From dd14d0d8920040c11399bf0b6c82d4bdb7f5667b Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: May 17 2005 15:32:52 +0000 Subject: change read_shared_libraries to use_shared_libraries, since the execute permission is checked when using shared libs to execute code in them, which is not the same as just reading the shared libs. --- diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te index e7ab89a..f6ab7d2 100644 --- a/refpolicy/policy/modules/admin/consoletype.te +++ b/refpolicy/policy/modules/admin/consoletype.te @@ -49,7 +49,7 @@ domain_use_widely_inheritable_file_descriptors(consoletype_t) files_ignore_read_rootfs_file(consoletype_t) libraries_use_dynamic_loader(consoletype_t) -libraries_read_shared_libraries(consoletype_t) +libraries_use_shared_libraries(consoletype_t) optional_policy(`authlogin.te', ` authlogin_pam_read_runtime_data(consoletype_t) diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te index 835f332..64c82d7 100644 --- a/refpolicy/policy/modules/admin/netutils.te +++ b/refpolicy/policy/modules/admin/netutils.te @@ -70,7 +70,7 @@ files_read_general_system_config(netutils_t) files_ignore_search_system_state_data_directory(netutils_t) libraries_use_dynamic_loader(netutils_t) -libraries_read_shared_libraries(netutils_t) +libraries_use_shared_libraries(netutils_t) logging_send_system_log_message(netutils_t) @@ -124,7 +124,7 @@ files_read_general_system_config(ping_t) files_ignore_search_system_state_data_directory(ping_t) libraries_use_dynamic_loader(ping_t) -libraries_read_shared_libraries(ping_t) +libraries_use_shared_libraries(ping_t) sysnetwork_read_network_config(ping_t) @@ -182,7 +182,7 @@ files_read_general_system_config(traceroute_t) files_ignore_search_system_state_data_directory(traceroute_t) libraries_use_dynamic_loader(traceroute_t) -libraries_read_shared_libraries(traceroute_t) +libraries_use_shared_libraries(traceroute_t) logging_send_system_log_message(traceroute_t) diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te index d36f8a0..3f26371 100644 --- a/refpolicy/policy/modules/admin/usermanage.te +++ b/refpolicy/policy/modules/admin/usermanage.te @@ -103,7 +103,7 @@ files_manage_general_system_config(chfn_t) files_read_runtime_system_config(chfn_t) libraries_use_dynamic_loader(chfn_t) -libraries_read_shared_libraries(chfn_t) +libraries_use_shared_libraries(chfn_t) miscfiles_read_localization(chfn_t) @@ -174,7 +174,7 @@ files_read_general_application_resources(crack_t) corecommands_execute_general_programs(crack_t) libraries_use_dynamic_loader(crack_t) -libraries_read_shared_libraries(crack_t) +libraries_use_shared_libraries(crack_t) logging_send_system_log_message(crack_t) @@ -231,7 +231,7 @@ domain_use_widely_inheritable_file_descriptors(groupadd_t) files_manage_general_system_config(groupadd_t) libraries_use_dynamic_loader(groupadd_t) -libraries_read_shared_libraries(groupadd_t) +libraries_use_shared_libraries(groupadd_t) # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}. corecommands_execute_general_programs(groupadd_t) @@ -311,7 +311,7 @@ files_read_runtime_system_config(passwd_t) files_manage_general_system_config(passwd_t) libraries_use_dynamic_loader(passwd_t) -libraries_read_shared_libraries(passwd_t) +libraries_use_shared_libraries(passwd_t) logging_send_system_log_message(passwd_t) @@ -416,7 +416,7 @@ corecommands_execute_shell(sysadm_passwd_t) files_read_general_application_resources(sysadm_passwd_t) libraries_use_dynamic_loader(sysadm_passwd_t) -libraries_read_shared_libraries(sysadm_passwd_t) +libraries_use_shared_libraries(sysadm_passwd_t) miscfiles_read_localization(sysadm_passwd_t) @@ -498,7 +498,7 @@ domain_use_widely_inheritable_file_descriptors(useradd_t) files_manage_general_system_config(useradd_t) libraries_use_dynamic_loader(useradd_t) -libraries_read_shared_libraries(useradd_t) +libraries_use_shared_libraries(useradd_t) corecommands_execute_shell(useradd_t) # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}. diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if index ca83e74..7e0737c 100644 --- a/refpolicy/policy/modules/apps/gpg.if +++ b/refpolicy/policy/modules/apps/gpg.if @@ -79,7 +79,7 @@ filesystem_get_persistent_filesystem_attributes($1_gpg_t) files_read_general_system_config($1_gpg_t) files_read_general_application_resources($1_gpg_t) -libraries_read_shared_libraries($1_gpg_t) +libraries_use_shared_libraries($1_gpg_t) libraries_use_dynamic_loader($1_gpg_t) miscfiles_read_localization($1_gpg_t) @@ -91,7 +91,7 @@ sysnetwork_read_network_config($1_gpg_t) # Legacy if (allow_gpg_execstack) { allow $1_gpg_t self:process execmem; -libraries_legacy_read_shared_libraries($1_gpg_t) +libraries_legacy_use_shared_libraries($1_gpg_t) libraries_legacy_use_dynamic_loader($1_gpg_t) miscfiles_legacy_read_localization($1_gpg_t) # Not quite sure why this is needed... @@ -182,7 +182,7 @@ files_read_general_system_config($1_gpg_helper_t) files_ignore_search_system_state_data_directory($1_gpg_helper_t) libraries_use_dynamic_loader($1_gpg_helper_t) -libraries_read_shared_libraries($1_gpg_helper_t) +libraries_use_shared_libraries($1_gpg_helper_t) sysnetwork_read_network_config($1_gpg_helper_t) @@ -224,7 +224,7 @@ files_create_private_tmp_data($1_gpg_agent_t, $1_gpg_agent_tmp_t, { file sock_fi domain_use_widely_inheritable_file_descriptors($1_gpg_agent_t) libraries_use_dynamic_loader($1_gpg_agent_t) -libraries_read_shared_libraries($1_gpg_agent_t) +libraries_use_shared_libraries($1_gpg_agent_t) miscfiles_read_localization($1_gpg_agent_t) @@ -285,7 +285,7 @@ files_read_general_application_resources($1_gpg_pinentry_t) files_read_general_system_config($1_gpg_pinentry_t) libraries_use_dynamic_loader($1_gpg_pinentry_t) -libraries_read_shared_libraries($1_gpg_pinentry_t) +libraries_use_shared_libraries($1_gpg_pinentry_t) miscfiles_read_fonts($1_gpg_pinentry_t) miscfiles_read_localization($1_gpg_pinentry_t) diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te index 1ab29ce..a5e9bbc 100644 --- a/refpolicy/policy/modules/kernel/bootloader.te +++ b/refpolicy/policy/modules/kernel/bootloader.te @@ -118,7 +118,7 @@ init_script_use_file_descriptors(bootloader_t) domain_use_widely_inheritable_file_descriptors(bootloader_t) libraries_use_dynamic_loader(bootloader_t) -libraries_read_shared_libraries(bootloader_t) +libraries_use_shared_libraries(bootloader_t) libraries_read_library_resources(bootloader_t) files_read_general_system_config(bootloader_t) diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te index 8c8a3b8..8a2637c 100644 --- a/refpolicy/policy/modules/kernel/kernel.te +++ b/refpolicy/policy/modules/kernel/kernel.te @@ -177,7 +177,7 @@ allow kernel_t security_t:security load_policy; auditallow kernel_t security_t:security load_policy; libraries_use_dynamic_loader(kernel_t) -libraries_read_shared_libraries(kernel_t) +libraries_use_shared_libraries(kernel_t) corecommands_execute_shell(kernel_t) diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if index d104aa8..dadf9ec 100644 --- a/refpolicy/policy/modules/services/cron.if +++ b/refpolicy/policy/modules/services/cron.if @@ -80,7 +80,7 @@ corecommands_execute_general_programs($1_crond_t) corecommands_execute_system_programs($1_crond_t) libraries_use_dynamic_loader($1_crond_t) -libraries_read_shared_libraries($1_crond_t) +libraries_use_shared_libraries($1_crond_t) libraries_execute_library_scripts($1_crond_t) libraries_execute_dynamic_loader($1_crond_t) @@ -157,7 +157,7 @@ domain_use_widely_inheritable_file_descriptors($1_crontab_t) files_read_general_system_config($1_crontab_t) libraries_use_dynamic_loader($1_crontab_t) -libraries_read_shared_libraries($1_crontab_t) +libraries_use_shared_libraries($1_crontab_t) logging_send_system_log_message($1_crontab_t) diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te index 05939c0..b960cbd 100644 --- a/refpolicy/policy/modules/services/cron.te +++ b/refpolicy/policy/modules/services/cron.te @@ -105,7 +105,7 @@ corecommands_execute_shell(crond_t) corecommands_read_system_programs_directory(crond_t) libraries_use_dynamic_loader(crond_t) -libraries_read_shared_libraries(crond_t) +libraries_use_shared_libraries(crond_t) logging_send_system_log_message(crond_t) @@ -274,7 +274,7 @@ corecommands_execute_general_programs(system_crond_t) corecommands_execute_system_programs(system_crond_t) libraries_use_dynamic_loader(system_crond_t) -libraries_read_shared_libraries(system_crond_t) +libraries_use_shared_libraries(system_crond_t) libraries_execute_library_scripts(system_crond_t) libraries_execute_dynamic_loader(system_crond_t) diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if index 5a53119..ff41a42 100644 --- a/refpolicy/policy/modules/services/mta.if +++ b/refpolicy/policy/modules/services/mta.if @@ -49,7 +49,7 @@ corenetwork_bind_tcp_on_all_nodes($1_mail_t) domain_use_widely_inheritable_file_descriptors($1_mail_t) libraries_use_dynamic_loader($1_mail_t) -libraries_read_shared_libraries($1_mail_t) +libraries_use_shared_libraries($1_mail_t) corecommands_execute_general_programs($1_mail_t) diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te index f187620..2f4ee19 100644 --- a/refpolicy/policy/modules/services/mta.te +++ b/refpolicy/policy/modules/services/mta.te @@ -75,7 +75,7 @@ files_ignore_search_runtime_data_directory(system_mail_t) corecommands_execute_general_programs(system_mail_t) libraries_use_dynamic_loader(system_mail_t) -libraries_read_shared_libraries(system_mail_t) +libraries_use_shared_libraries(system_mail_t) logging_send_system_log_message(system_mail_t) @@ -150,7 +150,7 @@ files_execute_system_config_script(system_mail_t) corecommands_execute_general_programs(system_mail_t) corecommands_execute_system_programs(system_mail_t) libraries_use_dynamic_loader(system_mail_t) -libraries_read_shared_libraries(system_mail_t) +libraries_use_shared_libraries(system_mail_t) libraries_execute_dynamic_loader(system_mail_t) libraries_execute_library_scripts(system_mail_t) ') diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te index 14cbadc..1955937 100644 --- a/refpolicy/policy/modules/services/remotelogin.te +++ b/refpolicy/policy/modules/services/remotelogin.te @@ -66,7 +66,7 @@ files_list_home_directories(remote_login_t) files_read_general_application_resources(remote_login_t) libraries_use_dynamic_loader(remote_login_t) -libraries_read_shared_libraries(remote_login_t) +libraries_use_shared_libraries(remote_login_t) logging_send_system_log_message(remote_login_t) diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te index 701d270..847c244 100644 --- a/refpolicy/policy/modules/services/sendmail.te +++ b/refpolicy/policy/modules/services/sendmail.te @@ -75,7 +75,7 @@ files_search_system_spool_directory(sendmail_t) logging_send_system_log_message(sendmail_t) libraries_use_dynamic_loader(sendmail_t) -libraries_read_shared_libraries(sendmail_t) +libraries_use_shared_libraries(sendmail_t) # Read /usr/lib/sasl2/.