diff --git a/refpolicy/Changelog b/refpolicy/Changelog
index dbf517e..3aabd64 100644
--- a/refpolicy/Changelog
+++ b/refpolicy/Changelog
@@ -1,3 +1,5 @@
+- Change optional_policy() to refer to the module name
+ rather than modulename.te.
- Fix labeling targets to use installed file_contexts rather
than partial file_contexts in the policy source directory.
- Fix build process to use make's internal vpath functions
diff --git a/refpolicy/policy/modules/admin/acct.te b/refpolicy/policy/modules/admin/acct.te
index 22f6713..3d8048c 100644
--- a/refpolicy/policy/modules/admin/acct.te
+++ b/refpolicy/policy/modules/admin/acct.te
@@ -77,8 +77,8 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(acct_t)
')
-optional_policy(`cron.te',`
- optional_policy(`authlogin.te',`
+optional_policy(`cron',`
+ optional_policy(`authlogin',`
# for monthly cron job
auth_create_login_records(acct_t)
auth_manage_login_records(acct_t)
@@ -87,20 +87,20 @@ optional_policy(`cron.te',`
cron_system_entry(acct_t,acct_exec_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(acct_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(acct_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(acct_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(acct_t)
')
')
diff --git a/refpolicy/policy/modules/admin/amanda.te b/refpolicy/policy/modules/admin/amanda.te
index cb0cb3b..5aacf1b 100644
--- a/refpolicy/policy/modules/admin/amanda.te
+++ b/refpolicy/policy/modules/admin/amanda.te
@@ -164,19 +164,19 @@ libs_use_shared_libs(amanda_t)
sysnet_read_config(amanda_t)
-optional_policy(`authlogin.te',`
+optional_policy(`authlogin',`
auth_read_shadow(amanda_t)
')
-optional_policy(`logging.te',`
+optional_policy(`logging',`
logging_send_syslog_msg(amanda_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(amanda_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(amanda_t)
')
@@ -248,10 +248,10 @@ sysnet_read_config(amanda_recover_t)
userdom_search_sysadm_home_subdirs(amanda_recover_t)
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(amanda_recover_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(amanda_recover_t)
')
diff --git a/refpolicy/policy/modules/admin/anaconda.te b/refpolicy/policy/modules/admin/anaconda.te
index a07668f..4d80b42 100644
--- a/refpolicy/policy/modules/admin/anaconda.te
+++ b/refpolicy/policy/modules/admin/anaconda.te
@@ -31,28 +31,28 @@ ifdef(`distro_redhat',`
bootloader_create_runtime_file(anaconda_t)
')
-optional_policy(`dmesg.te',`
+optional_policy(`dmesg',`
dmesg_domtrans(anaconda_t)
')
-optional_policy(`kudzu.te',`
+optional_policy(`kudzu',`
kudzu_domtrans(anaconda_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
rpm_domtrans(anaconda_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_domtrans(anaconda_t)
')
-optional_policy(`usermanage.te',`
+optional_policy(`usermanage',`
usermanage_domtrans_admin_passwd(anaconda_t)
')
ifdef(`TODO',`
-optional_policy(`ssh.te',`
+optional_policy(`ssh',`
role system_r types sysadm_ssh_agent_t;
domain_auto_trans(anaconda_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
')
diff --git a/refpolicy/policy/modules/admin/consoletype.te b/refpolicy/policy/modules/admin/consoletype.te
index b5ab0c6..cf335dc 100644
--- a/refpolicy/policy/modules/admin/consoletype.te
+++ b/refpolicy/policy/modules/admin/consoletype.te
@@ -67,60 +67,60 @@ ifdef(`distro_redhat',`
fs_use_tmpfs_chr_dev(consoletype_t)
')
-optional_policy(`apm.te',`
+optional_policy(`apm',`
apm_use_fd(consoletype_t)
apm_write_pipe(consoletype_t)
')
-optional_policy(`authlogin.te', `
+optional_policy(`authlogin', `
auth_read_pam_pid(consoletype_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_read_pipe(consoletype_t)
cron_use_system_job_fd(consoletype_t)
')
-optional_policy(`firstboot.te',`
+optional_policy(`firstboot',`
files_read_etc_files(consoletype_t)
firstboot_use_fd(consoletype_t)
firstboot_write_pipe(consoletype_t)
')
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
logrotate_dontaudit_use_fd(consoletype_t)
')
-optional_policy(`lpd.te',`
+optional_policy(`lpd',`
lpd_read_config(consoletype_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(consoletype_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
# Commonly used from postinst scripts
rpm_read_pipe(consoletype_t)
')
-optional_policy(`userdomain.te',`
+optional_policy(`userdomain',`
userdom_use_unpriv_users_fd(consoletype_t)
')
ifdef(`TODO',`
-optional_policy(`xdm.te', `
+optional_policy(`xdm', `
allow consoletype_t xdm_tmp_t:file rw_file_perms;
')
# this goes to xdm module
ifdef(`targeted_policy',`
- optional_policy(`consoletype.te',`
+ optional_policy(`consoletype',`
consoletype_domtrans(xdm_t)
')
')
-optional_policy(`lpd.te', `
+optional_policy(`lpd', `
allow consoletype_t printconf_t:file r_file_perms;
')
diff --git a/refpolicy/policy/modules/admin/dmesg.te b/refpolicy/policy/modules/admin/dmesg.te
index 51f2be7..1d83fe3 100644
--- a/refpolicy/policy/modules/admin/dmesg.te
+++ b/refpolicy/policy/modules/admin/dmesg.te
@@ -62,16 +62,16 @@ ifdef(`targeted_policy',`
userdom_use_sysadm_terms(dmesg_t)
userdom_dontaudit_use_unpriv_user_fd(dmesg_t)
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dmesg_t)
')
- optional_policy(`udev.te', `
+ optional_policy(`udev',`
udev_read_db(dmesg_t)
')
ifdef(`TODO',`
- optional_policy(`rhgb.te',`
+ optional_policy(`rhgb',`
rhgb_domain(dmesg_t)
')
') dnl endif TODO
diff --git a/refpolicy/policy/modules/admin/firstboot.te b/refpolicy/policy/modules/admin/firstboot.te
index f0f5807..cd171a6 100644
--- a/refpolicy/policy/modules/admin/firstboot.te
+++ b/refpolicy/policy/modules/admin/firstboot.te
@@ -111,15 +111,15 @@ ifdef(`targeted_policy',`
unconfined_domtrans(firstboot_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(firstboot_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
samba_rw_config(firstboot_t)
')
-optional_policy(`usermanage.te',`
+optional_policy(`usermanage',`
usermanage_domtrans_chfn(firstboot_t)
usermanage_domtrans_groupadd(firstboot_t)
usermanage_domtrans_passwd(firstboot_t)
diff --git a/refpolicy/policy/modules/admin/kudzu.te b/refpolicy/policy/modules/admin/kudzu.te
index 957965b..a7a6a82 100644
--- a/refpolicy/policy/modules/admin/kudzu.te
+++ b/refpolicy/policy/modules/admin/kudzu.te
@@ -134,37 +134,37 @@ tunable_policy(`allow_execmem',`
allow kudzu_t self:process execmem;
')
-optional_policy(`gpm.te',`
+optional_policy(`gpm',`
gpm_getattr_gpmctl(kudzu_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(kudzu_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(kudzu_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(kudzu_t)
')
ifdef(`TODO',`
allow kudzu_t modules_conf_t:file unlink;
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(kudzu_t)
')
-optional_policy(`lpd.te',`
+optional_policy(`lpd',`
allow kudzu_t printconf_t:file { getattr read };
')
-optional_policy(`xserver.te',`
+optional_policy(`xserver',`
allow kudzu_t xserver_exec_t:file getattr;
')
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
allow kudzu_t rhgb_t:unix_stream_socket connectto;
')
-optional_policy(`userhelper.te',`
+optional_policy(`userhelper',`
role system_r types sysadm_userhelper_t;
domain_auto_trans(kudzu_t, userhelper_exec_t, sysadm_userhelper_t)
')
diff --git a/refpolicy/policy/modules/admin/logrotate.te b/refpolicy/policy/modules/admin/logrotate.te
index 31569ea..f800cd1 100644
--- a/refpolicy/policy/modules/admin/logrotate.te
+++ b/refpolicy/policy/modules/admin/logrotate.te
@@ -131,52 +131,52 @@ ifdef(`targeted_policy',`
unconfined_domain_template(logrotate_t)
')
-optional_policy(`acct.te',`
+optional_policy(`acct',`
acct_domtrans(logrotate_t)
acct_manage_data(logrotate_t)
acct_exec_data(logrotate_t)
')
-optional_policy(`apache.te',`
+optional_policy(`apache',`
apache_read_config(logrotate_t)
apache_domtrans(logrotate_t)
apache_signull(logrotate_t)
')
-optional_policy(`consoletype.te',`
+optional_policy(`consoletype',`
consoletype_exec(logrotate_t)
')
-optional_policy(`hostname.te',`
+optional_policy(`hostname',`
hostname_exec(logrotate_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
samba_exec_log(logrotate_t)
')
-optional_policy(`mailman.te',`
+optional_policy(`mailman',`
mailman_exec(logrotate_t)
mailman_search_data(logrotate_t)
mailman_manage_log(logrotate_t)
')
-optional_policy(`mysql.te',`
+optional_policy(`mysql',`
mysql_read_config(logrotate_t)
mysql_search_db_dir(logrotate_t)
mysql_stream_connect(logrotate_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(logrotate_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(logrotate_t)
')
-optional_policy(`squid.te',`
+optional_policy(`squid',`
# cjp: why?
squid_domtrans(logrotate_t)
')
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 641012c..3842a46 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -82,7 +82,7 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(netutils_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(netutils_t)
')
@@ -144,19 +144,19 @@ ifdef(`targeted_policy',`
')
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(ping_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(ping_t)
')
-optional_policy(`pcmcia.te',`
+optional_policy(`pcmcia',`
pcmcia_use_cardmgr_fd(ping_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
hotplug_use_fd(ping_t)
')
@@ -225,11 +225,11 @@ tunable_policy(`user_ping',`
term_use_all_user_ptys(traceroute_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(traceroute_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(traceroute_t)
')
diff --git a/refpolicy/policy/modules/admin/quota.te b/refpolicy/policy/modules/admin/quota.te
index f4b5246..efced03 100644
--- a/refpolicy/policy/modules/admin/quota.te
+++ b/refpolicy/policy/modules/admin/quota.te
@@ -67,11 +67,11 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(quota_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(quota_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(quota_t)
')
@@ -82,7 +82,7 @@ file_type_auto_trans(quota_t, { root_t home_root_t var_t usr_t src_t var_spool_t
allow quota_t file_t:file quotaon;
allow quota_t proc_t:file getattr;
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(quota_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index 0961259..dd7c79c 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -177,15 +177,15 @@ ifdef(`targeted_policy',`
logging_create_log(rpm_t,rpm_log_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(rpm_t,rpm_exec_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(rpm_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(rpm_t)
')
@@ -205,7 +205,7 @@ allow rpm_t mount_t:tcp_socket write;
allow rpm_t rpc_pipefs_t:dir search;
-optional_policy(`gnome-pty-helper.te', `
+optional_policy(`gnome-pty-helper',`
allow rpm_t sysadm_gph_t:fd use;
')
') dnl endif TODO
@@ -322,12 +322,12 @@ ifdef(`targeted_policy',`
unconfined_domain_template(rpm_script_t)
',`
ifdef(`distro_redhat',`
- optional_policy(`mta.te',`
+ optional_policy(`mta',`
mta_send_mail(rpm_script_t)
')
')
- optional_policy(`bootloader.te',`
+ optional_policy(`bootloader',`
bootloader_domtrans(rpm_script_t)
')
')
@@ -336,17 +336,17 @@ tunable_policy(`allow_execmem',`
allow rpm_script_t self:process execmem;
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(rpm_script_t)
')
-optional_policy(`usermanage.te',`
+optional_policy(`usermanage',`
usermanage_domtrans_groupadd(rpm_script_t)
usermanage_domtrans_useradd(rpm_script_t)
')
ifdef(`TODO',`
-optional_policy(`lpd.te', `
+optional_policy(`lpd',`
can_exec(rpm_script_t,printconf_t)
')
') dnl end TODO
@@ -371,7 +371,7 @@ seutil_read_src_pol(rpmbuild_t)
ifdef(`TODO',`
-optional_policy(`cups.te', `
+optional_policy(`cups',`
allow cupsd_t rpm_var_lib_t:dir r_dir_perms;
allow cupsd_t rpm_var_lib_t:file r_file_perms;
allow cupsd_t rpb_var_lib_t:lnk_file r_file_perms;
@@ -379,16 +379,16 @@ allow cupsd_t initrc_exec_t:file r_file_perms;
domain_auto_trans(rpm_script_t, cupsd_exec_t, cupsd_t)
')
-optional_policy(`ssh-agent.te', `
+optional_policy(`ssh-agent',`
domain_auto_trans(rpm_script_t, ssh_agent_exec_t, sysadm_ssh_agent_t)
')
-optional_policy(`prelink.te', `
+optional_policy(`prelink',`
domain_auto_trans(rpm_t, prelink_exec_t, prelink_t)
')
ifdef(`hide_broken_symptoms', `
- optional_policy(`pamconsole.te', `
+ optional_policy(`pamconsole',`
domain_trans(rpm_t, pam_console_exec_t, rpm_script_t)
')
')
diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index c296943..b310268 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -77,15 +77,15 @@ template(`su_restricted_domain_template', `
