From f35fed5eef8f4f2b079dae61e9312dd59a599b2c Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Jul 05 2006 19:15:23 +0000
Subject: a few TODO fixes, and deprecate mount_send_nfs_client_request().


---

diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index 7c8285f..cf3b552 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -1,5 +1,5 @@
 
-policy_module(amanda,1.3.3)
+policy_module(amanda,1.3.4)
 
 #######################################
 #
@@ -249,10 +249,6 @@ sysnet_read_config(amanda_recover_t)
 userdom_search_sysadm_home_content_dirs(amanda_recover_t)
 
 optional_policy(`
-	mount_send_nfs_client_request(amanda_recover_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(amanda_recover_t)
 ')
 
diff --git a/refpolicy/policy/modules/admin/dpkg.te b/refpolicy/policy/modules/admin/dpkg.te
index e2bb49c..12a842b 100644
--- a/refpolicy/policy/modules/admin/dpkg.te
+++ b/refpolicy/policy/modules/admin/dpkg.te
@@ -1,5 +1,5 @@
 
-policy_module(dpkg,1.0.2)
+policy_module(dpkg,1.0.3)
 
 ########################################
 #
@@ -182,10 +182,6 @@ ifdef(`targeted_policy',`
 #')
 
 optional_policy(`
-	mount_send_nfs_client_request(dpkg_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(dpkg_t)
 ')
 
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index b7d32b6..a12a0d4 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -1,5 +1,5 @@
 
-policy_module(rpm,1.3.8)
+policy_module(rpm,1.3.9)
 
 ########################################
 #
@@ -191,10 +191,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(rpm_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(rpm_t)
 ')
 
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index 8fe4572..0c6b877 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -1,5 +1,5 @@
 
-policy_module(vpn,1.2.2)
+policy_module(vpn,1.2.3)
 
 ########################################
 #
@@ -113,10 +113,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-        mount_send_nfs_client_request(vpnc_t)
-')
-
-optional_policy(`
         nis_use_ypbind(vpnc_t)
 ')
 
diff --git a/refpolicy/policy/modules/apps/uml.if b/refpolicy/policy/modules/apps/uml.if
index 121b95f..abc568f 100644
--- a/refpolicy/policy/modules/apps/uml.if
+++ b/refpolicy/policy/modules/apps/uml.if
@@ -185,10 +185,6 @@ template(`uml_per_userdomain_template',`
 	userdom_use_user_terminals($1,$1_uml_t)
 
 	optional_policy(`
-		mount_send_nfs_client_request($1_uml_t)
-	')
-
-	optional_policy(`
 		nis_use_ypbind($1_uml_t)
 	')
 
diff --git a/refpolicy/policy/modules/apps/uml.te b/refpolicy/policy/modules/apps/uml.te
index 938d4d2..4b63b59 100644
--- a/refpolicy/policy/modules/apps/uml.te
+++ b/refpolicy/policy/modules/apps/uml.te
@@ -1,5 +1,5 @@
 
-policy_module(uml,1.0.1)
+policy_module(uml,1.0.2)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 8b9d63d..43a5333 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
 
-policy_module(kernel,1.3.12)
+policy_module(kernel,1.3.13)
 
 ########################################
 #
@@ -273,7 +273,7 @@ optional_policy(`
 ')
 
 optional_policy(`
-	portmap_udp_send(kernel_t)
+	portmap_udp_chat(kernel_t)
 ')
 
 optional_policy(`
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index a31e956..e284ddf 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -1,5 +1,5 @@
 
-policy_module(bind,1.1.5)
+policy_module(bind,1.1.6)
 
 ########################################
 #
@@ -183,10 +183,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(named_t)
-')
-
-optional_policy(`
 	# this seems like fds that arent being
 	# closed.  these should probably be
 	# dontaudits instead.
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index 65d5551..21dc5da 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -1,5 +1,5 @@
 
-policy_module(cyrus,1.1.2)
+policy_module(cyrus,1.1.3)
 
 ########################################
 #
@@ -123,10 +123,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(cyrus_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(cyrus_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index bc1fed4..dd77cfc 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -166,10 +166,9 @@ template(`dbus_per_userdomain_template',`
 		nscd_socket_use($1_dbusd_t)
 	')
 
-	ifdef(`TODO',`
-	ifdef(`xdm.te', `
-	can_pipe_xdm($1_dbusd_t)
-	')
+	optional_policy(`
+		xserver_use_xdm_fds($1_dbusd_t)
+		xserver_rw_xdm_pipes($1_dbusd_t)
 	')
 ')
 
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index b8824eb..6fd0076 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -1,5 +1,5 @@
 