* libraries_read_library_resources(sendmail_t) diff --git a/refpolicy/policy/modules/system/audit.te b/refpolicy/policy/modules/system/audit.te index b240562..25eb3da 100644 --- a/refpolicy/policy/modules/system/audit.te +++ b/refpolicy/policy/modules/system/audit.te @@ -48,7 +48,7 @@ files_read_general_system_config(auditd_t) logging_send_system_log_message(auditd_t) libraries_use_dynamic_loader(auditd_t) -libraries_read_shared_libraries(auditd_t) +libraries_use_shared_libraries(auditd_t) miscfiles_read_localization(auditd_t) diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if index 142c0d0..01cfa5e 100644 --- a/refpolicy/policy/modules/system/authlogin.if +++ b/refpolicy/policy/modules/system/authlogin.if @@ -29,7 +29,7 @@ filesystem_ignore_get_persistent_filesystem_attributes($1_chkpwd_t) domain_use_widely_inheritable_file_descriptors($1_chkpwd_t) libraries_use_dynamic_loader($1_chkpwd_t) -libraries_read_shared_libraries($1_chkpwd_t) +libraries_use_shared_libraries($1_chkpwd_t) files_read_general_system_config($1_chkpwd_t) # for nscd diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te index e4f7b7e..7b7f227 100644 --- a/refpolicy/policy/modules/system/authlogin.te +++ b/refpolicy/policy/modules/system/authlogin.te @@ -103,7 +103,7 @@ files_read_general_system_config(pam_t) files_read_runtime_data_directory(pam_t) libraries_use_dynamic_loader(pam_t) -libraries_read_shared_libraries(pam_t) +libraries_use_shared_libraries(pam_t) logging_send_system_log_message(pam_t) @@ -163,7 +163,7 @@ files_read_general_system_config(pam_console_t) files_search_runtime_data_directory(pam_console_t) libraries_use_dynamic_loader(pam_console_t) -libraries_read_shared_libraries(pam_console_t) +libraries_use_shared_libraries(pam_console_t) logging_send_system_log_message(pam_console_t) @@ -251,7 +251,7 @@ files_read_general_system_config(system_chkpwd_t) files_ignore_search_system_state_data_directory(system_chkpwd_t) libraries_use_dynamic_loader(system_chkpwd_t) -libraries_read_shared_libraries(system_chkpwd_t) +libraries_use_shared_libraries(system_chkpwd_t) logging_send_system_log_message(system_chkpwd_t) @@ -301,7 +301,7 @@ files_read_general_system_config(utempter_t) domain_use_widely_inheritable_file_descriptors(utempter_t) libraries_use_dynamic_loader(utempter_t) -libraries_read_shared_libraries(utempter_t) +libraries_use_shared_libraries(utempter_t) logging_search_system_log_directory(utempter_t) diff --git a/refpolicy/policy/modules/system/clock.te b/refpolicy/policy/modules/system/clock.te index 2d7cb75..041fcf1 100644 --- a/refpolicy/policy/modules/system/clock.te +++ b/refpolicy/policy/modules/system/clock.te @@ -48,7 +48,7 @@ init_script_use_pseudoterminal(hwclock_t) domain_use_widely_inheritable_file_descriptors(hwclock_t) libraries_use_dynamic_loader(hwclock_t) -libraries_read_shared_libraries(hwclock_t) +libraries_use_shared_libraries(hwclock_t) logging_send_system_log_message(hwclock_t) diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te index 7f40975..8ba8291 100644 --- a/refpolicy/policy/modules/system/hostname.te +++ b/refpolicy/policy/modules/system/hostname.te @@ -44,7 +44,7 @@ init_script_use_pseudoterminal(hostname_t) domain_use_widely_inheritable_file_descriptors(hostname_t) libraries_use_dynamic_loader(hostname_t) -libraries_read_shared_libraries(hostname_t) +libraries_use_shared_libraries(hostname_t) logging_send_system_log_message(hostname_t) diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te index cad4a31..57fb357 100644 --- a/refpolicy/policy/modules/system/hotplug.te +++ b/refpolicy/policy/modules/system/hotplug.te @@ -81,7 +81,7 @@ corecommands_execute_system_programs(hotplug_t) logging_send_system_log_message(hotplug_t) libraries_use_dynamic_loader(hotplug_t) -libraries_read_shared_libraries(hotplug_t) +libraries_use_shared_libraries(hotplug_t) # Read /usr/lib/gconv/.