# Only allow transitions to unprivileged user domains.
userdom_spec_domtrans_unpriv_users($1_su_t)
- optional_policy(`cron.te',`
+ optional_policy(`cron',`
cron_read_pipe($1_su_t)
')
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use($1_su_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_su_t)
')
@@ -247,15 +247,15 @@ template(`su_per_userdomain_template',`
fs_search_cifs($1_su_t)
')
- optional_policy(`cron.te',`
+ optional_policy(`cron',`
cron_read_pipe($1_su_t)
')
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use($1_su_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_su_t)
')
diff --git a/refpolicy/policy/modules/admin/sudo.if b/refpolicy/policy/modules/admin/sudo.if
index fda3c0a..97b9d8f 100644
--- a/refpolicy/policy/modules/admin/sudo.if
+++ b/refpolicy/policy/modules/admin/sudo.if
@@ -155,11 +155,11 @@ template(`sudo_per_userdomain_template',`
userdom_spec_domtrans_all_users($1_sudo_t)
}
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_sudo_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_sudo_t)
')
diff --git a/refpolicy/policy/modules/admin/updfstab.te b/refpolicy/policy/modules/admin/updfstab.te
index ac5487d..17331c1 100644
--- a/refpolicy/policy/modules/admin/updfstab.te
+++ b/refpolicy/policy/modules/admin/updfstab.te
@@ -89,45 +89,45 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(updfstab_t)
')
-optional_policy(`authlogin.te',`
+optional_policy(`authlogin',`
auth_domtrans_pam_console(updfstab_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_system_bus_client_template(updfstab,updfstab_t)
dbus_send_system_bus_msg(updfstab_t)
')
-optional_policy(`hald.te',`
+optional_policy(`hald',`
hal_stream_connect(updfstab_t)
')
-optional_policy(`modutils.te',`
+optional_policy(`modutils',`
modutils_read_module_conf(updfstab_t)
modutils_exec_insmod(updfstab_t)
modutils_read_mods_deps(updfstab_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(updfstab_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(updfstab_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(updfstab_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(updfstab_t)
')
allow updfstab_t tmpfs_t:dir getattr;
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
allow initrc_t updfstab_t:dbus send_msg;
allow updfstab_t initrc_t:dbus send_msg;
')
diff --git a/refpolicy/policy/modules/admin/usermanage.te b/refpolicy/policy/modules/admin/usermanage.te
index f5934f6..84f7a86 100644
--- a/refpolicy/policy/modules/admin/usermanage.te
+++ b/refpolicy/policy/modules/admin/usermanage.te
@@ -132,7 +132,7 @@ userdom_use_unpriv_users_fd(chfn_t)
# on user home dir
userdom_dontaudit_search_all_users_home(chfn_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(chfn_t)
')
@@ -178,7 +178,7 @@ logging_send_syslog_msg(crack_t)
userdom_dontaudit_search_sysadm_home_dir(crack_t)
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(crack_t,crack_exec_t)
')
@@ -246,15 +246,15 @@ userdom_use_unpriv_users_fd(groupadd_t)
# for when /root is the cwd
userdom_dontaudit_search_sysadm_home_dir(groupadd_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(groupadd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(groupadd_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
rpm_use_fd(groupadd_t)
rpm_rw_pipe(groupadd_t)
')
@@ -339,7 +339,7 @@ userdom_use_unpriv_users_fd(passwd_t)
# on user home dir
userdom_dontaudit_search_all_users_home(passwd_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(passwd_t)
')
@@ -435,7 +435,7 @@ userdom_use_unpriv_users_fd(sysadm_passwd_t)
# on user home dir
userdom_dontaudit_search_all_users_home(sysadm_passwd_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(sysadm_passwd_t)
')
@@ -530,15 +530,15 @@ userdom_create_generic_user_home(useradd_t,notdevfile_class_set)
mta_manage_spool(useradd_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(useradd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(useradd_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
rpm_use_fd(useradd_t)
rpm_rw_pipe(useradd_t)
')
diff --git a/refpolicy/policy/modules/admin/vpn.te b/refpolicy/policy/modules/admin/vpn.te
index b95df4e..832d64d 100644
--- a/refpolicy/policy/modules/admin/vpn.te
+++ b/refpolicy/policy/modules/admin/vpn.te
@@ -98,14 +98,14 @@ sysnet_manage_config(vpnc_t)
userdom_use_all_user_fd(vpnc_t)
userdom_dontaudit_search_all_users_home(vpnc_t)
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(vpnc_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(vpnc_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(vpnc_t)
')
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 80b1624..c82f621 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -125,7 +125,7 @@ template(`gpg_per_userdomain_template',`
userdom_use_user_terminals($1,$1_gpg_t)
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_gpg_t)
')
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index cfaa1af..80dcd43 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -95,18 +95,18 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(webalizer_t)
')
-optional_policy(`ftp.te',`
+optional_policy(`ftp',`
ftp_read_log(webalizer_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(webalizer_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(webalizer_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(webalizer_t,webalizer_exec_t)
')
diff --git a/refpolicy/policy/modules/kernel/bootloader.te b/refpolicy/policy/modules/kernel/bootloader.te
index 9d3fd0c..daaee17 100644
--- a/refpolicy/policy/modules/kernel/bootloader.te
+++ b/refpolicy/policy/modules/kernel/bootloader.te
@@ -200,18 +200,18 @@ ifdef(`targeted_policy',`
term_use_generic_pty(bootloader_t)
')
-optional_policy(`fstools.te',`
+optional_policy(`fstools',`
fstools_exec(bootloader_t)
')
-optional_policy(`lvm.te',`
+optional_policy(`lvm',`
dev_rw_lvm_control(bootloader_t)
lvm_domtrans(bootloader_t)
lvm_read_config(bootloader_t)
')
-optional_policy(`modutils.te',`
+optional_policy(`modutils',`
modutils_exec_insmod(bootloader_t)
modutils_read_mods_deps(bootloader_t)
modutils_read_module_conf(bootloader_t)
@@ -220,15 +220,15 @@ optional_policy(`modutils.te',`
modutils_exec_update_mods(bootloader_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(bootloader_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
rpm_rw_pipe(bootloader_t)
')
-optional_policy(`userdomain.te',`
+optional_policy(`userdomain',`
userdom_dontaudit_search_staff_home_dir(bootloader_t)
userdom_dontaudit_search_sysadm_home_dir(bootloader_t)
')
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 5fa2c8e..5edbef5 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -230,11 +230,11 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(kernel_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(kernel_t)
')
-optional_policy(`rpc.te',`
+optional_policy(`rpc',`
# nfs kernel server needs kernel UDP access. It is less risky and painful
# to just give it everything.
allow kernel_t self:tcp_socket create_stream_socket_perms;
diff --git a/refpolicy/policy/modules/services/apache.if b/refpolicy/policy/modules/services/apache.if
index 601edbf..00a97c6 100644
--- a/refpolicy/policy/modules/services/apache.if
+++ b/refpolicy/policy/modules/services/apache.if
@@ -206,24 +206,24 @@ template(`apache_content_template',`
sysnet_read_config(httpd_$1_script_t)
')
- optional_policy(`mount.te',`
+ optional_policy(`mount',`
tunable_policy(`httpd_enable_cgi && httpd_can_network_connect',`
mount_send_nfs_client_request(httpd_$1_script_t)
')
')
- optional_policy(`mta.te',`
+ optional_policy(`mta',`
mta_send_mail(httpd_$1_script_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
tunable_policy(`httpd_enable_cgi && allow_ypbind',`
nis_use_ypbind_uncond(httpd_$1_script_t)
')
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket(httpd_$1_script_t)
')
')
diff --git a/refpolicy/policy/modules/services/apache.te b/refpolicy/policy/modules/services/apache.te
index 84b8bef..7edc7a3 100644
--- a/refpolicy/policy/modules/services/apache.te
+++ b/refpolicy/policy/modules/services/apache.te
@@ -383,11 +383,11 @@ tunable_policy(`httpd_tty_comm',`
userdom_dontaudit_use_sysadm_terms(httpd_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(httpd_t)
')
-optional_policy(`mailman.te',`
+optional_policy(`mailman',`
mailman_signal_cgi(httpd_t)
mailman_domtrans_cgi(httpd_t)
# should have separate types for public and private archives
@@ -395,30 +395,30 @@ optional_policy(`mailman.te',`
mailman_read_archive(httpd_t)
')
-optional_policy(`mysql.te',`
+optional_policy(`mysql',`
mysql_stream_connect(httpd_t)
mysql_rw_db_socket(httpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(httpd_t)
')
-optional_policy(`postgresql.te',`
+optional_policy(`postgresql',`
# Allow httpd to work with postgresql
postgresql_unix_connect(httpd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(httpd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev', `
udev_read_db(httpd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(httpd_t)
')
@@ -492,11 +492,11 @@ libs_use_shared_libs(httpd_php_t)
userdom_use_unpriv_users_fd(httpd_php_t)
-optional_policy(`mysql.te',`
+optional_policy(`mysql',`
mysql_stream_connect(httpd_php_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(httpd_php_t)
')
@@ -610,28 +610,28 @@ tunable_policy(`httpd_enable_homedirs && use_samba_home_dirs',`
fs_execute_cifs_files(httpd_suexec_t)
')
-optional_policy(`mailman.te',`
+optional_policy(`mailman',`
mailman_domtrans_cgi(httpd_suexec_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
tunable_policy(`httpd_can_network_connect',`
mount_send_nfs_client_request(httpd_suexec_t)
')
')
-optional_policy(`mta.te',`
+optional_policy(`mta',`
mta_stub(httpd_suexec_t)
# apache should set close-on-exec
dontaudit httpd_suexec_t httpd_t:unix_stream_socket { read write };
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(httpd_suexec_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(httpd_suexec_t)
')
@@ -665,7 +665,7 @@ ifdef(`targeted_policy',`
')
')
-optional_policy(`mysql.te',`
+optional_policy(`mysql',`
mysql_stream_connect(httpd_sys_script_t)
mysql_rw_db_socket(httpd_sys_script_t)
')
@@ -677,6 +677,6 @@ optional_policy(`mysql.te',`
unconfined_domain_template(httpd_unconfined_script_t)
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(httpd_unconfined_script_t)
')
diff --git a/refpolicy/policy/modules/services/apm.te b/refpolicy/policy/modules/services/apm.te
index 134a1c0..cb041f4 100644
--- a/refpolicy/policy/modules/services/apm.te
+++ b/refpolicy/policy/modules/services/apm.te
@@ -155,15 +155,15 @@ ifdef(`distro_redhat',`
can_exec(apmd_t, apmd_var_run_t)
# ifconfig_exec_t needs to be run in its own domain for Red Hat
- optional_policy(`sysnetwork.te',`
+ optional_policy(`sysnetwork',`
sysnet_domtrans_ifconfig(apmd_t)
')
- optional_policy(`iptables.te',`
+ optional_policy(`iptables',`
iptables_domtrans(apmd_t)
')
- optional_policy(`netutils.te',`
+ optional_policy(`netutils',`
netutils_domtrans(apmd_t)
')
@@ -186,37 +186,37 @@ ifdef(`targeted_policy',`
unconfined_domain_template(apmd_t)
')
-optional_policy(`clock.te',`
+optional_policy(`clock',`
clock_domtrans(apmd_t)
clock_rw_adjtime(apmd_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_domtrans_anacron_system_job(apmd_t)
')
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
logrotate_use_fd(apmd_t)
')
-optional_policy(`mta.te',`
+optional_policy(`mta',`
mta_send_mail(apmd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(apmd_t)
')
-optional_policy(`pcmcia.te',`
+optional_policy(`pcmcia',`
pcmcia_domtrans_cardmgr(apmd_t)
pcmcia_domtrans_cardctl(apmd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(apmd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(apmd_t)
udev_read_state(apmd_t) #necessary?
')
@@ -224,13 +224,13 @@ optional_policy(`udev.te',`
ifdef(`TODO',`
allow apmd_t proc_t:file write;
allow apmd_t user_tty_type:chr_file { ioctl read getattr lock write append };
-optional_policy(`cron.te',`
+optional_policy(`cron',`
allow apmd_t crond_t:fifo_file { getattr read write ioctl };
')
r_dir_file(apmd_t, hwdata_t)
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(apmd_t)
')
')
diff --git a/refpolicy/policy/modules/services/arpwatch.te b/refpolicy/policy/modules/services/arpwatch.te
index 0566c05..49a3b38 100644
--- a/refpolicy/policy/modules/services/arpwatch.te
+++ b/refpolicy/policy/modules/services/arpwatch.te
@@ -98,25 +98,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(arpwatch_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(arpwatch_t)
')
-optional_policy(`qmail.te',`
+optional_policy(`qmail',`
corecmd_search_bin(arpwatch_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(arpwatch_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(arpwatch_t)
')
ifdef(`TODO',`
# TODO from daemon_domain
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(arpwatch_t)
')
')
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index 9f5060e..ca5e534 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -86,7 +86,7 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(avahi_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_system_bus_client_template(avahi,avahi_t)
dbus_connect_system_bus(avahi_t)
dbus_send_system_bus_msg(avahi_t)
@@ -96,20 +96,20 @@ optional_policy(`dbus.te',`
allow unconfined_t avahi_t:dbus send_msg;
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(avahi_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(avahi_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(avahi_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(avahi_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/bind.te b/refpolicy/policy/modules/services/bind.te
index 7c31188..e41fed1 100644
--- a/refpolicy/policy/modules/services/bind.te
+++ b/refpolicy/policy/modules/services/bind.te
@@ -150,7 +150,7 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(named_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
gen_require(`
class dbus send_msg;
')
@@ -161,19 +161,19 @@ optional_policy(`dbus.te',`
dbus_send_system_bus_msg(named_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(named_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(named_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(named_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(named_t)
')
@@ -181,7 +181,7 @@ ifdef(`TODO',`
can_udp_send(domain, named_t)
can_udp_send(named_t, domain)
can_tcp_connect(domain, named_t)
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(named_t)
')
')
@@ -259,19 +259,19 @@ tunable_policy(`named_write_master_zones',`
allow named_t named_zone_t:lnk_file create_lnk_perms;
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(named_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(ndc_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(ndc_t)
')
-optional_policy(`bind.te',`
+optional_policy(`bind',`
ppp_dontaudit_use_fd(ndc_t)
')
@@ -286,12 +286,12 @@ allow named_t dhcpc_t:dbus send_msg;
allow dhcpc_t named_t:dbus send_msg;
# cjp: this whole block was originally in networkmanager
-optional_policy(`networkmanager.te',`
+optional_policy(`networkmanager',`
gen_require(`
type NetworkManager_t;
')
-# optional_policy(`dbus.te',`
+# optional_policy(`dbus',`
# gen_require(`
# class dbus send_msg;
# ')
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 5d6e7bb..3bed3e6 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -141,25 +141,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(bluetooth_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_system_bus_client_template(bluetooth,bluetooth_t)
dbus_send_system_bus_msg(bluetooth_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(bluetooth_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(bluetooth_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(bluetooth_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(bluetooth_t)
')
') dnl end TOOD
@@ -208,7 +208,7 @@ miscfiles_read_fonts(bluetooth_helper_t)
userdom_search_all_users_home(bluetooth_helper_t)
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(bluetooth_helper_t)
')
diff --git a/refpolicy/policy/modules/services/canna.te b/refpolicy/policy/modules/services/canna.te
index 317b261..105671c 100644
--- a/refpolicy/policy/modules/services/canna.te
+++ b/refpolicy/policy/modules/services/canna.te
@@ -94,24 +94,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(canna_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(canna_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(canna_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(canna_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(canna_t)
')
-optional_policy(`canna.te',`
+optional_policy(`canna',`
canna_stream_connect(i18n_input_t)
')
')
diff --git a/refpolicy/policy/modules/services/comsat.te b/refpolicy/policy/modules/services/comsat.te
index ffeb150..dc2cfb5 100644
--- a/refpolicy/policy/modules/services/comsat.te
+++ b/refpolicy/policy/modules/services/comsat.te
@@ -79,15 +79,15 @@ userdom_dontaudit_getattr_sysadm_tty(comsat_t)
mta_getattr_spool(comsat_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(comsat_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(comsat_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(comsat_t)
')
diff --git a/refpolicy/policy/modules/services/cpucontrol.te b/refpolicy/policy/modules/services/cpucontrol.te
index c858827..2a067e0 100644
--- a/refpolicy/policy/modules/services/cpucontrol.te
+++ b/refpolicy/policy/modules/services/cpucontrol.te
@@ -61,20 +61,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cpucontrol_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(cpucontrol_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cpucontrol_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(cpucontrol_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(cpucontrol_t)
')
') dnl end TODO
@@ -121,20 +121,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cpuspeed_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(cpuspeed_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cpuspeed_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(cpuspeed_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(cpuspeed_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index 3df2e37..f3ce31e 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -146,12 +146,12 @@ template(`cron_per_userdomain_template',`
allow crond_t $1_cron_spool_t:file create_file_perms;
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_crond_t)
')
ifdef(`TODO',`
- optional_policy(`apache.te', `
+ optional_policy(`apache',`
create_dir_file($1_crond_t, httpd_$1_content_t)
')
allow $1_crond_t tmp_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 8215185..250af7c 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -133,7 +133,7 @@ userdom_use_unpriv_users_fd(crond_t)
ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out.