-policy_module(dbus,1.2.5)
+policy_module(dbus,1.2.6)
 
 gen_require(`
 	class dbus { send_msg acquire_svc };
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index d4a84a0..eff134a 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -1,5 +1,5 @@
 
-policy_module(dhcp,1.1.1)
+policy_module(dhcp,1.1.2)
 
 ########################################
 #
@@ -124,10 +124,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(dhcpd_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(dhcpd_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/i18n_input.te b/refpolicy/policy/modules/services/i18n_input.te
index 5152da5..9cabd74 100644
--- a/refpolicy/policy/modules/services/i18n_input.te
+++ b/refpolicy/policy/modules/services/i18n_input.te
@@ -1,5 +1,5 @@
 
-policy_module(i18n_input,1.1.2)
+policy_module(i18n_input,1.1.3)
 
 ########################################
 #
@@ -106,10 +106,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(i18n_input_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(i18n_input_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 21b27a8..d4c0050 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -1,5 +1,5 @@
 
-policy_module(inetd,1.1.3)
+policy_module(inetd,1.1.4)
 
 ########################################
 #
@@ -145,10 +145,6 @@ optional_policy(`
 	amanda_search_lib(inetd_t)
 ')
 
-optional_policy(`
-	mount_send_nfs_client_request(inetd_t)
-')
-
 # Communicate with the portmapper.
 optional_policy(`
 	portmap_udp_send(inetd_t)
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index 84869b0..d531219 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -1,5 +1,5 @@
 
-policy_module(inn,1.1.2)
+policy_module(inn,1.1.3)
 
 ########################################
 #
@@ -130,10 +130,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(innd_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(innd_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index 8e3360f..68a2588 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -87,10 +87,6 @@ template(`mailman_domain_template', `
 	sysnet_read_config(mailman_$1_t)
 
 	optional_policy(`
-		mount_send_nfs_client_request(mailman_$1_t)
-	')
-
-	optional_policy(`
 		nis_use_ypbind(mailman_$1_t)
 	')
 ')
diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te
index ad12df5..f5ccc55 100644
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@@ -1,5 +1,5 @@
 
-policy_module(mailman,1.1.4)
+policy_module(mailman,1.1.5)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 09f43fa..052381d 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -1,5 +1,5 @@
 
-policy_module(mysql,1.2.4)
+policy_module(mysql,1.2.5)
 
 ########################################
 #
@@ -124,10 +124,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(mysqld_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(mysqld_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index c6eda32..418ba83 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -1,5 +1,5 @@
 
-policy_module(networkmanager,1.3.5)
+policy_module(networkmanager,1.3.6)
 
 ########################################
 #
@@ -149,10 +149,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(NetworkManager_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(NetworkManager_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 31dfc8f..a5fd29b 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -1,5 +1,5 @@
 
-policy_module(nis,1.1.4)
+policy_module(nis,1.1.5)
 
 ########################################
 #
@@ -129,10 +129,6 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(ypbind_t)
-')
-
-optional_policy(`
 	seutil_sigchld_newrole(ypbind_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index a679b2f..859cf22 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -1,5 +1,5 @@
 
-policy_module(ntp,1.1.3)
+policy_module(ntp,1.1.4)
 
 ########################################
 #
@@ -139,10 +139,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(ntpd_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(ntpd_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index edd777b..06e0af5 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
 
-policy_module(portmap,1.2.3)
+policy_module(portmap,1.2.4)
 
 ########################################
 #
@@ -108,10 +108,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(portmap_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(portmap_t)
 	nis_udp_send_ypbind(portmap_t)
 ')
@@ -132,25 +128,6 @@ optional_policy(`
 	udev_read_db(portmap_t)
 ')
 
-ifdef(`TODO',`
-ifdef(`rpcd.te',`can_udp_send(portmap_t, rpcd_t)')
-allow portmap_t rpcd_t:udp_socket sendto;
-allow rpcd_t portmap_t:udp_socket recvfrom;
-
-ifdef(`lpd.te',`can_udp_send(portmap_t, lpd_t)')
-allow portmap_t lpd_t:udp_socket sendto;
-allow lpd_t portmap_t:udp_socket recvfrom;
-
-can_udp_send(portmap_t, kernel_t)
-allow portmap_t kernel_t:udp_socket sendto;
-allow kernel_t portmap_t:udp_socket recvfrom;
-
-can_udp_send(kernel_t, portmap_t)
-allow kernel_t portmap_t:udp_socket sendto;
-allow portmap_t kernel_t:udp_socket recvfrom;
-
-') dnl end TODO
-
 ########################################
 #
 # Portmap helper local policy
@@ -203,9 +180,5 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(portmap_helper_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(portmap_helper_t)
 ')
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index d2f7515..8a1dd9f 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
 
