain) + domain_entry_file_spec_domtrans($1,unpriv_userdomain) allow $1 unpriv_userdomain:fd use; allow unpriv_userdomain $1:fd use; @@ -2790,7 +2790,7 @@ interface(`userdom_entry_spec_domtrans_sysadm',` type sysadm_t; ') - domain_entry_spec_domtrans($1,sysadm_t) + domain_entry_file_spec_domtrans($1,sysadm_t) allow $1 sysadm_t:fd use; allow sysadm_t $1:fd use; @@ -2879,7 +2879,7 @@ interface(`userdom_sigchld_sysadm',` ## Domain allowed access. ## # -interface(`userdom_dontaudit_getattr_sysadm_tty',` +interface(`userdom_dontaudit_getattr_sysadm_ttys',` ifdef(`targeted_policy',` term_dontaudit_getattr_unallocated_ttys($1) ',` @@ -2899,9 +2899,9 @@ interface(`userdom_dontaudit_getattr_sysadm_tty',` ## Domain allowed access. ## # -interface(`userdom_use_sysadm_tty',` +interface(`userdom_use_sysadm_ttys',` ifdef(`targeted_policy',` - term_use_unallocated_tty($1) + term_use_unallocated_ttys($1) ',` gen_require(` type sysadm_tty_device_t; @@ -2921,9 +2921,9 @@ interface(`userdom_use_sysadm_tty',` ## Domain to not audit. ## # -interface(`userdom_dontaudit_use_sysadm_tty',` +interface(`userdom_dontaudit_use_sysadm_ttys',` ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty($1) + term_dontaudit_use_unallocated_ttys($1) ',` gen_require(` type sysadm_tty_device_t; @@ -2941,9 +2941,9 @@ interface(`userdom_dontaudit_use_sysadm_tty',` ## Domain allowed access. ## # -interface(`userdom_use_sysadm_pty',` +interface(`userdom_use_sysadm_ptys',` ifdef(`targeted_policy',` - term_use_generic_pty($1) + term_use_generic_ptys($1) ',` gen_require(` type sysadm_devpts_t; @@ -2963,9 +2963,9 @@ interface(`userdom_use_sysadm_pty',` ## Domain to not audit. ## # -interface(`userdom_dontaudit_use_sysadm_pty',` +interface(`userdom_dontaudit_use_sysadm_ptys',` ifdef(`targeted_policy',` - term_dontaudit_use_generic_pty($1) + term_dontaudit_use_generic_ptys($1) ',` gen_require(` type sysadm_devpts_t; @@ -2984,8 +2984,8 @@ interface(`userdom_dontaudit_use_sysadm_pty',` ## # interface(`userdom_use_sysadm_terms',` - userdom_use_sysadm_tty($1) - userdom_use_sysadm_pty($1) + userdom_use_sysadm_ttys($1) + userdom_use_sysadm_ptys($1) ') ######################################## @@ -2998,7 +2998,7 @@ interface(`userdom_use_sysadm_terms',` # interface(`userdom_dontaudit_use_sysadm_terms',` ifdef(`targeted_policy',` - term_dontaudit_use_generic_pty($1) + term_dontaudit_use_generic_ptys($1) ',` gen_require(` attribute admin_terminal; @@ -3037,10 +3037,10 @@ interface(`userdom_use_sysadm_fd',` ## Domain allowed access. ## # -interface(`userdom_rw_sysadm_pipe',` +interface(`userdom_rw_sysadm_pipes',` ifdef(`targeted_policy',` #cjp: need to doublecheck this one - unconfined_rw_pipe($1) + unconfined_rw_pipes($1) ',` gen_require(` type sysadm_t; @@ -3077,7 +3077,7 @@ interface(`userdom_getattr_sysadm_home_dir',` ## Domain to not audit. ## # -interface(`userdom_dontaudit_getattr_sysadm_home_dir',` +interface(`userdom_dontaudit_getattr_sysadm_home_dirs',` ifdef(`targeted_policy',` gen_require(` type user_home_dir_t; @@ -3690,9 +3690,9 @@ interface(`userdom_setattr_unpriv_user_pty',` ## Domain allowed access. ## # -interface(`userdom_use_unpriv_user_pty',` +interface(`userdom_use_unpriv_users_ptys',` ifdef(`targeted_policy',` - term_use_generic_pty($1) + term_use_generic_ptys($1) ',` gen_require(` attribute user_ptynode; @@ -3712,9 +3712,9 @@ interface(`userdom_use_unpriv_user_pty',` ## Domain to not audit. ## # -interface(`userdom_dontaudit_use_unpriv_user_pty',` +interface(`userdom_dontaudit_use_unpriv_users_ptys',` ifdef(`targeted_policy',` - term_dontaudit_use_generic_pty($1) + term_dontaudit_use_generic_ptys($1) ',` gen_require(` attribute user_ptynode; @@ -3749,7 +3749,7 @@ interface(`userdom_relabelto_unpriv_user_pty',` ## Domain allowed access. ## # -interface(`userdom_dontaudit_relabelfrom_unpriv_user_pty',` +interface(`userdom_dontaudit_relabelfrom_unpriv_users_ptys',` gen_require(` attribute user_ptynode; ') @@ -3842,9 +3842,9 @@ interface(`userdom_write_unpriv_user_tmp',` ## Domain allowed access. ## # -interface(`userdom_dontaudit_use_unpriv_user_tty',` +interface(`userdom_dontaudit_use_unpriv_users_ttys',` ifdef(`targeted_policy',` - term_dontaudit_use_unallocated_tty($1) + term_dontaudit_use_unallocated_ttys($1) ',` gen_require(` attribute user_ttynode; @@ -3862,7 +3862,7 @@ interface(`userdom_dontaudit_use_unpriv_user_tty',` ## Domain allowed access. ## # -interface(`userdom_read_all_userdomains_state',` +interface(`userdom_read_all_users_state',` gen_require(` attribute userdomain; ') @@ -3896,7 +3896,7 @@ interface(`userdom_getattr_all_userdomains',` ## Domain allowed access. ## # -interface(`userdom_use_all_user_fd',` +interface(`userdom_use_all_users_fd',` gen_require(` attribute userdomain; ') diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te index 834645a..2d4457a 100644 --- a/refpolicy/policy/modules/system/userdomain.te +++ b/refpolicy/policy/modules/system/userdomain.te @@ -249,7 +249,7 @@ ifdef(`targeted_policy',` ipsec_exec_mgmt(sysadm_t) ipsec_stream_connect(sysadm_t) # for lsof - ipsec_getattr_key_socket(sysadm_t) + ipsec_getattr_key_sockets(sysadm_t) ') optional_policy(`iptables',` @@ -343,18 +343,18 @@ ifdef(`targeted_policy',` selinux_set_boolean(secadm_t) selinux_set_parameters(secadm_t) - seutil_manage_binary_pol(secadm_t) - seutil_run_checkpol(secadm_t,secadm_r,admin_terminal) - seutil_run_loadpol(secadm_t,secadm_r,admin_terminal) + seutil_manage_bin_policy(secadm_t) + seutil_run_checkpolicy(secadm_t,secadm_r,admin_terminal) + seutil_run_loadpolicy(secadm_t,secadm_r,admin_terminal) seutil_run_setfiles(secadm_t,secadm_r,admin_terminal) ', ` selinux_set_enforce_mode(sysadm_t) selinux_set_boolean(sysadm_t) selinux_set_parameters(sysadm_t) - seutil_manage_binary_pol(sysadm_t) - seutil_run_checkpol(sysadm_t,sysadm_r,admin_terminal) - seutil_run_loadpol(sysadm_t,sysadm_r,admin_terminal) + seutil_manage_bin_policy(sysadm_t) + seutil_run_checkpolicy(sysadm_t,sysadm_r,admin_terminal) + seutil_run_loadpolicy(sysadm_t,sysadm_r,admin_terminal) seutil_run_setfiles(sysadm_t,sysadm_r,admin_terminal) ') ')