- optional_policy(`rpm.te', `
+ optional_policy(`rpm',`
rpm_manage_log(crond_t)
')
')
@@ -170,29 +170,29 @@ tunable_policy(`fcron_crond', `
allow crond_t system_cron_spool_t:file create_file_perms;
')
-optional_policy(`hal.te',`
+optional_policy(`hal',`
hal_dbus_send(crond_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(crond_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(crond_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
# Commonly used from postinst scripts
rpm_read_pipe(crond_t)
')
-optional_policy(`postgresql.te', `
+optional_policy(`postgresql',`
# allow crond to find /usr/lib/postgresql/bin/do.maintenance
postgresql_search_db_dir(crond_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(crond_t)
')
@@ -200,7 +200,7 @@ ifdef(`TODO',`
# NB The constraints file has some entries for crond_t, this makes it
# different from all other domains...
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(crond_t)
')
@@ -222,7 +222,7 @@ allow crond_t user_home_dir_type:dir r_dir_perms;
# System cron process domain
#
-optional_policy(`squid.te',`
+optional_policy(`squid',`
# cjp: why?
squid_domtrans(system_crond_t)
')
@@ -352,7 +352,7 @@ ifdef(`targeted_policy',`
ifdef(`distro_redhat', `
# Run the rpm program in the rpm_t domain. Allow creation of RPM log files
# via redirection of standard out.
- optional_policy(`rpm.te', `
+ optional_policy(`rpm',`
rpm_manage_log(system_crond_t)
')
')
@@ -369,33 +369,33 @@ ifdef(`targeted_policy',`
seutil_read_file_contexts(system_crond_t)
')
- optional_policy(`cyrus.te',`
+ optional_policy(`cyrus',`
cyrus_manage_data(system_crond_t)
')
- optional_policy(`ftp.te',`
+ optional_policy(`ftp',`
ftp_read_log(system_crond_t)
')
- optional_policy(`inn.te',`
+ optional_policy(`inn',`
inn_manage_log(system_crond_t)
inn_manage_pid(system_crond_t)
inn_read_config(system_crond_t)
')
- optional_policy(`mysql.te',`
+ optional_policy(`mysql',`
mysql_read_config(system_crond_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind(system_crond_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket(system_crond_t)
')
- optional_policy(`samba.te',`
+ optional_policy(`samba',`
samba_read_config(system_crond_t)
samba_read_log(system_crond_t)
#samba_read_secrets(system_crond_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 2a08f29..b84ecd6 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -198,35 +198,35 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cupsd_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd,cupsd_t)
dbus_send_system_bus_msg(cupsd_t)
allow cupsd_t userdomain:dbus send_msg;
')
-optional_policy(`hostname.te',`
+optional_policy(`hostname',`
hostname_exec(cupsd_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(cupsd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(cupsd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cupsd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(cupsd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(cupsd_t)
')
allow web_client_domain cupsd_t:tcp_socket { connectto recvfrom };
@@ -246,11 +246,11 @@ dontaudit cupsd_t random_device_t:chr_file ioctl;
# temporary solution, we need something better
allow cupsd_t serial_device:chr_file rw_file_perms;
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
domain_auto_trans(logrotate_t, cupsd_exec_t, cupsd_t)
')
-optional_policy(`inetd.te', `
+optional_policy(`inetd',`
domain_auto_trans(inetd_t, cupsd_exec_t, cupsd_t)
')
@@ -262,7 +262,7 @@ dontaudit cupsd_t etc_t:file write;
# Send to portmap.
-optional_policy(`portmap.te', `
+optional_policy(`portmap', `
allow cupsd_t portmap_t:udp_socket sendto;
allow portmap_t cupsd_t:udp_socket recvfrom;
allow portmap_t cupsd_t:udp_socket sendto;
@@ -281,7 +281,7 @@ allow cupsd_t var_t:dir { getattr read search };
allow cupsd_t var_t:file r_file_perms;
allow cupsd_t var_t:lnk_file { getattr read };
-optional_policy(`samba.te', `
+optional_policy(`samba',`
# cjp: rw_dir_perms here doesnt make sense
allow cupsd_t samba_var_t:dir rw_dir_perms;
allow cupsd_t samba_var_t:file rw_file_perms;
@@ -289,7 +289,7 @@ allow cupsd_t samba_var_t:lnk_file { getattr read };
allow smbd_t cupsd_etc_t:dir search;
')
-optional_policy(`pam.te', `
+optional_policy(`authlogin',`
dontaudit cupsd_t pam_var_run_t:file { getattr read };
')
dontaudit cupsd_t { sysadm_home_dir_t staff_home_dir_t }:dir { getattr search };
@@ -369,16 +369,16 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ptal_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ptal_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(ptal_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(ptal_t)
')
') dnl end TODO
@@ -479,20 +479,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(hplip_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(hplip_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hplip_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(hplip_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(hplip_t)
')
') dnl end TODO
@@ -599,36 +599,36 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(cupsd_config_t)
')
-optional_policy(`hal.te',`
+optional_policy(`hal',`
hal_domtrans(cupsd_config_t)
')
-optional_policy(`hostname.te',`
+optional_policy(`hostname',`
hostname_exec(cupsd_config_t)
')
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
logrotate_use_fd(cupsd_config_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(cupsd_config_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(cupsd_config_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cupsd_config_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(cupsd_config_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(cupsd_config_t)
')
') dnl end TODO
@@ -637,7 +637,7 @@ allow cupsd_config_t devpts_t:dir search;
allow cupsd_config_t devpts_t:chr_file { getattr ioctl };
ifdef(`distro_redhat', `
- optional_policy(`rpm.te',`
+ optional_policy(`rpm',`
allow cupsd_config_t rpm_var_lib_t:dir { getattr search };
allow cupsd_config_t rpm_var_lib_t:file { getattr read };
')
@@ -646,7 +646,7 @@ ifdef(`distro_redhat', `
allow cupsd_config_t var_t:lnk_file read;
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_system_bus_client_template(cupsd_config,cupsd_config_t)
dbus_connect_system_bus(cupsd_config_t)
dbus_send_system_bus_msg(cupsd_config_t)
@@ -655,8 +655,8 @@ optional_policy(`dbus.te',`
allow userdomain cupsd_config_t:dbus send_msg;
')
-optional_policy(`hal.te', `
- optional_policy(`dbus.te', `
+optional_policy(`hal', `
+ optional_policy(`dbus',`
allow { cupsd_t cupsd_config_t } hald_t:dbus send_msg;
allow hald_t { cupsd_t cupsd_config_t }:dbus send_msg;
')
@@ -703,7 +703,7 @@ allow cupsd_lpd_t self:udp_socket create_socket_perms;
allow cupsd_lpd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow cupsd_lpd_t self:capability { setuid setgid };
files_search_home(cupsd_lpd_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(cupsd_lpd_t)
')
#end for identd
@@ -755,10 +755,10 @@ miscfiles_read_localization(cupsd_lpd_t)
sysnet_read_config(cupsd_lpd_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(cupsd_lpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(cupsd_lpd_t)
')
diff --git a/refpolicy/policy/modules/services/cvs.te b/refpolicy/policy/modules/services/cvs.te
index d2338c1..e2c87e1 100644
--- a/refpolicy/policy/modules/services/cvs.te
+++ b/refpolicy/policy/modules/services/cvs.te
@@ -85,17 +85,17 @@ sysnet_read_config(cvs_t)
mta_send_mail(cvs_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(cvs_t)
kerberos_read_keytab(cvs_t)
kerberos_read_config(cvs_t)
kerberos_dontaudit_write_config(cvs_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(cvs_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(cvs_t)
')
diff --git a/refpolicy/policy/modules/services/cyrus.te b/refpolicy/policy/modules/services/cyrus.te
index 14c0787..0a40f25 100644
--- a/refpolicy/policy/modules/services/cyrus.te
+++ b/refpolicy/policy/modules/services/cyrus.te
@@ -117,32 +117,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cyrus_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(cyrus_t,cyrus_exec_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(cyrus_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(cyrus_t)
')
-optional_policy(`sasl.te',`
+optional_policy(`sasl',`
sasl_connect(cyrus_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(cyrus_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(cyrus_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(cyrus_t)
')
')
diff --git a/refpolicy/policy/modules/services/dbskk.te b/refpolicy/policy/modules/services/dbskk.te
index 96c3388..935427c 100644
--- a/refpolicy/policy/modules/services/dbskk.te
+++ b/refpolicy/policy/modules/services/dbskk.te
@@ -32,7 +32,7 @@ allow dbskkd_t self:udp_socket create_socket_perms;
allow dbskkd_t self:netlink_tcpdiag_socket r_netlink_socket_perms;
allow dbskkd_t self:capability { setuid setgid };
files_search_home(dbskkd_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(dbskkd_t)
')
#end for identd
@@ -75,10 +75,10 @@ miscfiles_read_localization(dbskkd_t)
sysnet_read_config(dbskkd_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(dbskkd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(dbskkd_t)
')
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index c25bafb..7e1359e 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -141,11 +141,11 @@ template(`dbus_per_userdomain_template',`
files_read_default_pipes($1_dbusd_t)
')
- optional_policy(`authlogin.te',`
+ optional_policy(`authlogin',`
auth_read_pam_console_data($1_dbusd_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_dbusd_t)
')
diff --git a/refpolicy/policy/modules/services/dbus.te b/refpolicy/policy/modules/services/dbus.te
index af8f877..71bbbd8 100644
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@@ -124,24 +124,24 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(system_dbusd_t)
')
-optional_policy(`bind.te',`
+optional_policy(`bind',`
bind_domtrans(system_dbusd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(system_dbusd_t)
')
-optional_policy(`sysnetwork.te',`
+optional_policy(`sysnetwork',`
sysnet_domtrans_dhcpc(system_dbusd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(system_dbusd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(system_dbusd_t)
')
')
diff --git a/refpolicy/policy/modules/services/dhcp.te b/refpolicy/policy/modules/services/dhcp.te
index c6ad9d5..c13ddbf 100644
--- a/refpolicy/policy/modules/services/dhcp.te
+++ b/refpolicy/policy/modules/services/dhcp.te
@@ -114,33 +114,33 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dhcpd_t)
')
-optional_policy(`bind.te',`
+optional_policy(`bind',`
# used for dynamic DNS
bind_read_dnssec_keys(dhcpd_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(dhcpd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(dhcpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(dhcpd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dhcpd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(dhcpd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(dhcpd_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/dictd.te b/refpolicy/policy/modules/services/dictd.te
index 4cb2e39..60b402b 100644
--- a/refpolicy/policy/modules/services/dictd.te
+++ b/refpolicy/policy/modules/services/dictd.te
@@ -86,24 +86,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dictd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(dictd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(dictd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dictd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(dictd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(dictd_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/distcc.te b/refpolicy/policy/modules/services/distcc.te
index c0d09d8..5728da1 100644
--- a/refpolicy/policy/modules/services/distcc.te
+++ b/refpolicy/policy/modules/services/distcc.te
@@ -96,20 +96,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(distccd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(distccd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(distccd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(distccd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(distccd_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/dovecot.te b/refpolicy/policy/modules/services/dovecot.te
index 3e07ec8..2315bca 100644
--- a/refpolicy/policy/modules/services/dovecot.te
+++ b/refpolicy/policy/modules/services/dovecot.te
@@ -121,19 +121,19 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(dovecot_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(dovecot_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(dovecot_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dovecot_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(dovecot_t)
')
@@ -170,24 +170,24 @@ seutil_dontaudit_search_config(dovecot_auth_t)
sysnet_dns_name_resolve(dovecot_auth_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(dovecot_auth_t)
')
-optional_policy(`logging.te',`
+optional_policy(`logging',`
logging_send_syslog_msg(dovecot_auth_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(dovecot_auth_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(dovecot_auth_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(dovecot_t)
')
')
diff --git a/refpolicy/policy/modules/services/finger.te b/refpolicy/policy/modules/services/finger.te
index f38f3bd..a82e455 100644
--- a/refpolicy/policy/modules/services/finger.te
+++ b/refpolicy/policy/modules/services/finger.te
@@ -107,32 +107,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(fingerd_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(fingerd_t,fingerd_exec_t)
')
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
logrotate_exec(fingerd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(fingerd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(fingerd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(fingerd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(fingerd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(fingerd_t)
')
')
diff --git a/refpolicy/policy/modules/services/ftp.te b/refpolicy/policy/modules/services/ftp.te
index d70bcfd..8b44ff0 100644
--- a/refpolicy/policy/modules/services/ftp.te
+++ b/refpolicy/policy/modules/services/ftp.te
@@ -132,7 +132,7 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty(ftpd_t)
term_dontaudit_use_unallocated_tty(ftpd_t)
- optional_policy(`ftp.te',`
+ optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',`
# cjp: fix this to use regular interfaces
userdom_manage_user_home_subdir_files(user,ftpd_t)
@@ -178,19 +178,19 @@ tunable_policy(`use_samba_home_dirs && ftp_home_dir',`
fs_read_cifs_symlinks(ftpd_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
corecmd_exec_shell(ftpd_t)
files_read_usr_files(ftpd_t)
cron_system_entry(ftpd_t, ftpd_exec_t)
- optional_policy(`logrotate.te',`
+ optional_policy(`logrotate',`
logrotate_exec(ftpd_t)
')
')
-optional_policy(`inetd.te',`
+optional_policy(`inetd',`
#reh: typeattributes not allowed in conditionals yet.
#tunable_policy(`! ftpd_is_daemon',`
# inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
@@ -198,31 +198,31 @@ optional_policy(`inetd.te',`
inetd_tcp_service_domain(ftpd_t,ftpd_exec_t)
- optional_policy(`tcpd.te',`
+ optional_policy(`tcpd',`
tunable_policy(`! ftpd_is_daemon',`
tcpd_domtrans(tcpd_t)
')
')
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(ftpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(ftpd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ftpd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev', `
udev_read_db(ftpd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(ftpd_t)
')
')
diff --git a/refpolicy/policy/modules/services/gpm.te b/refpolicy/policy/modules/services/gpm.te
index 151087d..296f97f 100644
--- a/refpolicy/policy/modules/services/gpm.te
+++ b/refpolicy/policy/modules/services/gpm.te
@@ -83,11 +83,11 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(gpm_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(gpm_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(gpm_t)
')
@@ -95,7 +95,7 @@ ifdef(`TODO',`
# Access the mouse.
# cjp: why write?
allow gpm_t { event_device_t mouse_device_t }:chr_file rw_file_perms;
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(gpm_t)
')
')
diff --git a/refpolicy/policy/modules/services/hal.te b/refpolicy/policy/modules/services/hal.te
index 0ddb0ee..1a4d53e 100644
--- a/refpolicy/policy/modules/services/hal.te
+++ b/refpolicy/policy/modules/services/hal.te
@@ -126,70 +126,70 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(hald_t)
')
-optional_policy(`apm.te',`
+optional_policy(`apm',`
# For /usr/libexec/hald-addon-acpi
# writes to /var/run/acpid.socket
apm_stream_connect(hald_t)
')
-optional_policy(`cups.te',`
+optional_policy(`cups',`
cups_domtrans_config(hald_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
allow hald_t self:dbus send_msg;
dbus_system_bus_client_template(hald,hald_t)
dbus_send_system_bus_msg(hald_t)
dbus_connect_system_bus(hald_t)
')
-optional_policy(`dmidecode.te',`
+optional_policy(`dmidecode',`
# For /usr/libexec/hald-probe-smbios
dmidecode_domtrans(hald_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
hotplug_read_config(hald_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_domtrans(hald_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(hald_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(hald_t)
')
-optional_policy(`pcmcia.te',`
+optional_policy(`pcmcia',`
pcmcia_manage_pid(hald_t)
pcmcia_manage_runtime_chr(hald_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hald_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev', `
udev_domtrans(hald_t)
udev_read_db(hald_t)
')
-optional_policy(`updfstab.te',`
+optional_policy(`updfstab',`
updfstab_domtrans(hald_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(hald_t)
')
allow hald_t device_t:dir create_dir_perms;
-optional_policy(`hald.te',`
+optional_policy(`hald',`
allow udev_t hald_t:unix_dgram_socket sendto;
')
') dnl end TODO
@@ -199,7 +199,7 @@ allow unconfined_t hald_t:dbus send_msg;
allow hald_t unconfined_t:dbus send_msg;
')
-optional_policy(`updfstab.te',`
+optional_policy(`updfstab',`
allow updfstab_t hald_t:dbus send_msg;
allow hald_t updfstab_t:dbus send_msg;
')
diff --git a/refpolicy/policy/modules/services/howl.te b/refpolicy/policy/modules/services/howl.te
index 53f6beb..1a858ea 100644
--- a/refpolicy/policy/modules/services/howl.te
+++ b/refpolicy/policy/modules/services/howl.te
@@ -81,20 +81,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(howl_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(howl_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(howl_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(howl_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(howl_t)
')
')
diff --git a/refpolicy/policy/modules/services/inetd.te b/refpolicy/policy/modules/services/inetd.te
index 59b2bda..00e089e 100644
--- a/refpolicy/policy/modules/services/inetd.te
+++ b/refpolicy/policy/modules/services/inetd.te
@@ -126,37 +126,37 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(inetd_t)
')
-optional_policy(`amanda.te',`
+optional_policy(`amanda',`
amanda_search_lib(inetd_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(inetd_t)
')