* libraries_read_library_resources(hotplug_t) diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te index c697722..22ce48d 100644 --- a/refpolicy/policy/modules/system/init.te +++ b/refpolicy/policy/modules/system/init.te @@ -108,7 +108,7 @@ files_ignore_modify_rootfs_file(init_t) files_ignore_modify_rootfs_device(init_t) libraries_use_dynamic_loader(init_t) -libraries_read_shared_libraries(init_t) +libraries_use_shared_libraries(init_t) corecommands_chroot(init_t) corecommands_execute_general_programs(init_t) @@ -236,7 +236,7 @@ domain_use_widely_inheritable_file_descriptors(initrc_t) libraries_modify_dynamic_loader_cache(initrc_t) libraries_use_dynamic_loader(initrc_t) -libraries_read_shared_libraries(initrc_t) +libraries_use_shared_libraries(initrc_t) libraries_execute_library_scripts(initrc_t) files_get_all_file_attributes(initrc_t) @@ -410,7 +410,7 @@ corecommands_execute_shell(run_init_t) files_read_general_system_config(run_init_t) libraries_use_dynamic_loader(run_init_t) -libraries_read_shared_libraries(run_init_t) +libraries_use_shared_libraries(run_init_t) selinux_read_config(run_init_t) selinux_read_default_contexts(run_init_t) diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te index 065686e..d48f9f3 100644 --- a/refpolicy/policy/modules/system/iptables.te +++ b/refpolicy/policy/modules/system/iptables.te @@ -57,7 +57,7 @@ domain_use_widely_inheritable_file_descriptors(iptables_t) files_read_general_system_config(iptables_t) libraries_use_dynamic_loader(iptables_t) -libraries_read_shared_libraries(iptables_t) +libraries_use_shared_libraries(iptables_t) logging_send_system_log_message(iptables_t) # system-config-network appends to /var/log diff --git a/refpolicy/policy/modules/system/libraries.if b/refpolicy/policy/modules/system/libraries.if index 5c58f11..08f0d9b 100644 --- a/refpolicy/policy/modules/system/libraries.if +++ b/refpolicy/policy/modules/system/libraries.if @@ -72,9 +72,9 @@ class file { getattr read write }; ######################################## # -# libraries_read_shared_libraries(domain) +# libraries_use_shared_libraries(domain) # -define(`libraries_read_shared_libraries',` +define(`libraries_use_shared_libraries',` requires_block_template(`$0'_depend) allow $1 lib_t:dir { getattr read search }; allow $1 lib_t:lnk_file { getattr read }; @@ -82,7 +82,7 @@ allow $1 { shlib_t texrel_shlib_t }:lnk_file { getattr read }; allow $1 { shlib_t texrel_shlib_t }:file { getattr read execute }; ') -define(`libraries_read_shared_libraries_depend',` +define(`libraries_use_shared_libraries_depend',` type lib_t, shlib_t, texrel_shlib_t; class dir { getattr read search }; class lnk_file { getattr read }; @@ -91,15 +91,15 @@ class file { getattr read execute }; ######################################## # -# libraries_legacy_read_shared_libraries(domain) +# libraries_legacy_use_shared_libraries(domain) # -define(`libraries_legacy_read_shared_libraries',` +define(`libraries_legacy_use_shared_libraries',` requires_block_template(`$0'_depend) -libraries_read_shared_libraries($1) +libraries_use_shared_libraries($1) allow $1 { shlib_t texrel_shlib_t }:file execmod; ') -define(`libraries_legacy_read_shared_libraries_depend',` +define(`libraries_legacy_use_shared_libraries_depend',` type shlib_t, texrel_shlib_t; class file execmod; ') diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te index 7446423..2e2281f 100644 --- a/refpolicy/policy/modules/system/locallogin.te +++ b/refpolicy/policy/modules/system/locallogin.te @@ -79,7 +79,7 @@ files_list_home_directories(local_login_t) files_read_general_application_resources(local_login_t) libraries_use_dynamic_loader(local_login_t) -libraries_read_shared_libraries(local_login_t) +libraries_use_shared_libraries(local_login_t) logging_send_system_log_message(local_login_t) @@ -231,7 +231,7 @@ init_script_get_process_group(sulogin_t) files_read_general_system_config(sulogin_t) libraries_use_dynamic_loader(sulogin_t) -libraries_read_shared_libraries(sulogin_t) +libraries_use_shared_libraries(sulogin_t) logging_send_system_log_message(sulogin_t) diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te