-policy_module(postfix,1.2.8)
+policy_module(postfix,1.2.9)
 
 ########################################
 #
@@ -181,10 +181,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(postfix_master_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(postfix_master_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index 116ac08..452f96c 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -1,5 +1,5 @@
 
-policy_module(postgresql,1.1.1)
+policy_module(postgresql,1.1.2)
 
 #################################
 #
@@ -170,10 +170,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(postgresql_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(postgresql_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index 2049d5b..866b3e3 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -1,5 +1,5 @@
 
-policy_module(privoxy,1.1.3)
+policy_module(privoxy,1.1.4)
 
 ########################################
 #
@@ -93,10 +93,6 @@ ifdef(`targeted_policy',`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(privoxy_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(privoxy_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/roundup.te b/refpolicy/policy/modules/services/roundup.te
index 1a9d03c..a4dd1ab 100644
--- a/refpolicy/policy/modules/services/roundup.te
+++ b/refpolicy/policy/modules/services/roundup.te
@@ -1,5 +1,5 @@
 
-policy_module(roundup,1.0.1)
+policy_module(roundup,1.0.2)
 
 ########################################
 #
@@ -96,10 +96,6 @@ ifdef(`targeted_policy',`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(roundup_t)
-')
-
-optional_policy(`
 	mysql_stream_connect(roundup_t)
 	mysql_search_db(roundup_t)
 ')
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index 429e099..831a1cb 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -104,10 +104,6 @@ template(`rpc_domain_template', `
 	')
 
 	optional_policy(`
-		mount_send_nfs_client_request($1_t)
-	')
-
-	optional_policy(`
 		nis_use_ypbind($1_t)
 	')
 
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index 98e1064..8536f77 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
 
-policy_module(rpc,1.2.8)
+policy_module(rpc,1.2.9)
 
 ########################################
 #
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index f3b82ab..5577c67 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -1,5 +1,5 @@
 
-policy_module(samba,1.2.7)
+policy_module(samba,1.2.8)
 
 #################################
 #
@@ -283,8 +283,6 @@ logging_send_syslog_msg(smbd_t)
 miscfiles_read_localization(smbd_t)
 miscfiles_read_public_files(smbd_t)
 
-mount_send_nfs_client_request(smbd_t)
-
 sysnet_read_config(smbd_t)
 
 userdom_dontaudit_search_sysadm_home_dirs(smbd_t)
@@ -507,7 +505,6 @@ files_read_etc_files(smbmount_t)
 miscfiles_read_localization(smbmount_t)
 
 mount_use_fds(smbmount_t)
-mount_send_nfs_client_request(smbmount_t)
 
 libs_use_ld_so(smbmount_t)
 libs_use_shared_libs(smbmount_t)
@@ -726,10 +723,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(winbind_t)
-')
-
-optional_policy(`
 	nscd_socket_use(winbind_t)
 ')
 
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index ee011ae..a8a9d51 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -1,5 +1,5 @@
 
-policy_module(squid,1.1.1)
+policy_module(squid,1.1.2)
 
 ########################################
 #
@@ -155,10 +155,6 @@ optional_policy(`
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(squid_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(squid_t)
 ')
 
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index b4d3753..5aca3d0 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -1,5 +1,5 @@
 
-policy_module(lvm,1.3.3)
+policy_module(lvm,1.3.4)
 
 ########################################
 #
@@ -111,10 +111,6 @@ ifdef(`targeted_policy', `
 ')
 
 optional_policy(`
-	mount_send_nfs_client_request(clvmd_t)
-')
-
-optional_policy(`
 	nis_use_ypbind(clvmd_t)
 ')
 
diff --git a/refpolicy/policy/modules/system/mount.if b/refpolicy/policy/modules/system/mount.if
index 99cc380..2bfa5f2 100644
--- a/refpolicy/policy/modules/system/mount.if
+++ b/refpolicy/policy/modules/system/mount.if
@@ -99,18 +99,25 @@ interface(`mount_use_fds',`
 ##	Allow the mount domain to send nfs requests for mounting
 ##	network drives
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the mount domain to send nfs requests for mounting
+##	network drives
+##	</p>
+##	<p>
+##	This interface has been deprecated as these rules were
+##	a side effect of leaked mount file descriptors.  This
+##	interface has no effect.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
 #
 interface(`mount_send_nfs_client_request',`
-	gen_require(`
-		type mount_t;
-	')
-
-	allow $1 mount_t:udp_socket rw_socket_perms;
+	errprint(__file__:__line__:` $0($*) has been deprecated.'__endline__)
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index d257374..cb763fe 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -1,5 +1,5 @@
 
-policy_module(mount,1.3.7)
+policy_module(mount,1.3.8)
 
 ########################################
 #