# Communicate with the portmapper.
-optional_policy(`portmap.te',`
+optional_policy(`portmap',`
portmap_udp_sendto(inetd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(inetd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(inetd_t)
')
ifdef(`targeted_policy',`
unconfined_domain_template(inetd_t)
',`
- optional_policy(`unconfined.te',`
+ optional_policy(`unconfined',`
unconfined_domtrans(inetd_t)
')
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(inetd_t)
')
') dnl TODO
@@ -220,21 +220,21 @@ tunable_policy(`run_ssh_inetd',`
corenet_tcp_bind_ssh_port(inetd_t)
')
-optional_policy(`ftp.te',`
+optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',`
# Allows it to check exec privs on daemon
ftp_check_exec(inetd_t)
')
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(inetd_child_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(inetd_child_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(inetd_child_t)
')
diff --git a/refpolicy/policy/modules/services/inn.te b/refpolicy/policy/modules/services/inn.te
index a6ea6fe..ba6218e 100644
--- a/refpolicy/policy/modules/services/inn.te
+++ b/refpolicy/policy/modules/services/inn.te
@@ -121,32 +121,32 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(innd_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(innd_t, innd_exec_t)
')
-optional_policy(`hostname.te',`
+optional_policy(`hostname',`
hostname_exec(innd_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(innd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(innd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(innd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(innd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(innd_t)
')
allow innd_t sysadm_t:unix_dgram_socket sendto;
diff --git a/refpolicy/policy/modules/services/kerberos.te b/refpolicy/policy/modules/services/kerberos.te
index 98e8e01..33e41a7 100644
--- a/refpolicy/policy/modules/services/kerberos.te
+++ b/refpolicy/policy/modules/services/kerberos.te
@@ -136,20 +136,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(kadmind_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(kadmind_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(kadmind_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(kadmind_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(kadmind_t)
')
') dnl end TODO
@@ -241,20 +241,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(krb5kdc_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(krb5kdc_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(krb5kdc_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(krb5kdc_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(krb5kdc_t)
')
diff --git a/refpolicy/policy/modules/services/ktalk.te b/refpolicy/policy/modules/services/ktalk.te
index d3d4529..e346e99 100644
--- a/refpolicy/policy/modules/services/ktalk.te
+++ b/refpolicy/policy/modules/services/ktalk.te
@@ -33,7 +33,7 @@ allow ktalkd_t self:capability { setuid setgid };
allow ktalkd_t self:dir search;
allow ktalkd_t self:{ lnk_file file } { getattr read };
files_search_home(ktalkd_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(ktalkd_t)
')
#end for identd
@@ -75,10 +75,10 @@ miscfiles_read_localization(ktalkd_t)
sysnet_read_config(ktalkd_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(ktalkd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(ktalkd_t)
')
diff --git a/refpolicy/policy/modules/services/ldap.te b/refpolicy/policy/modules/services/ldap.te
index ae0005d..0f535ff 100644
--- a/refpolicy/policy/modules/services/ldap.te
+++ b/refpolicy/policy/modules/services/ldap.te
@@ -137,20 +137,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(slapd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(slapd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(slapd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(slapd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(slapd_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/lpd.te b/refpolicy/policy/modules/services/lpd.te
index d6c433a..9c1943b 100644
--- a/refpolicy/policy/modules/services/lpd.te
+++ b/refpolicy/policy/modules/services/lpd.te
@@ -100,15 +100,15 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(checkpc_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(checkpc_t,checkpc_exec_t)
')
-optional_policy(`logging.te',`
+optional_policy(`logging',`
logging_send_syslog_msg(checkpc_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(checkpc_t)
')
@@ -217,25 +217,25 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(lpd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(lpd_t)
nis_tcp_connect_ypbind(lpd_t)
')
-optional_policy(`portmap.te',`
+optional_policy(`portmap',`
portmap_udp_sendto(lpd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(lpd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(lpd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(lpd_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/mailman.if b/refpolicy/policy/modules/services/mailman.if
index d099648..626e96c 100644
--- a/refpolicy/policy/modules/services/mailman.if
+++ b/refpolicy/policy/modules/services/mailman.if
@@ -85,11 +85,11 @@ template(`mailman_domain_template', `
sysnet_read_config(mailman_$1_t)
- optional_policy(`mount.te',`
+ optional_policy(`mount',`
mount_send_nfs_client_request(mailman_$1_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind(mailman_$1_t)
')
')
diff --git a/refpolicy/policy/modules/services/mailman.te b/refpolicy/policy/modules/services/mailman.te
index 8687b89..163c297 100644
--- a/refpolicy/policy/modules/services/mailman.te
+++ b/refpolicy/policy/modules/services/mailman.te
@@ -35,7 +35,7 @@ mailman_domain_template(queue)
# optionals for file contexts yet, so it is promoted
# to global scope until such facilities exist.
-optional_policy(`apache.te',`
+optional_policy(`apache',`
allow mailman_cgi_t mailman_archive_t:dir create_dir_perms;
allow mailman_cgi_t mailman_archive_t:lnk_file create_lnk_perms;
allow mailman_cgi_t mailman_archive_t:file create_file_perms;
@@ -66,7 +66,7 @@ allow mailman_mail_t self:unix_dgram_socket create_socket_perms;
mta_dontaudit_rw_delivery_tcp_socket(mailman_mail_t)
ifdef(`TODO',`
-optional_policy(`qmail.te', `
+optional_policy(`qmail',`
allow mailman_mail_t qmail_spool_t:file { read ioctl getattr };
# do we really need this?
allow mailman_mail_t qmail_lspawn_t:fifo_file write;
@@ -107,10 +107,10 @@ mta_tcp_connect_all_mailservers(mailman_queue_t)
su_exec(mailman_queue_t)
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(mailman_queue_t,mailman_queue_exec_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(mailman_queue_t)
')
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 40a9180..cb7f1b8 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -131,21 +131,21 @@ template(`mta_per_userdomain_template',`
fs_manage_cifs_symlinks($1_mail_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_mail_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_mail_t)
')
- optional_policy(`postfix.te',`
+ optional_policy(`postfix',`
allow $1_mail_t self:capability dac_override;
postfix_read_config($1_mail_t)
postfix_list_spool($1_mail_t)
')
- optional_policy(`procmail.te',`
+ optional_policy(`procmail',`
procmail_exec($1_mail_t)
')
@@ -268,11 +268,11 @@ interface(`mta_mailserver_delivery',`
allow $1 mail_spool_t:file { create ioctl read getattr lock append };
allow $1 mail_spool_t:lnk_file { create read getattr };
- optional_policy(`dovecot.te',`
+ optional_policy(`dovecot',`
dovecot_manage_spool($1)
')
- optional_policy(`mailman.te',`
+ optional_policy(`mailman',`
# so MTA can access /var/lib/mailman/mail/wrapper
files_search_var_lib($1)
@@ -298,7 +298,7 @@ interface(`mta_mailserver_user_agent',`
typeattribute $1 mta_user_agent;
- optional_policy(`apache.te',`
+ optional_policy(`apache',`
# apache should set close-on-exec
apache_dontaudit_rw_stream_socket($1)
apache_dontaudit_rw_sys_script_stream_socket($1)
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 6f0ffe3..bc00f29 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -39,7 +39,7 @@ files_tmp_file(system_mail_tmp_t)
# cjp: need to resolve this, but require{}
# does not work in the else part of the optional
#ifdef(`targeted_policy',`',`
-# optional_policy(`sendmail.te',`',`
+# optional_policy(`sendmail',`',`
# init_system_domain(system_mail_t,sendmail_exec_t)
# ')
#')
@@ -137,7 +137,7 @@ ifdef(`targeted_policy',`
userdom_create_user_home(user,mailserver_delivery,{ dir file lnk_file fifo_file sock_file })
# cjp: another require-in-else to resolve
-# optional_policy(`postfix.te',`',`
+# optional_policy(`postfix',`',`
corecmd_exec_bin(system_mail_t)
corecmd_exec_sbin(system_mail_t)
@@ -152,7 +152,7 @@ ifdef(`targeted_policy',`
# ')
')
-optional_policy(`apache.te',`
+optional_policy(`apache',`
apache_read_squirrelmail_data(system_mail_t)
apache_append_squirrelmail_data(system_mail_t)
@@ -163,31 +163,31 @@ optional_policy(`apache.te',`
apache_dontaudit_rw_sys_script_stream_socket(system_mail_t)
')
-optional_policy(`arpwatch.te',`
+optional_policy(`arpwatch',`
arpwatch_rw_tmp_files(system_mail_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_read_system_job_tmp_files(system_mail_t)
')
-optional_policy(`cvs.te',`
+optional_policy(`cvs',`
cvs_read_data(system_mail_t)
')
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
logrotate_read_tmp_files(system_mail_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(system_mail_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(system_mail_t)
')
-optional_policy(`postfix.te',`
+optional_policy(`postfix',`
postfix_stub(system_mail_t)
allow system_mail_t etc_aliases_t:dir create_dir_perms;
@@ -199,7 +199,7 @@ optional_policy(`postfix.te',`
domain_use_wide_inherit_fd(system_mail_t)
- optional_policy(`crond.te',`
+ optional_policy(`crond',`
cron_crw_tcp_socket(system_mail_t)
')
@@ -207,11 +207,11 @@ optional_policy(`postfix.te',`
type_transition postfix_master_t postfix_etc_t:dir etc_aliases_t;
')
-optional_policy(`procmail.te',`
+optional_policy(`procmail',`
procmail_exec(system_mail_t)
')
-optional_policy(`sendmail.te',`
+optional_policy(`sendmail',`
sendmail_stub(system_mail_t)
allow system_mail_t etc_mail_t:dir { getattr search };
@@ -226,11 +226,11 @@ optional_policy(`sendmail.te',`
')
ifdef(`TODO',`
-optional_policy(`sendmail.te',`
+optional_policy(`sendmail',`
allow system_mail_t { var_t var_spool_t }:dir getattr;
dontaudit system_mail_t userpty_type:chr_file { getattr read write };
- optional_policy(`crond.te', `
+ optional_policy(`crond',`
dontaudit system_mail_t system_crond_tmp_t:file append;
')
')
@@ -244,7 +244,7 @@ ifdef(`targeted_policy',`
')
-optional_policy(`qmail.te',`
+optional_policy(`qmail',`
allow system_mail_t qmail_etc_t:dir search;
allow system_mail_t qmail_etc_t:{ file lnk_file } read;
')
@@ -252,7 +252,7 @@ optional_policy(`qmail.te',`
allow mta_user_agent system_crond_tmp_t:file { read getattr };
-optional_policy(`arpwatch.te',`
+optional_policy(`arpwatch',`
# why is mail delivered to a directory of type arpwatch_data_t?
arpwatch_search_data(mailserver_delivery)
arpwatch_manage_tmp_files(system_mail_t)
diff --git a/refpolicy/policy/modules/services/mysql.te b/refpolicy/policy/modules/services/mysql.te
index 52d0770..39a289a 100644
--- a/refpolicy/policy/modules/services/mysql.te
+++ b/refpolicy/policy/modules/services/mysql.te
@@ -120,31 +120,31 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(mysqld_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(mysqld_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(mysqld_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(mysqld_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(mysqld_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(mysqld_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(mysqld_t)
')
-optional_policy(`daemontools.te',`
+optional_policy(`daemontools',`
domain_auto_trans( svc_run_t, mysqld_exec_t, mysqld_t)
mysqld_signal(svc_start_t)
diff --git a/refpolicy/policy/modules/services/networkmanager.te b/refpolicy/policy/modules/services/networkmanager.te
index 8da8b13..b225a40 100644
--- a/refpolicy/policy/modules/services/networkmanager.te
+++ b/refpolicy/policy/modules/services/networkmanager.te
@@ -111,40 +111,40 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(NetworkManager_t)
')
-optional_policy(`bluetooth.te',`
+optional_policy(`bluetooth',`
bluetooth_dontaudit_read_helper_files(NetworkManager_t)
')
-optional_policy(`consoletype.te',`
+optional_policy(`consoletype',`
consoletype_exec(NetworkManager_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(NetworkManager_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(NetworkManager_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(NetworkManager_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(NetworkManager_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(NetworkManager_t)
')
-optional_policy(`vpn.te',`
+optional_policy(`vpn',`
vpn_domtrans(NetworkManager_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(NetworkManager_t)
')
') dnl end TODO
@@ -154,7 +154,7 @@ optional_policy(`rhgb.te',`
# Partially converted rules. THESE ARE ONLY TEMPORARY
#
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
gen_require(`
class dbus send_msg;
')
@@ -179,7 +179,7 @@ optional_policy(`dbus.te',`
allow unconfined_t NetworkManager_t:dbus send_msg;
')
- optional_policy(`hal.te',`
+ optional_policy(`hal',`
allow NetworkManager_t hald_t:dbus send_msg;
allow hald_t NetworkManager_t:dbus send_msg;
')
diff --git a/refpolicy/policy/modules/services/nis.if b/refpolicy/policy/modules/services/nis.if
index 649d341..1709209 100644
--- a/refpolicy/policy/modules/services/nis.if
+++ b/refpolicy/policy/modules/services/nis.if
@@ -108,7 +108,7 @@ interface(`nis_use_ypbind',`
dontaudit $1 var_yp_t:dir search;
')
- optional_policy(`mount.te',`
+ optional_policy(`mount',`
tunable_policy(`allow_ypbind',`
mount_send_nfs_client_request($1)
')
diff --git a/refpolicy/policy/modules/services/nis.te b/refpolicy/policy/modules/services/nis.te
index 75523d3..9228e0f 100644
--- a/refpolicy/policy/modules/services/nis.te
+++ b/refpolicy/policy/modules/services/nis.te
@@ -114,24 +114,24 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ypbind_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(ypbind_t)
')
-optional_policy(`portmap.te',`
+optional_policy(`portmap',`
portmap_udp_sendto(ypbind_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ypbind_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(ypbind_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(ypbind_t)
')
') dnl end TODO
@@ -215,20 +215,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ypserv_t)
')
-optional_policy(`portmap.te',`
+optional_policy(`portmap',`
portmap_udp_sendto(ypserv_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ypserv_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev', `
udev_read_db(ypserv_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb', `
rhgb_domain(ypserv_t)
')
diff --git a/refpolicy/policy/modules/services/nscd.te b/refpolicy/policy/modules/services/nscd.te
index afeff3e..437c54c 100644
--- a/refpolicy/policy/modules/services/nscd.te
+++ b/refpolicy/policy/modules/services/nscd.te
@@ -121,21 +121,21 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(nscd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(nscd_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
samba_connect_winbind(nscd_t)
samba_search_var(nscd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(nscd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(nscd_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/ntp.te b/refpolicy/policy/modules/services/ntp.te
index 748c48e..71dfd7f 100644
--- a/refpolicy/policy/modules/services/ntp.te
+++ b/refpolicy/policy/modules/services/ntp.te
@@ -121,47 +121,47 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ntpd_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
# for cron jobs
cron_system_entry(ntpd_t,ntpdate_exec_t)
')
-optional_policy(`firstboot.te',`
+optional_policy(`firstboot',`
firstboot_dontaudit_use_fd(ntpd_t)
')
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
logrotate_exec(ntpd_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(ntpd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(ntpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(ntpd_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
# cjp: the connect was previously missing
# so it might be ok to drop this
samba_connect_winbind(ntpd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ntpd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(ntpd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(ntpd_t)
')
allow ntpd_t sysadm_t:udp_socket sendto;
diff --git a/refpolicy/policy/modules/services/pegasus.te b/refpolicy/policy/modules/services/pegasus.te
index a33e21a..bd8a790 100644
--- a/refpolicy/policy/modules/services/pegasus.te
+++ b/refpolicy/policy/modules/services/pegasus.te
@@ -106,25 +106,25 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(pegasus_t)
')
-optional_policy(`logging.te',`
+optional_policy(`logging',`
logging_send_syslog_msg(pegasus_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(pegasus_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pegasus_t)
seutil_dontaudit_read_config(pegasus_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(pegasus_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(pegasus_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 1f4c4db..a10db69 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -103,37 +103,37 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(portmap_t)
')
-optional_policy(`inetd.te',`
+optional_policy(`inetd',`
inetd_udp_sendto(portmap_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(portmap_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(portmap_t)
nis_udp_sendto_ypbind(portmap_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(portmap_t)
')
-optional_policy(`rpc.te',`
+optional_policy(`rpc',`
rpc_udp_sendto_nfs(portmap_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(portmap_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(portmap_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(portmap_t)
')
@@ -205,11 +205,11 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty(portmap_helper_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(portmap_helper_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(portmap_helper_t)
')
diff --git a/refpolicy/policy/modules/services/postfix.if b/refpolicy/policy/modules/services/postfix.if
index 76d526a..d7ff365 100644
--- a/refpolicy/policy/modules/services/postfix.if