index b7e3700..28cc0e4 100644 --- a/refpolicy/policy/modules/system/logging.te +++ b/refpolicy/policy/modules/system/logging.te @@ -53,7 +53,7 @@ filesystem_get_all_filesystems_attributes(klogd_t) bootloader_read_kernel_symbol_table(klogd_t) libraries_use_dynamic_loader(klogd_t) -libraries_read_shared_libraries(klogd_t) +libraries_use_shared_libraries(klogd_t) files_create_daemon_runtime_data(klogd_t,klogd_var_run_t) files_create_private_tmp_data(klogd_t,klogd_tmp_t) @@ -126,7 +126,7 @@ files_create_daemon_runtime_data(syslogd_t,devlog_t,sock_file) files_create_private_tmp_data(syslogd_t,syslogd_tmp_t) libraries_use_dynamic_loader(syslogd_t) -libraries_read_shared_libraries(syslogd_t) +libraries_use_shared_libraries(syslogd_t) sysnetwork_read_network_config(syslogd_t) diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te index c19cf9c..a4bcb90 100644 --- a/refpolicy/policy/modules/system/lvm.te +++ b/refpolicy/policy/modules/system/lvm.te @@ -111,7 +111,7 @@ init_script_use_pseudoterminal(lvm_t) init_use_file_descriptors(lvm_t) libraries_use_dynamic_loader(lvm_t) -libraries_read_shared_libraries(lvm_t) +libraries_use_shared_libraries(lvm_t) logging_send_system_log_message(lvm_t) diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te index 2af4e81..f87c5e4 100644 --- a/refpolicy/policy/modules/system/modutils.te +++ b/refpolicy/policy/modules/system/modutils.te @@ -78,7 +78,7 @@ domain_signal_all_domains(insmod_t) domain_use_widely_inheritable_file_descriptors(insmod_t) libraries_use_dynamic_loader(insmod_t) -libraries_read_shared_libraries(insmod_t) +libraries_use_shared_libraries(insmod_t) corecommands_execute_general_programs(insmod_t) corecommands_execute_system_programs(insmod_t) @@ -153,7 +153,7 @@ files_read_general_system_config(depmod_t) files_read_system_source_code(depmod_t) libraries_use_dynamic_loader(depmod_t) -libraries_read_shared_libraries(depmod_t) +libraries_use_shared_libraries(depmod_t) ifdef(`TODO',` @@ -221,7 +221,7 @@ corecommands_execute_system_programs(update_modules_t) corecommands_execute_shell(update_modules_t) libraries_use_dynamic_loader(update_modules_t) -libraries_read_shared_libraries(update_modules_t) +libraries_use_shared_libraries(update_modules_t) logging_send_system_log_message(update_modules_t) diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te index f3d0d8d..35d13d2 100644 --- a/refpolicy/policy/modules/system/mount.te +++ b/refpolicy/policy/modules/system/mount.te @@ -52,7 +52,7 @@ files_create_runtime_system_config(mount_t) files_mount_on_all_mountpoints(mount_t) libraries_use_dynamic_loader(mount_t) -libraries_read_shared_libraries(mount_t) +libraries_use_shared_libraries(mount_t) # required for mount.smbfs corecommands_execute_system_programs(mount_t) diff --git a/refpolicy/policy/modules/system/selinux.te b/refpolicy/policy/modules/system/selinux.te index b4faa64..7489a96 100644 --- a/refpolicy/policy/modules/system/selinux.te +++ b/refpolicy/policy/modules/system/selinux.te @@ -115,7 +115,7 @@ init_script_use_pseudoterminal(checkpolicy_t) domain_use_widely_inheritable_file_descriptors(checkpolicy_t) libraries_use_dynamic_loader(checkpolicy_t) -libraries_read_shared_libraries(checkpolicy_t) +libraries_use_shared_libraries(checkpolicy_t) ifdef(`TODO',` role sysadm_r types checkpolicy_t; @@ -168,7 +168,7 @@ init_script_use_pseudoterminal(load_policy_t) domain_use_widely_inheritable_file_descriptors(load_policy_t) libraries_use_dynamic_loader(load_policy_t) -libraries_read_shared_libraries(load_policy_t) +libraries_use_shared_libraries(load_policy_t) miscfiles_read_localization(load_policy_t) @@ -230,7 +230,7 @@ domain_use_widely_inheritable_file_descriptors(newrole_t) files_read_general_system_config(newrole_t) libraries_use_dynamic_loader(newrole_t) -libraries_read_shared_libraries(newrole_t) +libraries_use_shared_libraries(newrole_t) logging_send_system_log_message(newrole_t) @@ -317,7 +317,7 @@ files_read_runtime_system_config(restorecon_t) files_read_general_system_config(restorecon_t) libraries_use_dynamic_loader(restorecon_t) -libraries_read_shared_libraries(restorecon_t) +libraries_use_shared_libraries(restorecon_t) logging_send_system_log_message(restorecon_t) @@ -385,7 +385,7 @@ init_script_use_pseudoterminal(setfiles_t) domain_use_widely_inheritable_file_descriptors(setfiles_t) libraries_use_dynamic_loader(setfiles_t) -libraries_read_shared_libraries(setfiles_t) +libraries_use_shared_libraries(setfiles_t) files_read_runtime_system_config(setfiles_t) files_read_general_system_config(setfiles_t) diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te index b4faa64..7489a96 100644 --- a/refpolicy/policy/modules/system/selinuxutil.te +++ b/refpolicy/policy/modules/system/selinuxutil.te @@ -115,7 +115,7 @@ init_script_use_pseudoterminal(checkpolicy_t) domain_use_widely_inheritable_file_descriptors(checkpolicy_t) libraries_use_dynamic_loader(checkpolicy_t) -libraries_read_shared_libraries(checkpolicy_t) +libraries_use_shared_libraries(checkpolicy_t) ifdef(`TODO',` role sysadm_r types checkpolicy_t; @@ -168,7 +168,7 @@ init_script_use_pseudoterminal(load_policy_t) domain_use_widely_inheritable_file_descriptors(load_policy_t) libraries_use_dynamic_loader(load_policy_t) -libraries_read_shared_libraries(load_policy_t) +libraries_use_shared_libraries(load_policy_t) miscfiles_read_localization(load_policy_t) @@ -230,7 +230,7 @@ domain_use_widely_inheritable_file_descriptors(newrole_t) files_read_general_system_config(newrole_t) libraries_use_dynamic_loader(newrole_t) -libraries_read_shared_libraries(newrole_t) +libraries_use_shared_libraries(newrole_t) logging_send_system_log_message(newrole_t) @@ -317,7 +317,7 @@ files_read_runtime_system_config(restorecon_t) files_read_general_system_config(restorecon_t) libraries_use_dynamic_loader(restorecon_t) -libraries_read_shared_libraries(restorecon_t) +libraries_use_shared_libraries(restorecon_t) logging_send_system_log_message(restorecon_t) @@ -385,7 +385,7 @@ init_script_use_pseudoterminal(setfiles_t) domain_use_widely_inheritable_file_descriptors(setfiles_t) libraries_use_dynamic_loader(setfiles_t) -libraries_read_shared_libraries(setfiles_t) +libraries_use_shared_libraries(setfiles_t) files_read_runtime_system_config(setfiles_t) files_read_general_system_config(setfiles_t) diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te index 7ec78f1..da15533 100644 --- a/refpolicy/policy/modules/system/sysnetwork.te +++ b/refpolicy/policy/modules/system/sysnetwork.te @@ -110,7 +110,7 @@ corecommands_execute_shell(dhcpc_t) logging_send_system_log_message(dhcpc_t) libraries_use_dynamic_loader(dhcpc_t) -libraries_read_shared_libraries(dhcpc_t) +libraries_use_shared_libraries(dhcpc_t) modutils_insmod_transition(dhcpc_t) @@ -266,7 +266,7 @@ domain_use_widely_inheritable_file_descriptors(ifconfig_t) files_ignore_read_rootfs_file(ifconfig_t) libraries_use_dynamic_loader(ifconfig_t) -libraries_read_shared_libraries(ifconfig_t) +libraries_use_shared_libraries(ifconfig_t) logging_send_system_log_message(ifconfig_t) diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if index a2802d1..fc59784 100644 --- a/refpolicy/policy/modules/system/userdomain.if +++ b/refpolicy/policy/modules/system/userdomain.if @@ -117,7 +117,7 @@ files_read_system_source_code($1_t) init_script_ignore_use_pseudoterminal($1_t) libraries_use_dynamic_loader($1_t) -libraries_read_shared_libraries($1_t) +libraries_use_shared_libraries($1_t) libraries_execute_dynamic_loader($1_t) libraries_execute_library_scripts($1_t)