+++ b/refpolicy/policy/modules/services/postfix.if
@@ -89,11 +89,11 @@ template(`postfix_domain_template',`
files_dontaudit_read_root_file(postfix_$1_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket(postfix_$1_t)
')
- optional_policy(`udev.te',`
+ optional_policy(`udev',`
udev_read_db(postfix_$1_t)
')
')
@@ -126,7 +126,7 @@ template(`postfix_server_domain_template',`
sysnet_read_config(postfix_$1_t)
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind(postfix_$1_t)
')
')
diff --git a/refpolicy/policy/modules/services/postfix.te b/refpolicy/policy/modules/services/postfix.te
index d59b072..7dc4ef2 100644
--- a/refpolicy/policy/modules/services/postfix.te
+++ b/refpolicy/policy/modules/services/postfix.te
@@ -168,11 +168,11 @@ sysnet_read_config(postfix_master_t)
mta_rw_aliases(postfix_master_t)
mta_read_sendmail_bin(postfix_master_t)
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(postfix_master_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(postfix_master_t)
')
@@ -306,7 +306,7 @@ mta_delete_spool(postfix_local_t)
# For reading spamassasin
mta_read_config(postfix_local_t)
-optional_policy(`procmail.te',`
+optional_policy(`procmail',`
procmail_domtrans(postfix_local_t)
')
@@ -385,7 +385,7 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(postfix_map_t)
')
-optional_policy(`locallogin.te',`
+optional_policy(`locallogin',`
locallogin_dontaudit_use_fd(postfix_map_t)
')
@@ -425,7 +425,7 @@ allow postfix_pipe_t postfix_private_t:sock_file write;
allow postfix_pipe_t postfix_spool_t:dir search;
allow postfix_pipe_t postfix_spool_t:file rw_file_perms;
-optional_policy(`procmail.te',`
+optional_policy(`procmail',`
procmail_domtrans(postfix_pipe_t)
')
@@ -457,14 +457,14 @@ ifdef(`targeted_policy', `
term_use_generic_pty(postfix_postdrop_t)
')
-optional_policy(`crond.te',`
+optional_policy(`crond',`
cron_use_fd(postfix_postdrop_t)
cron_rw_pipe(postfix_postdrop_t)
cron_use_system_job_fd(postfix_postdrop_t)
cron_rw_system_job_pipe(postfix_postdrop_t)
')
-optional_policy(`ppp.te',`
+optional_policy(`ppp',`
ppp_use_fd(postfix_postqueue_t)
ppp_sigchld(postfix_postqueue_t)
')
@@ -507,7 +507,7 @@ init_use_script_fd(postfix_postqueue_t)
sysnet_dontaudit_read_config(postfix_postqueue_t)
ifdef(`TODO',`
-optional_policy(`gnome-pty-helper.te', `allow postfix_postqueue_t user_gph_t:fd use;')
+optional_policy(`gnome-pty-helper', `allow postfix_postqueue_t user_gph_t:fd use;')
')
########################################
@@ -600,6 +600,6 @@ allow { postfix_smtp_t postfix_smtpd_t } postfix_prng_t:file rw_file_perms;
files_read_usr_files(postfix_smtpd_t)
mta_read_aliases(postfix_smtpd_t)
-optional_policy(`sasl.te',`
+optional_policy(`sasl',`
sasl_connect(postfix_smtpd_t)
')
diff --git a/refpolicy/policy/modules/services/postgresql.te b/refpolicy/policy/modules/services/postgresql.te
index fd1de40..b4e17cb 100644
--- a/refpolicy/policy/modules/services/postgresql.te
+++ b/refpolicy/policy/modules/services/postgresql.te
@@ -151,41 +151,41 @@ tunable_policy(`allow_execmem',`
allow postgresql_t self:process execmem;
')
-optional_policy(`consoletype.te', `
+optional_policy(`consoletype',`
consoletype_exec(postgresql_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_search_spool(postgresql_t)
cron_system_entry(postgresql_t,postgresql_exec_t)
')
-optional_policy(`hostname.te', `
+optional_policy(`hostname',`
hostname_exec(postgresql_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(postgresql_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(postgresql_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(postgresql_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(postgresql_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(postgresql_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(postgresql_t)
')
ifdef(`targeted_policy', `', `
diff --git a/refpolicy/policy/modules/services/ppp.te b/refpolicy/policy/modules/services/ppp.te
index cb55c54..01d6808 100644
--- a/refpolicy/policy/modules/services/ppp.te
+++ b/refpolicy/policy/modules/services/ppp.te
@@ -180,7 +180,7 @@ ifdef(`targeted_policy', `
term_dontaudit_use_generic_pty(pppd_t)
files_dontaudit_read_root_file(pppd_t)
- optional_policy(`postfix.te',`
+ optional_policy(`postfix',`
gen_require(`
bool postfix_disable_trans;
')
@@ -190,34 +190,34 @@ ifdef(`targeted_policy', `
}
')
',`
- optional_policy(`postfix.te',`
+ optional_policy(`postfix',`
postfix_domtrans_master(pppd_t)
')
')
-optional_policy(`modutils.te',`
+optional_policy(`modutils',`
tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
modutils_domtrans_insmod_uncond(pppd_t)
')
')
-optional_policy(`mta.te',`
+optional_policy(`mta',`
mta_send_mail(pppd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(pppd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(pppd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pppd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(pppd_t)
')
@@ -300,27 +300,27 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(pptp_t)
')
-optional_policy(`hostname.te',`
+optional_policy(`hostname',`
hostname_exec(pptp_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(pptp_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pptp_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(pptp_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(pppd_t)
')
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(pptp_t)
')
')
diff --git a/refpolicy/policy/modules/services/privoxy.te b/refpolicy/policy/modules/services/privoxy.te
index d095dfc..cad3ab7 100644
--- a/refpolicy/policy/modules/services/privoxy.te
+++ b/refpolicy/policy/modules/services/privoxy.te
@@ -80,24 +80,24 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(privoxy_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(privoxy_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(privoxy_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(privoxy_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(privoxy_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(privoxy_t)
')
')
diff --git a/refpolicy/policy/modules/services/procmail.te b/refpolicy/policy/modules/services/procmail.te
index 1c32914..e0e321a 100644
--- a/refpolicy/policy/modules/services/procmail.te
+++ b/refpolicy/policy/modules/services/procmail.te
@@ -76,26 +76,26 @@ ifdef(`targeted_policy', `
files_getattr_tmp_dir(procmail_t)
')
-optional_policy(`logging.te',`
+optional_policy(`logging',`
logging_send_syslog_msg(procmail_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(procmail_t)
')
-optional_policy(`postfix.te',`
+optional_policy(`postfix',`
# for a bug in the postfix local program
postfix_dontaudit_rw_local_tcp_socket(procmail_t)
postfix_dontaudit_use_fd(procmail_t)
')
-optional_policy(`sendmail.te',`
+optional_policy(`sendmail',`
mta_read_config(procmail_t)
sendmail_rw_tcp_socket(procmail_t)
')
-optional_policy(`spamassassin.te',`
+optional_policy(`spamassassin',`
corenet_udp_bind_generic_port(procmail_t)
files_getattr_tmp_dir(procmail_t)
diff --git a/refpolicy/policy/modules/services/radius.te b/refpolicy/policy/modules/services/radius.te
index c07e206..0d808de 100644
--- a/refpolicy/policy/modules/services/radius.te
+++ b/refpolicy/policy/modules/services/radius.te
@@ -107,32 +107,32 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(radiusd_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(radiusd_t,radiusd_exec_t)
')
-optional_policy(`logrotate.te', `
+optional_policy(`logrotate',`
logrotate_exec(radiusd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(radiusd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(radiusd_t)
')
-optional_policy(`snmp.te',`
+optional_policy(`snmp',`
snmp_use(radiusd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(radiusd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(radiusd_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/services/radvd.te b/refpolicy/policy/modules/services/radvd.te
index d874fb3..0592642 100644
--- a/refpolicy/policy/modules/services/radvd.te
+++ b/refpolicy/policy/modules/services/radvd.te
@@ -83,20 +83,20 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(radvd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(radvd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(radvd_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(radvd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(radvd_t)
')
')
diff --git a/refpolicy/policy/modules/services/remotelogin.te b/refpolicy/policy/modules/services/remotelogin.te
index ae4d994..9934e1e 100644
--- a/refpolicy/policy/modules/services/remotelogin.te
+++ b/refpolicy/policy/modules/services/remotelogin.te
@@ -151,21 +151,21 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(remote_login_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(remote_login_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(remote_login_t)
')
-optional_policy(`usermanage.te',`
+optional_policy(`usermanage',`
usermanage_read_crack_db(remote_login_t)
')
ifdef(`TODO',`
# this goes to xdm:
-optional_policy(`remotelogin.te',`
+optional_policy(`remotelogin',`
# FIXME: what is this for?
remotelogin_signull(xdm_t)
')
@@ -179,12 +179,12 @@ domain_auto_trans($1_login_t, alsa_exec_t, alsa_t)
allow remote_login_t userpty_type:chr_file { setattr write };
allow remote_login_t ptyfile:chr_file { getattr ioctl };
-optional_policy(`rlogind.te', `
+optional_policy(`rlogind',`
allow remote_login_t rlogind_devpts_t:chr_file { setattr rw_file_perms };
allow remote_login_t rlogind_devpts_t:chr_file { relabelfrom relabelto };
')
-optional_policy(`telnetd.te', `
+optional_policy(`telnetd',`
allow remote_login_t telnetd_devpts_t:chr_file { setattr rw_file_perms };
allow remote_login_t telnetd_devpts_t:chr_file { relabelfrom relabelto };
')
diff --git a/refpolicy/policy/modules/services/rlogin.te b/refpolicy/policy/modules/services/rlogin.te
index abc611e..2b284e4 100644
--- a/refpolicy/policy/modules/services/rlogin.te
+++ b/refpolicy/policy/modules/services/rlogin.te
@@ -93,18 +93,18 @@ userdom_read_all_user_files(rlogind_t)
remotelogin_domtrans(rlogind_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_read_keytab(rlogind_t)
# for identd; cjp: this should probably only be inetd_child rules?
kerberos_use(rlogind_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(rlogind_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(rlogind_t)
')
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index 06e0066..4d92875 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -98,24 +98,24 @@ template(`rpc_domain_template', `
files_dontaudit_read_root_file($1_t)
')
- optional_policy(`mount.te',`
+ optional_policy(`mount',`
mount_send_nfs_client_request($1_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_t)
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_sigchld_newrole($1_t)
')
- optional_policy(`udev.te', `
+ optional_policy(`udev',`
udev_read_db($1_t)
')
ifdef(`TODO',`
- optional_policy(`rhgb.te',`
+ optional_policy(`rhgb',`
rhgb_domain($1_t)
')
')
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index eb1e24e..79f6e92 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -67,7 +67,7 @@ ifdef(`distro_redhat',`
allow rpcd_t self:capability { chown dac_override setgid setuid };
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_read_ypserv_config(rpcd_t)
')
@@ -151,7 +151,7 @@ tunable_policy(`allow_gssd_read_tmp',`
userdom_read_unpriv_user_tmp_symlinks(gssd_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(gssd_t)
kerberos_read_keytab(gssd_t)
')
diff --git a/refpolicy/policy/modules/services/rshd.te b/refpolicy/policy/modules/services/rshd.te
index d5c5711..e7f7d1b 100644
--- a/refpolicy/policy/modules/services/rshd.te
+++ b/refpolicy/policy/modules/services/rshd.te
@@ -78,16 +78,16 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(rshd_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(rshd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(rshd_t)
')
ifdef(`TODO',`
-optional_policy(`rlogind.te', `
+optional_policy(`rlogind',`
allow rshd_t rlogind_tmp_t:file rw_file_perms;
')
')
diff --git a/refpolicy/policy/modules/services/rsync.te b/refpolicy/policy/modules/services/rsync.te
index 8c2719e..57211ca 100644
--- a/refpolicy/policy/modules/services/rsync.te
+++ b/refpolicy/policy/modules/services/rsync.te
@@ -87,14 +87,14 @@ tunable_policy(`allow_rsync_anon_write',`
miscfiles_manage_public_files(rsync_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(rsync_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(rsync_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(rsync_t)
')
diff --git a/refpolicy/policy/modules/services/samba.te b/refpolicy/policy/modules/services/samba.te
index 47e8ead..193a788 100644
--- a/refpolicy/policy/modules/services/samba.te
+++ b/refpolicy/policy/modules/services/samba.te
@@ -134,11 +134,11 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(samba_net_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(samba_net_t)
')
-optional_policy(`ldap.te',`
+optional_policy(`ldap',`
allow samba_net_t self:tcp_socket create_socket_perms;
corenet_tcp_sendrecv_all_if(samba_net_t)
corenet_raw_sendrecv_all_if(samba_net_t)
@@ -149,7 +149,7 @@ optional_policy(`ldap.te',`
sysnet_read_config(samba_net_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(samba_net_t)
')
@@ -284,32 +284,32 @@ tunable_policy(`allow_smbd_anon_write',`
miscfiles_manage_public_files(smbd_t)
')
-optional_policy(`cups.te',`
+optional_policy(`cups',`
cups_read_rw_config(smbd_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(smbd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(smbd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(smbd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(smbd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev', `
udev_read_db(smbd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(smbd_t)
')
') dnl end TODO
@@ -416,20 +416,20 @@ ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(nmbd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(nmbd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(nmbd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(nmbd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(nmbd_t)
')
')
@@ -511,11 +511,11 @@ sysnet_read_config(smbmount_t)
userdom_use_all_user_fd(smbmount_t)
userdom_use_sysadm_tty(smbmount_t)
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(smbmount_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(smbmount_t)
')
@@ -620,28 +620,28 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(winbind_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(winbind_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(winbind_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(winbind_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(winbind_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(winbind_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(winbind_t)
')
') dnl end TODO
@@ -680,11 +680,11 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(winbind_helper_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(winbind_helper_t)
')
-optional_policy(`squid.te',`
+optional_policy(`squid',`
squid_read_log(winbind_helper_t)
squid_append_log(winbind_helper_t)
')
diff --git a/refpolicy/policy/modules/services/sasl.te b/refpolicy/policy/modules/services/sasl.te
index 56c6cf4..ed6dac6 100644
--- a/refpolicy/policy/modules/services/sasl.te
+++ b/refpolicy/policy/modules/services/sasl.te
@@ -87,22 +87,22 @@ ifdef(`targeted_policy', `
# auth_read_shadow(saslauthd_t)
#')
-optional_policy(`mysql.te',`
+optional_policy(`mysql',`
mysql_search_db_dir(saslauthd_t)
mysql_stream_connect(saslauthd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(saslauthd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(saslauthd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(saslauthd_t)
')
')
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index a67d51f..1b19f5b 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -114,29 +114,29 @@ ifdef(`targeted_policy',`
files_create_pid(sendmail_t,sendmail_var_run_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(sendmail_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(sendmail_t)
')
-optional_policy(`postfix.te',`
+optional_policy(`postfix',`
postfix_read_config(sendmail_t)
postfix_search_spool(sendmail_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(sendmail_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(sendmail_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(sendmail_t)
')
diff --git a/refpolicy/policy/modules/services/snmp.te b/refpolicy/policy/modules/services/snmp.te
index b5cfae2..3635a35 100644
--- a/refpolicy/policy/modules/services/snmp.te
+++ b/refpolicy/policy/modules/services/snmp.te
@@ -115,7 +115,7 @@ userdom_dontaudit_use_unpriv_user_fd(snmpd_t)
userdom_dontaudit_search_sysadm_home_dir(snmpd_t)
ifdef(`distro_redhat', `
- optional_policy(`rpm.te', `
+ optional_policy(`rpm',`
rpm_read_db(snmpd_t)
')
')
@@ -126,19 +126,19 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(snmpd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(snmpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(snmpd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(snmpd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(snmpd_t)
')
@@ -146,23 +146,23 @@ ifdef(`TODO',`
can_udp_send(sysadm_t, snmpd_t)
can_udp_send(snmpd_t, sysadm_t)
-optional_policy(`cupsd.te', `
+optional_policy(`cupsd',`
allow snmpd_t cupsd_rw_etc_t:file { getattr read };
')
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(snmpd_t)
')
') dnl end TODO
ifdef(`distro_redhat', `
- optional_policy(`rpm.te', `
+ optional_policy(`rpm',`
dontaudit snmpd_t rpm_var_lib_t:dir write;
dontaudit snmpd_t rpm_var_lib_t:file write;
')
')
-optional_policy(`amanda.te', `
+optional_policy(`amanda',`
dontaudit snmpd_t amanda_dumpdates_t:file { getattr read };
')
diff --git a/refpolicy/policy/modules/services/spamassassin.te b/refpolicy/policy/modules/services/spamassassin.te
index f872211..d246dda 100644
--- a/refpolicy/policy/modules/services/spamassassin.te
+++ b/refpolicy/policy/modules/services/spamassassin.te
@@ -124,33 +124,33 @@ tunable_policy(`use_samba_home_dirs',`
fs_manage_cifs_files(spamd_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
cron_system_entry(spamd_t,spamd_exec_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(spamd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(spamd_t)
')
-optional_policy(`sendmail.te',`
+optional_policy(`sendmail',`
sendmail_stub(spamd_t)
mta_read_config(spamd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(spamd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(spamd_t)
')
-optional_policy(`amavis.te', `
+optional_policy(`amavis', `
# for bayes tokens
allow spamd_t var_lib_t:dir { getattr search };
allow spamd_t amavisd_lib_t:dir rw_dir_perms;
diff --git a/refpolicy/policy/modules/services/squid.te b/refpolicy/policy/modules/services/squid.te
index 81f45b2..f449403 100644
--- a/refpolicy/policy/modules/services/squid.te
+++ b/refpolicy/policy/modules/services/squid.te
@@ -144,7 +144,7 @@ tunable_policy(`squid_connect_any',`
corenet_tcp_connect_all_ports(squid_t)
')
-optional_policy(`logrotate.te',`
+optional_policy(`logrotate',`
allow squid_t self:capability kill;
cron_use_fd(squid_t)
cron_use_system_job_fd(squid_t)
@@ -152,32 +152,32 @@ optional_policy(`logrotate.te',`
cron_write_system_job_pipe(squid_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(squid_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(squid_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(squid_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
samba_domtrans_winbind_helper(squid_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(squid_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(squid_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(squid_t)
')
ifdef(`apache.te',`
diff --git a/refpolicy/policy/modules/services/ssh.if b/refpolicy/policy/modules/services/ssh.if
index a7c03fe..283d9c7 100644
--- a/refpolicy/policy/modules/services/ssh.if
+++ b/refpolicy/policy/modules/services/ssh.if
@@ -189,15 +189,15 @@ template(`ssh_per_userdomain_template',`
corenet_tcp_bind_ssh_port($1_ssh_t)
')
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use($1_ssh_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_ssh_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_ssh_t)
')
@@ -328,11 +328,11 @@ template(`ssh_per_userdomain_template',`
fs_cifs_domtrans($1_ssh_agent_t, $1_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_ssh_agent_t)
')
-# optional_policy(`xdm.te', `
+# optional_policy(`xdm',`
# # KDM:
# xdm_sigchld($1_ssh_agent_t)
# ')
@@ -374,7 +374,7 @@ template(`ssh_per_userdomain_template',`
# $1_ssh_keysign_t local policy
#
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_ssh_keysign_t)
')
')
@@ -506,7 +506,7 @@ template(`ssh_server_template', `
# cjp: commenting out until typeattribute works in conditional
# and require block in optional else is resolved
- #optional_policy(`inetd.te',`
+ #optional_policy(`inetd',`
# tunable_policy(`run_ssh_inetd',`
# allow $1_t self:process signal;
# files_list_pids($1_t)
@@ -523,15 +523,15 @@ template(`ssh_server_template', `
init_use_script_pty($1_t)
#')
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use($1_t)
')
- optional_policy(`mount.te', `
+ optional_policy(`mount',`
mount_send_nfs_client_request($1_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_t)
')
diff --git a/refpolicy/policy/modules/services/ssh.te b/refpolicy/policy/modules/services/ssh.te
index 6715e1b..c9d3bfa 100644
--- a/refpolicy/policy/modules/services/ssh.te
+++ b/refpolicy/policy/modules/services/ssh.te
@@ -52,7 +52,7 @@ ifdef(`targeted_policy',`
ssh_server_template(sshd_extern)
# cjp: commenting this out until typeattribute works in a conditional
-# optional_policy(`inetd.te',`
+# optional_policy(`inetd',`
# tunable_policy(`run_ssh_inetd',`
# inetd_tcp_service_domain(sshd_t,sshd_exec_t)
# ',`
@@ -111,7 +111,7 @@ ifdef(`targeted_policy',`',`
userdom_signal_unpriv_users(sshd_t)
')
- optional_policy(`rpm.te',`
+ optional_policy(`rpm',`
rpm_use_script_fd(sshd_t)
')
@@ -123,11 +123,11 @@ ifdef(`targeted_policy',`',`
# some versions of sshd on the new SE Linux require setattr
allow sshd_t ptyfile:chr_file relabelto;
- optional_policy(`xauth.te',`
+ optional_policy(`xauth',`
domain_trans(sshd_t, xauth_exec_t, userdomain)
')
',`
- optional_policy(`xauth.te',`
+ optional_policy(`xauth',`
domain_trans(sshd_t, xauth_exec_t, unpriv_userdomain)
')
# Relabel and access ptys created by sshd
@@ -166,7 +166,7 @@ ifdef(`targeted_policy',`',`
# is allocated
allow user_mini_domain sshd_extern_t:unix_stream_socket rw_stream_socket_perms;
- optional_policy(`inetd.te',`
+ optional_policy(`inetd',`
tunable_policy(`run_ssh_inetd',`
domain_trans(inetd_t, sshd_exec_t, sshd_extern_t)
',`
@@ -248,16 +248,16 @@ ifdef(`targeted_policy',`',`
files_dontaudit_read_root_file(ssh_keygen_t)
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_sigchld_newrole(ssh_keygen_t)
')
- optional_policy(`udev.te', `
+ optional_policy(`udev',`
udev_read_db(ssh_keygen_t)
')
ifdef(`TODO',`
- optional_policy(`rhgb.te', `
+ optional_policy(`rhgb',`
rhgb_domain(ssh_keygen_t)
')
')
diff --git a/refpolicy/policy/modules/services/stunnel.te b/refpolicy/policy/modules/services/stunnel.te
index 6f18b9a..d6c7168 100644
--- a/refpolicy/policy/modules/services/stunnel.te
+++ b/refpolicy/policy/modules/services/stunnel.te
@@ -102,20 +102,20 @@ ifdef(`distro_gentoo', `
files_dontaudit_read_root_file(stunnel_t)
')
- optional_policy(`mount.te',`
+ optional_policy(`mount',`
mount_send_nfs_client_request(stunnel_t)
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_sigchld_newrole(stunnel_t)
')
- optional_policy(`udev.te', `
+ optional_policy(`udev',`
udev_read_db(stunnel_t)
')
ifdef(`TODO',`
- optional_policy(`rhgb.te',`
+ optional_policy(`rhgb',`
rhgb_domain(stunnel_t)
')
') dnl end TODO
@@ -127,15 +127,15 @@ ifdef(`distro_gentoo', `
files_read_etc_files(stunnel_t)
files_search_home(stunnel_t)
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use(stunnel_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind(stunnel_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket(stunnel_t)
')
')
diff --git a/refpolicy/policy/modules/services/tcpd.te b/refpolicy/policy/modules/services/tcpd.te
index e53da04..fea2784 100644
--- a/refpolicy/policy/modules/services/tcpd.te
+++ b/refpolicy/policy/modules/services/tcpd.te
@@ -51,22 +51,22 @@ sysnet_read_config(tcpd_t)
inetd_domtrans_child(tcpd_t)
-optional_policy(`finger.te',`
+optional_policy(`finger',`
finger_domtrans(tcpd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(tcpd_t)
')
-optional_policy(`portmap.te',`
+optional_policy(`portmap',`
portmap_udp_sendto(tcpd_t)
')
-optional_policy(`rlogin.te',`
+optional_policy(`rlogin',`
rlogin_domtrans(tcpd_t)
')
-optional_policy(`rshd.te',`
+optional_policy(`rshd',`
rshd_domtrans(tcpd_t)
')
diff --git a/refpolicy/policy/modules/services/telnet.te b/refpolicy/policy/modules/services/telnet.te
index 782c09e..85a20c4 100644
--- a/refpolicy/policy/modules/services/telnet.te
+++ b/refpolicy/policy/modules/services/telnet.te
@@ -89,15 +89,15 @@ sysnet_read_config(telnetd_t)
remotelogin_domtrans(telnetd_t)
# for identd; cjp: this should probably only be inetd_child rules?
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(telnetd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(telnetd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(telnetd_t)
')
diff --git a/refpolicy/policy/modules/services/tftp.te b/refpolicy/policy/modules/services/tftp.te
index 91c71d5..77e8716 100644
--- a/refpolicy/policy/modules/services/tftp.te
+++ b/refpolicy/policy/modules/services/tftp.te
@@ -89,24 +89,24 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(tftpd_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(tftpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(tftpd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(tftpd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev', `
udev_read_db(tftpd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(tftpd_t)
')
')
diff --git a/refpolicy/policy/modules/services/uucp.te b/refpolicy/policy/modules/services/uucp.te
index 07f7aa4..27b822a 100644
--- a/refpolicy/policy/modules/services/uucp.te
+++ b/refpolicy/policy/modules/services/uucp.te
@@ -97,14 +97,14 @@ miscfiles_read_localization(uucpd_t)
sysnet_read_config(uucpd_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(uucpd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(uucpd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(uucpd_t)
')
diff --git a/refpolicy/policy/modules/services/xdm.te b/refpolicy/policy/modules/services/xdm.te
index d369ae8..f38050e 100644
--- a/refpolicy/policy/modules/services/xdm.te
+++ b/refpolicy/policy/modules/services/xdm.te
@@ -100,7 +100,7 @@ ifdef(`targeted_policy',`
files_create_var_lib(xdm_t,xdm_var_lib_t)
')
-optional_policy(`locallogin.te',`
+optional_policy(`locallogin',`
locallogin_signull(xdm_t)
')
diff --git a/refpolicy/policy/modules/services/zebra.te b/refpolicy/policy/modules/services/zebra.te
index 615f6a2..42a145a 100644
--- a/refpolicy/policy/modules/services/zebra.te
+++ b/refpolicy/policy/modules/services/zebra.te
@@ -112,28 +112,28 @@ ifdef(`targeted_policy', `
unconfined_sigchld(zebra_t)
')
-optional_policy(`ldap.te',`
+optional_policy(`ldap',`
ldap_use(zebra_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(zebra_t)
')
-optional_policy(`zebra.te',`
+optional_policy(`zebra',`
rpm_read_pipe(zebra_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(zebra_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(zebra_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(zebra_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index b43b764..4fcad8d 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -91,23 +91,23 @@ template(`authlogin_per_userdomain_template',`
# Inherit and use descriptors from gnome-pty-helper.
#ifdef(`gnome-pty-helper.te',`allow $1_chkpwd_t $1_gph_t:fd use;')
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use($1_chkpwd_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_chkpwd_t)
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_chkpwd_t)
')
- optional_policy(`samba.te',`
+ optional_policy(`samba',`
samba_connect_winbind($1_chkpwd_t)
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_use_newrole_fd($1_chkpwd_t)
')
')
@@ -243,15 +243,15 @@ interface(`auth_domtrans_chk_passwd',`
sysnet_dns_name_resolve($1)
sysnet_use_ldap($1)
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use($1)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1)
')
- optional_policy(`samba.te',`
+ optional_policy(`samba',`
samba_connect_winbind($1)
')
')
@@ -931,11 +931,11 @@ interface(`auth_use_nsswitch',`
sysnet_dns_name_resolve($1)
sysnet_use_ldap($1)
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1)
')
- optional_policy(`samba.te',`
+ optional_policy(`samba',`
samba_connect_winbind($1)
')
')
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 5178167..2099669 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -119,15 +119,15 @@ logging_send_syslog_msg(pam_t)
userdom_use_unpriv_users_fd(pam_t)
-optional_policy(`locallogin.te',`
+optional_policy(`locallogin',`
locallogin_use_fd(pam_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(pam_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(pam_t)
')
@@ -230,30 +230,30 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(pam_console_t)
')
-optional_policy(`gpm.te',`
+optional_policy(`gpm',`
gpm_getattr_gpmctl(pam_console_t)
gpm_setattr_gpmctl(pam_console_t)
')
-optional_policy(`hotplug.te', `
+optional_policy(`hotplug',`
hotplug_use_fd(pam_console_t)
hotplug_dontaudit_search_config(pam_console_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(pam_console_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(pam_console_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(pam_console_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(pam_console_t)
')
@@ -306,19 +306,19 @@ sysnet_use_ldap(system_chkpwd_t)
userdom_dontaudit_use_unpriv_user_tty(system_chkpwd_t)
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(system_chkpwd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(system_chkpwd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(system_chkpwd_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
samba_connect_winbind(system_chkpwd_t)
')
@@ -354,12 +354,12 @@ logging_search_logs(utempter_t)
# Allow utemper to write to /tmp/.xses-*
userdom_write_unpriv_user_tmp(utempter_t)
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(utempter_t)
')
ifdef(`TODO',`
-optional_policy(`xdm.te',`
+optional_policy(`xdm',`
can_pipe_xdm(utempter_t)
')
')
diff --git a/refpolicy/policy/modules/system/clock.te b/refpolicy/policy/modules/system/clock.te
index ff622fa..9c1a4bc 100644
--- a/refpolicy/policy/modules/system/clock.te
+++ b/refpolicy/policy/modules/system/clock.te
@@ -67,31 +67,31 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(hwclock_t)
')
-optional_policy(`apm.te',`
+optional_policy(`apm',`
apm_append_log(hwclock_t)
apm_rw_stream_socket(hwclock_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(hwclock_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hwclock_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(hwclock_t)
')
-optional_policy(`userdomain.te',`
+optional_policy(`userdomain',`
userdom_dontaudit_use_unpriv_user_fd(hwclock_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(hwclock_t)
')
-optional_policy(`gnome-pty-helper.te', `allow hwclock_t sysadm_gph_t:fd use;')
+optional_policy(`gnome-pty-helper', `allow hwclock_t sysadm_gph_t:fd use;')
') dnl end TODO
diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index ffb5e26..2440743 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -90,21 +90,21 @@ interface(`domain_type',`
')
# allow any domain to connect to the LDAP server
- optional_policy(`ldap.te',`
+ optional_policy(`ldap',`
ldap_use($1)
')
# these 3 seem highly questionable:
- optional_policy(`rpm.te',`
+ optional_policy(`rpm',`
rpm_use_fd($1)
rpm_read_pipe($1)
')
- optional_policy(`selinux.te',`
+ optional_policy(`selinux',`
selinux_dontaudit_read_fs($1)
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_dontaudit_read_config($1)
')
')
diff --git a/refpolicy/policy/modules/system/files.if b/refpolicy/policy/modules/system/files.if
index 34dd0b7..9a9a820 100644
--- a/refpolicy/policy/modules/system/files.if
+++ b/refpolicy/policy/modules/system/files.if
@@ -416,7 +416,7 @@ interface(`files_read_all_files',`
allow $1 file_type:dir search;
allow $1 file_type:file r_file_perms;
- optional_policy(`authlogin.te',`
+ optional_policy(`authlogin',`
auth_read_shadow($1)
')
')
diff --git a/refpolicy/policy/modules/system/fstools.te b/refpolicy/policy/modules/system/fstools.te
index 7439c4d..75d6223 100644
--- a/refpolicy/policy/modules/system/fstools.te
+++ b/refpolicy/policy/modules/system/fstools.te
@@ -147,12 +147,12 @@ tunable_policy(`read_default_t',`
files_read_default_pipes(fsadm_t)
')
-optional_policy(`cron.te',`
+optional_policy(`cron',`
# for smartctl cron jobs
cron_system_entry(fsadm_t,fsadm_exec_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(fsadm_t)
')
diff --git a/refpolicy/policy/modules/system/getty.te b/refpolicy/policy/modules/system/getty.te
index 5821b22..5c30a94 100644
--- a/refpolicy/policy/modules/system/getty.te
+++ b/refpolicy/policy/modules/system/getty.te
@@ -104,14 +104,14 @@ ifdef(`targeted_policy',`
term_dontaudit_use_generic_pty(getty_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(getty_t)
')
-optional_policy(`ppp.te',`
+optional_policy(`ppp',`
ppp_domtrans(getty_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(getty_t)
')
diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te
index c814459..1200282 100644
--- a/refpolicy/policy/modules/system/hostname.te
+++ b/refpolicy/policy/modules/system/hostname.te
@@ -68,23 +68,23 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(hostname_t)
')
-optional_policy(`firstboot.te',`
+optional_policy(`firstboot',`
firstboot_use_fd(hostname_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
hotplug_dontaudit_use_fd(hostname_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(hostname_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hostname_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_dontaudit_use_fd(hostname_t)
udev_read_db(hostname_t)
')
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index c39d43a..c0d6199 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -125,7 +125,7 @@ userdom_dontaudit_use_unpriv_user_fd(hotplug_t)
userdom_dontaudit_search_sysadm_home_dir(hotplug_t)
ifdef(`distro_redhat', `
- optional_policy(`netutils.te', `
+ optional_policy(`netutils',`
# for arping used for static IP addresses on PCMCIA ethernet
netutils_domtrans(hotplug_t)
fs_use_tmpfs_chr_dev(hotplug_t)
@@ -137,52 +137,52 @@ ifdef(`targeted_policy', `
term_dontaudit_use_unallocated_tty(hotplug_t)
term_dontaudit_use_generic_pty(hotplug_t)
- optional_policy(`consoletype.te',`
+ optional_policy(`consoletype',`
consoletype_domtrans(hotplug_t)
')
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_system_bus_client_template(hotplug,hotplug_t)
')
-optional_policy(`fstools.te',`
+optional_policy(`fstools',`
fstools_domtrans(hotplug_t)
')
-optional_policy(`hal.te',`
+optional_policy(`hal',`
hal_dgram_sendto(hotplug_t)
')
-optional_policy(`hostname.te',`
+optional_policy(`hostname',`
hostname_exec(hotplug_t)
')
-optional_policy(`iptables.te',`
+optional_policy(`iptables',`
iptables_domtrans(hotplug_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_domtrans(hotplug_t)
')
-optional_policy(`mta.te', `
+optional_policy(`mta',`
mta_send_mail(hotplug_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(hotplug_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(hotplug_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(hotplug_t)
')
-optional_policy(`sysnetwork.te',`
+optional_policy(`sysnetwork',`
sysnet_domtrans_dhcpc(hotplug_t)
sysnet_signal_dhcpc(hotplug_t)
sysnet_kill_dhcpc(hotplug_t)
@@ -194,18 +194,18 @@ optional_policy(`sysnetwork.te',`
sysnet_domtrans_ifconfig(hotplug_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_domtrans(hotplug_t)
udev_helper_domtrans(hotplug_t)
udev_read_db(hotplug_t)
')
-optional_policy(`updfstab.te', `
+optional_policy(`updfstab',`
updfstab_domtrans(hotplug_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(hotplug_t)
')
diff --git a/refpolicy/policy/modules/system/init.if b/refpolicy/policy/modules/system/init.if
index 93d6de5..be74a65 100644
--- a/refpolicy/policy/modules/system/init.if
+++ b/refpolicy/policy/modules/system/init.if
@@ -126,7 +126,7 @@ interface(`init_daemon_domain',`
allow $1 $2:file { rx_file_perms entrypoint };
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1)
')
')
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index cb78de2..73a2f73 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -174,20 +174,20 @@ ifdef(`targeted_policy',`
unconfined_domain_template(init_t)
')
-optional_policy(`authlogin.te',`
+optional_policy(`authlogin',`
auth_rw_login_records(init_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(init_t)
')
-optional_policy(`portmap.te',`
+optional_policy(`portmap',`
portmap_udp_sendto(init_t)
')
# Run the shell in the sysadm_t domain for single-user mode.
-optional_policy(`userdomain.te',`
+optional_policy(`userdomain',`
userdom_shell_domtrans_sysadm(init_t)
')
@@ -393,11 +393,11 @@ ifdef(`distro_debian', `
')
ifdef(`distro_gentoo',`
- optional_policy(`arpwatch.te',`
+ optional_policy(`arpwatch',`
arpwatch_manage_data_files(initrc_t)
')
- optional_policy(`dhcp.te',`
+ optional_policy(`dhcp',`
dhcpd_setattr_state_files(initrc_t)
')
')
@@ -441,11 +441,11 @@ ifdef(`distro_redhat',`
# readahead asks for these
mta_read_aliases(initrc_t)
- optional_policy(`bind.te',`
+ optional_policy(`bind',`
bind_manage_config_dir(initrc_t)
')
- optional_policy(`rpc.te',`
+ optional_policy(`rpc',`
#for /etc/rc.d/init.d/nfs to create /etc/exports
rpc_write_exports(initrc_t)
')
@@ -458,21 +458,21 @@ ifdef(`targeted_policy',`
# cjp: require doesnt work in optionals :\
# this also would result in a type transition
# conflict if sendmail is enabled
-# optional_policy(`sendmail.te',`',`
+# optional_policy(`sendmail',`',`
# mta_send_mail(initrc_t)
# ')
')
-optional_policy(`apm.te',`
+optional_policy(`apm',`
dev_rw_apm_bios(initrc_t)
')
-optional_policy(`apache.te',`
+optional_policy(`apache',`
apache_read_config(initrc_t)
apache_list_modules(initrc_t)
')
-optional_policy(`bind.te',`
+optional_policy(`bind',`
bind_read_config(initrc_t)
# for chmod in start script
@@ -485,16 +485,16 @@ optional_policy(`bind.te',`
')
')
-optional_policy(`bluetooth.te',`
+optional_policy(`bluetooth',`
dev_read_usbfs(initrc_t)
')
-optional_policy(`cpucontrol.te',`
+optional_policy(`cpucontrol',`
cpucontrol_stub(initrc_t)
dev_getattr_cpu(initrc_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_connect_system_bus(initrc_t)
dbus_send_system_bus_msg(initrc_t)
@@ -508,15 +508,15 @@ optional_policy(`dbus.te',`
')
')
-optional_policy(`ftp.te',`
+optional_policy(`ftp',`
ftp_read_config(initrc_t)
')
-optional_policy(`gpm.te',`
+optional_policy(`gpm',`
gpm_setattr_gpmctl(initrc_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
dev_read_usbfs(initrc_t)
# init scripts run /etc/hotplug/usb.rc
@@ -525,29 +525,29 @@ optional_policy(`hotplug.te',`
modutils_read_mods_deps(initrc_t)
')
-optional_policy(`inn.te',`
+optional_policy(`inn',`
inn_exec_config(initrc_t)
')
-optional_policy(`ipsec.te',`
+optional_policy(`ipsec',`
ipsec_read_config(initrc_t)
ipsec_manage_pid(initrc_t)
')
-optional_policy(`kerberos.te',`
+optional_policy(`kerberos',`
kerberos_use(initrc_t)
')
-optional_policy(`ldap.te',`
+optional_policy(`ldap',`
ldap_read_config(initrc_t)
ldap_list_db_dir(initrc_t)
')
-optional_policy(`loadkeys.te',`
+optional_policy(`loadkeys',`
loadkeys_exec(initrc_t)
')
-optional_policy(`lpd.te',`
+optional_policy(`lpd',`
# This is needed to permit chown to read /var/spool/lpd/lp.
# This is opens up security more than necessary; this means that ANYTHING
# running in the initrc_t domain can read the printer spool directory.
@@ -558,23 +558,23 @@ optional_policy(`lpd.te',`
lpd_read_config(initrc_t)
')
-optional_policy(`lvm.te',`
+optional_policy(`lvm',`
#allow initrc_t lvm_control_t:chr_file unlink;
dev_read_lvm_control(initrc_t)
dev_create_generic_chr_file(initrc_t)
')
-optional_policy(`mailman.te',`
+optional_policy(`mailman',`
mailman_list_data(initrc_t)
mailman_read_data_symlinks(initrc_t)
')
-optional_policy(`mta.te',`
+optional_policy(`mta',`
mta_dontaudit_read_spool_symlink(initrc_t)
')
-optional_policy(`mysql.te',`
+optional_policy(`mysql',`
ifdef(`distro_redhat',`
mysql_manage_db_dir(initrc_t)
')
@@ -583,42 +583,42 @@ optional_policy(`mysql.te',`
mysql_write_log(initrc_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(initrc_t)
nis_udp_sendto_ypbind(initrc_t)
nis_list_var_yp(initrc_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(initrc_t)
')
-optional_policy(`raid.te',`
+optional_policy(`raid',`
raid_manage_mdadm_pid(initrc_t)
')
-optional_policy(`rpc.te',`
+optional_policy(`rpc',`
rpc_read_exports(initrc_t)
')
-optional_policy(`postgresql.te',`
+optional_policy(`postgresql',`
postgresql_manage_db(initrc_t)
postgresql_read_config(initrc_t)
')
-optional_policy(`postfix.te',`
+optional_policy(`postfix',`
postfix_list_spool(initrc_t)
')
-optional_policy(`quota.te',`
+optional_policy(`quota',`
quota_manage_flags(initrc_t)
')
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
corecmd_shell_entry_type(initrc_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
# bash tries to access a block device in the initrd
kernel_dontaudit_getattr_unlabeled_blk_dev(initrc_t)
@@ -632,26 +632,26 @@ optional_policy(`rpm.te',`
rpm_manage_db(initrc_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
samba_rw_config(initrc_t)
samba_read_winbind_pid(initrc_t)
')
-optional_policy(`squid.te',`
+optional_policy(`squid',`
squid_read_config(initrc_t)
squid_manage_logs(initrc_t)
')
-optional_policy(`ssh.te',`
+optional_policy(`ssh',`
ssh_dontaudit_read_server_keys(initrc_t)
')
# allow init scripts to su
-optional_policy(`su.te',`
+optional_policy(`su',`
su_restricted_domain_template(initrc,initrc_t,system_r)
')
-optional_policy(`sysnetwork.te',`
+optional_policy(`sysnetwork',`
ifdef(`distro_redhat',`
sysnet_rw_dhcp_config(initrc_t)
')
@@ -659,7 +659,7 @@ optional_policy(`sysnetwork.te',`
sysnet_read_dhcpc_state(initrc_t)
')
-optional_policy(`zebra.te',`
+optional_policy(`zebra',`
zebra_read_config(initrc_t)
')
@@ -685,7 +685,7 @@ ifdef(`distro_redhat', `
allow initrc_t xserver_log_t:file unlink;
')
- optional_policy(`rpm.te',`
+ optional_policy(`rpm',`
rpm_stub(initrc_t)
#read ahead wants to read this
allow initrc_t system_cron_spool_t:file { getattr read };
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index be5328a..89b7b65 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -129,20 +129,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(ipsec_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(ipsec_t)
')
-optional_policy(`selinuxutils.te',`
+optional_policy(`selinuxutils',`
seutil_sigchld_newrole(ipsec_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(ipsec_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(ipsec_t)
')
')
@@ -261,11 +261,11 @@ sysnet_domtrans_ifconfig(ipsec_mgmt_t)
userdom_use_sysadm_terms(ipsec_mgmt_t)
-optional_policy(`consoletype.te',`
+optional_policy(`consoletype',`
consoletype_exec(ipsec_mgmt_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(ipsec_mgmt_t)
')
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index 98f777b..85e6ef5 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -80,35 +80,35 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(iptables_t)
')
-optional_policy(`firstboot.te',`
+optional_policy(`firstboot',`
firstboot_use_fd(iptables_t)
firstboot_write_pipe(iptables_t)
')
-optional_policy(`modutils.te', `
+optional_policy(`modutils',`
corecmd_search_sbin(iptables_t)
modutils_domtrans_insmod(iptables_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
# for iptables -L
nis_use_ypbind(iptables_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(iptables_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(iptables_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(iptables_t)
')
-optional_policy(`gnome-pty-helper.te',`
+optional_policy(`gnome-pty-helper',`
allow iptables_t sysadm_gph_t:fd use;
')
') dnl ifdef TODO
diff --git a/refpolicy/policy/modules/system/libraries.te b/refpolicy/policy/modules/system/libraries.te
index a05b81f..7ba9087 100644
--- a/refpolicy/policy/modules/system/libraries.te
+++ b/refpolicy/policy/modules/system/libraries.te
@@ -88,7 +88,7 @@ logging_send_syslog_msg(ldconfig_t)
userdom_use_all_user_fd(ldconfig_t)
ifdef(`hide_broken_symptoms',`
- optional_policy(`unconfined.te',`
+ optional_policy(`unconfined',`
unconfined_dontaudit_rw_tcp_socket(ldconfig_t)
')
')
@@ -98,7 +98,7 @@ ifdef(`targeted_policy',`
unconfined_domain_template(ldconfig_t)
')
-optional_policy(`apache.te',`
+optional_policy(`apache',`
# dontaudit access to /usr/lib/apache, normal programs cannot read these libs anyway
apache_dontaudit_search_modules(ldconfig_t)
')
diff --git a/refpolicy/policy/modules/system/locallogin.te b/refpolicy/policy/modules/system/locallogin.te
index 2349d05..a2116d1 100644
--- a/refpolicy/policy/modules/system/locallogin.te
+++ b/refpolicy/policy/modules/system/locallogin.te
@@ -198,20 +198,20 @@ tunable_policy(`use_samba_home_dirs',`
fs_read_cifs_symlinks(local_login_t)
')
-optional_policy(`gpm.te',`
+optional_policy(`gpm',`
gpm_getattr_gpmctl(local_login_t)
gpm_setattr_gpmctl(local_login_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(local_login_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(local_login_t)
')
-optional_policy(`usermanage.te',`
+optional_policy(`usermanage',`
usermanage_read_crack_db(local_login_t)
')
@@ -284,6 +284,6 @@ ifdef(`sulogin_no_pam', `
selinux_compute_user_contexts(sulogin_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(sulogin_t)
')
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index afffb4f..e30e46c 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -167,16 +167,16 @@ ifdef(`targeted_policy',`
unconfined_dontaudit_read_pipe(auditd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(auditd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(auditd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(auditd_t)
')
') dnl endif TODO
@@ -233,7 +233,7 @@ miscfiles_read_localization(klogd_t)
userdom_dontaudit_search_sysadm_home_dir(klogd_t)
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(klogd_t)
')
@@ -242,7 +242,7 @@ ifdef(`targeted_policy',`
term_dontaudit_use_unallocated_tty(klogd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(klogd_t)
')
@@ -359,28 +359,28 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(syslogd_t)
')
-optional_policy(`inn.te',`
+optional_policy(`inn',`
inn_manage_log(syslogd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(syslogd_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(syslogd_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(syslogd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(syslogd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(syslogd_t)
')
diff --git a/refpolicy/policy/modules/system/lvm.te b/refpolicy/policy/modules/system/lvm.te
index 619984b..3fe62a3 100644
--- a/refpolicy/policy/modules/system/lvm.te
+++ b/refpolicy/policy/modules/system/lvm.te
@@ -105,20 +105,20 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(clvmd_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_send_nfs_client_request(clvmd_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(clvmd_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(clvmd_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(clvmd_t)
')
') dnl end TODO
@@ -253,15 +253,15 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(lvm_t)
')
-optional_policy(`bootloader.te',`
+optional_policy(`bootloader',`
bootloader_rw_tmp_file(lvm_t)
')
-optional_policy(`gpm.te',`
+optional_policy(`gpm',`
gpm_dontaudit_getattr_gpmctl(lvm_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(lvm_t)
')
@@ -270,10 +270,10 @@ ifdef(`TODO',`
allow lvm_t var_t:dir { search getattr };
allow lvm_t ramfs_t:filesystem unmount;
-optional_policy(`gnome-pty-helper.te', `
+optional_policy(`gnome-pty-helper',`
allow lvm_t sysadm_gph_t:fd use;
')
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(lvm_t)
')
dontaudit lvm_t xconsole_device_t:fifo_file getattr;
diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index e74fc19..247e9de 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -121,29 +121,29 @@ ifdef(`targeted_policy',`
unconfined_domain_template(insmod_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
hotplug_search_config(insmod_t)
')
-optional_policy(`mount.te',`
+optional_policy(`mount',`
mount_domtrans(insmod_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(insmod_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(insmod_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
rpm_rw_pipe(insmod_t)
')
ifdef(`TODO',`
allow insmod_t proc_t:file rw_file_perms;
-optional_policy(`xserver.te',`
+optional_policy(`xserver',`
xserver_getattr_log(insmod_t)
allow insmod_t xserver_misc_device_t:chr_file { read write };
')
@@ -198,7 +198,7 @@ ifdef(`targeted_policy', `
term_use_generic_pty(depmod_t)
')
-optional_policy(`rpm.te',`
+optional_policy(`rpm',`
rpm_rw_pipe(depmod_t)
')
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 7fcb1ad..391eaab 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -86,14 +86,14 @@ sysnet_use_portmap(mount_t)
userdom_use_all_user_fd(mount_t)
ifdef(`distro_redhat',`
- optional_policy(`authlogin.te',`
+ optional_policy(`authlogin',`
auth_read_pam_console_data(mount_t)
# mount config by default sets fscontext=removable_t
fs_relabelfrom_dos_fs(mount_t)
')
')
-optional_policy(`portmap.te', `
+optional_policy(`portmap',`
# for nfs
#allow portmap_t mount_t:udp_socket { sendto recvfrom };
#allow mount_t portmap_t:udp_socket { sendto recvfrom };
@@ -114,21 +114,21 @@ optional_policy(`portmap.te', `
corenet_udp_bind_reserved_port(mount_t)
corenet_tcp_connect_all_ports(mount_t)
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind(mount_t)
')
')
-optional_policy(`apm.te',`
+optional_policy(`apm',`
apm_use_fd(mount_t)
')
# for kernel package installation
-optional_policy(`rpm.te', `
+optional_policy(`rpm',`
rpm_rw_pipe(mount_t)
')
-optional_policy(`samba.te',`
+optional_policy(`samba',`
samba_domtrans_smbmount(mount_t)
')
@@ -146,7 +146,7 @@ ifdef(`gnome-pty-helper.te', `
allow mount_t sysadm_gph_t:fd use;
')
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(mount_t)
')
diff --git a/refpolicy/policy/modules/system/pcmcia.te b/refpolicy/policy/modules/system/pcmcia.te
index f96ee05..a415bd8 100644
--- a/refpolicy/policy/modules/system/pcmcia.te
+++ b/refpolicy/policy/modules/system/pcmcia.te
@@ -126,12 +126,12 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(cardmgr_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_dontaudit_read_config(cardmgr_t)
seutil_sigchld_newrole(cardmgr_t)
')
-optional_policy(`sysnetwork.te',`
+optional_policy(`sysnetwork',`
sysnet_domtrans_dhcpc(cardmgr_t)
sysnet_read_dhcpc_pid(cardmgr_t)
@@ -143,12 +143,12 @@ optional_policy(`sysnetwork.te',`
sysnet_sigstop_dhcpc(cardmgr_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(cardmgr_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(cardmgr_t)
')
') dnl end TODO
diff --git a/refpolicy/policy/modules/system/raid.te b/refpolicy/policy/modules/system/raid.te
index f65de87..96a96d4 100644
--- a/refpolicy/policy/modules/system/raid.te
+++ b/refpolicy/policy/modules/system/raid.te
@@ -75,11 +75,11 @@ ifdef(`targeted_policy',`
files_dontaudit_read_root_file(mdadm_t)
')
-optional_policy(`selinux.te',`
+optional_policy(`selinux',`
seutil_sigchld_newrole(mdadm_t)
')
-optional_policy(`udev.te', `
+optional_policy(`udev',`
udev_read_db(mdadm_t)
')
@@ -88,7 +88,7 @@ ifdef(`TODO',`
dontaudit mdadm_t device_t:{ fifo_file file chr_file blk_file } { read getattr };
allow mdadm_t var_t:dir getattr;
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(mdadm_t)
')
') dnl TODO
diff --git a/refpolicy/policy/modules/system/selinuxutil.te b/refpolicy/policy/modules/system/selinuxutil.te
index a076936..06433bf 100644
--- a/refpolicy/policy/modules/system/selinuxutil.te
+++ b/refpolicy/policy/modules/system/selinuxutil.te
@@ -290,11 +290,11 @@ ifdef(`targeted_policy',`
}
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(newrole_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(newrole_t)
')
@@ -374,7 +374,7 @@ ifdef(`hide_broken_symptoms',`
udev_dontaudit_rw_unix_dgram_socket(restorecon_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
hotplug_use_fd(restorecon_t)
')
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 578129d..59e2632 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -156,11 +156,11 @@ ifdef(`targeted_policy', `
files_dontaudit_read_root_file(dhcpc_t)
')
-optional_policy(`consoletype.te',`
+optional_policy(`consoletype',`
consoletype_domtrans(dhcpc_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
gen_require(`
class dbus send_msg;
')
@@ -182,11 +182,11 @@ optional_policy(`dbus.te',`
')
')
-optional_policy(`hostname.te',`
+optional_policy(`hostname',`
hostname_domtrans(dhcpc_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
hotplug_getattr_config_dir(dhcpc_t)
hotplug_search_config(dhcpc_t)
@@ -196,7 +196,7 @@ optional_policy(`hotplug.te',`
')
# for the dhcp client to run ping to check IP addresses
-optional_policy(`netutils.te',`
+optional_policy(`netutils',`
netutils_domtrans_ping(dhcpc_t)
netutils_domtrans(dhcpc_t)
',`
@@ -204,7 +204,7 @@ optional_policy(`netutils.te',`
allow dhcpc_t self:rawip_socket create_socket_perms;
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(dhcpc_t)
nis_signal_ypbind(dhcpc_t)
nis_read_ypbind_pid(dhcpc_t)
@@ -215,37 +215,37 @@ optional_policy(`nis.te',`
nis_domtrans_ypbind(dhcpc_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_domtrans(dhcpc_t)
nscd_read_pid(dhcpc_t)
')
-optional_policy(`ntp.te',`
+optional_policy(`ntp',`
# dhclient sometimes starts ntpd
init_exec_script(dhcpc_t)
ntp_domtrans(dhcpc_t)
')
-optional_policy(`pcmcia.te',`
+optional_policy(`pcmcia',`
pcmcia_stub(dhcpc_t)
dev_rw_cardmgr(dhcpc_t)
')
-optional_policy(`selinuxutil.te',`
+optional_policy(`selinuxutil',`
seutil_sigchld_newrole(dhcpc_t)
seutil_dontaudit_search_config(dhcpc_t)
')
-optional_policy(`udev.te',`
+optional_policy(`udev',`
udev_read_db(dhcpc_t)
')
-optional_policy(`userdomain.te',`
+optional_policy(`userdomain',`
userdom_use_all_user_fd(dhcpc_t)
')
ifdef(`TODO',`
-optional_policy(`rhgb.te',`
+optional_policy(`rhgb',`
rhgb_domain(dhcpc_t)
')
') dnl endif TODO
@@ -318,11 +318,11 @@ seutil_use_runinit_fd(ifconfig_t)
userdom_use_all_user_fd(ifconfig_t)
ifdef(`hide_broken_symptoms',`
- optional_policy(`pcmcia.te',`
+ optional_policy(`pcmcia',`
dev_dontaudit_rw_cardmgr(ifconfig_t)
')
- optional_policy(`udev.te',`
+ optional_policy(`udev',`
udev_dontaudit_rw_unix_dgram_socket(ifconfig_t)
')
')
@@ -332,21 +332,21 @@ ifdef(`targeted_policy',`
term_use_unallocated_tty(ifconfig_t)
')
-optional_policy(`netutils.te',`
+optional_policy(`netutils',`
netutils_domtrans(dhcpc_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(ifconfig_t)
')
-optional_policy(`ppp.te',`
+optional_policy(`ppp',`
ppp_use_fd(ifconfig_t)
')
ifdef(`TODO',`
ifdef(`gnome-pty-helper.te', `allow ifconfig_t sysadm_gph_t:fd use;')
-optional_policy(`rhgb.te', `
+optional_policy(`rhgb',`
rhgb_domain(ifconfig_t)
')
') dnl endif TODO
diff --git a/refpolicy/policy/modules/system/udev.te b/refpolicy/policy/modules/system/udev.te
index 3d6e691..2a7a1ad 100644
--- a/refpolicy/policy/modules/system/udev.te
+++ b/refpolicy/policy/modules/system/udev.te
@@ -163,36 +163,36 @@ ifdef(`targeted_policy',`
unconfined_domain_template(udev_t)
')
-optional_policy(`authlogin.te',`
+optional_policy(`authlogin',`
auth_read_pam_console_data(udev_t)
auth_domtrans_pam_console(udev_t)
')
-optional_policy(`consoletype.te',`
+optional_policy(`consoletype',`
consoletype_exec(udev_t)
')
-optional_policy(`dbus.te',`
+optional_policy(`dbus',`
dbus_system_bus_client_template(udev,udev_t)
')
-optional_policy(`hotplug.te',`
+optional_policy(`hotplug',`
hotplug_read_config(udev_t)
')
-optional_policy(`nis.te',`
+optional_policy(`nis',`
nis_use_ypbind(udev_t)
')
-optional_policy(`nscd.te',`
+optional_policy(`nscd',`
nscd_use_socket(udev_t)
')
-optional_policy(`sysnetwork.te',`
+optional_policy(`sysnetwork',`
sysnet_domtrans_dhcpc(udev_t)
')
-#optional_policy(`xserver.te',`
+#optional_policy(`xserver',`
# xserver_read_xdm_pid(udev_t)
#')
diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if
index 66c4675..39b43b7 100644
--- a/refpolicy/policy/modules/system/unconfined.if
+++ b/refpolicy/policy/modules/system/unconfined.if
@@ -49,29 +49,29 @@ template(`unconfined_domain_template',`
allow $1 self:process execstack;
')
- optional_policy(`authlogin.te',`
+ optional_policy(`authlogin',`
auth_unconfined($1)
')
- optional_policy(`bootloader.te',`
+ optional_policy(`bootloader',`
bootloader_manage_kernel_modules($1)
')
- optional_policy(`dbus.te', `
+ optional_policy(`dbus',`
# Communicate via dbusd.
dbus_system_bus_unconfined($1)
')
- optional_policy(`nscd.te', `
+ optional_policy(`nscd',`
nscd_unconfined($1)
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_create_binary_pol($1)
seutil_relabelto_binary_pol($1)
')
- optional_policy(`storage.te',`
+ optional_policy(`storage',`
storage_unconfined($1)
')
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index 2d9429e..4eca013 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -41,79 +41,79 @@ ifdef(`targeted_policy',`
userdom_unconfined(unconfined_t)
userdom_priveleged_home_dir_manager(unconfined_t)
- optional_policy(`amanda.te',`
+ optional_policy(`amanda',`
amanda_domtrans_recover(unconfined_t)
')
- optional_policy(`apache.te',`
+ optional_policy(`apache',`
apache_domtrans_helper(unconfined_t)
')
- optional_policy(`bind.te',`
+ optional_policy(`bind',`
bind_domtrans_ndc(unconfined_t)
')
- optional_policy(`bluetooth.te',`
+ optional_policy(`bluetooth',`
bluetooth_domtrans_helper(unconfined_t)
')
- optional_policy(`dmidecode.te',`
+ optional_policy(`dmidecode',`
dmidecode_domtrans(unconfined_t)
')
- optional_policy(`firstboot.te',`
+ optional_policy(`firstboot',`
firstboot_domtrans(unconfined_t)
')
- optional_policy(`lpd.te',`
+ optional_policy(`lpd',`
lpd_domtrans_checkpc(unconfined_t)
')
- optional_policy(`modutils.te',`
+ optional_policy(`modutils',`
modutils_domtrans_update_mods(unconfined_t)
')
- optional_policy(`netutils.te',`
+ optional_policy(`netutils',`
netutils_domtrans_ping(unconfined_t)
')
- optional_policy(`portmap.te',`
+ optional_policy(`portmap',`
portmap_domtrans_helper(unconfined_t)
')
- optional_policy(`postfix.te',`
+ optional_policy(`postfix',`
postfix_domtrans_map(unconfined_t)
# cjp: this should probably be removed:
postfix_domtrans_master(unconfined_t)
')
- optional_policy(`rpc.te',`
+ optional_policy(`rpc',`
# cjp: this should probably be removed:
rpc_domtrans_nfsd(unconfined_t)
')
- optional_policy(`rpm.te',`
+ optional_policy(`rpm',`
rpm_domtrans(unconfined_t)
')
- optional_policy(`samba.te',`
+ optional_policy(`samba',`
samba_domtrans_net(unconfined_t)
samba_domtrans_winbind_helper(unconfined_t)
')
- optional_policy(`su.te',`
+ optional_policy(`su',`
su_per_userdomain_template(sysadm,unconfined_t,system_r)
')
- optional_policy(`sysnetwork.te',`
+ optional_policy(`sysnetwork',`
sysnet_domtrans_dhcpc(unconfined_t)
')
- optional_policy(`usermanage.te',`
+ optional_policy(`usermanage',`
usermanage_domtrans_admin_passwd(unconfined_t)
')
- optional_policy(`webalizer.te',`
+ optional_policy(`webalizer',`
webalizer_domtrans(unconfined_t)
')
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index d0cd834..7b55339 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -304,43 +304,43 @@ template(`base_user_template',`
term_getattr_all_user_ttys($1_t)
')
- optional_policy(`canna.te',`
+ optional_policy(`canna',`
canna_stream_connect($1_t)
')
- optional_policy(`dbus.te',`
+ optional_policy(`dbus',`
dbus_system_bus_client_template($1,$1_t)
')
- optional_policy(`dictd.te',`
+ optional_policy(`dictd',`
dictd_use($1_t)
')
- optional_policy(`ftp.te',`
+ optional_policy(`ftp',`
tunable_policy(`ftpd_is_daemon',`
ftp_tcp_connect($1_t)
')
')
- optional_policy(`finger.te',`
+ optional_policy(`finger',`
finger_tcp_connect($1_t)
')
- optional_policy(`inetd.te',`
+ optional_policy(`inetd',`
inetd_tcp_connect($1_t)
')
- optional_policy(`inn.te',`
+ optional_policy(`inn',`
inn_read_config($1_t)
inn_read_news_lib($1_t)
inn_read_news_spool($1_t)
')
- optional_policy(`nis.te',`
+ optional_policy(`nis',`
nis_use_ypbind($1_t)
')
- optional_policy(`mysql.te',`
+ optional_policy(`mysql',`
ifdef(`targeted_policy',`',`
tunable_policy(`allow_user_mysql_connect',`
mysql_stream_connect($1_t)
@@ -348,29 +348,29 @@ template(`base_user_template',`
')
')
- optional_policy(`nscd.te',`
+ optional_policy(`nscd',`
nscd_use_socket($1_t)
')
- optional_policy(`pcmcia.te',`
+ optional_policy(`pcmcia',`
# to allow monitoring of pcmcia status
pcmcia_read_pid($1_t)
')
- optional_policy(`quota.te',`
+ optional_policy(`quota',`
quota_dontaudit_getattr_db($1_t)
')
- optional_policy(`rpm.te',`
+ optional_policy(`rpm',`
files_getattr_var_lib_dir($1_t)
files_search_var_lib($1_t)
')
- optional_policy(`squid.te',`
+ optional_policy(`squid',`
squid_use($1_t)
')
- optional_policy(`usermanage.te',`
+ optional_policy(`usermanage',`
usermanage_run_chfn($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
usermanage_run_passwd($1_t,$1_r,{ $1_devpts_t $1_tty_device_t })
')
@@ -615,36 +615,36 @@ template(`unpriv_user_template', `
corenet_tcp_bind_generic_port($1_t)
')
- optional_policy(`kerberos.te',`
+ optional_policy(`kerberos',`
kerberos_use($1_t)
')
- optional_policy(`loadkeys.te',`
+ optional_policy(`loadkeys',`
loadkeys_run($1_t,$1_r,$1_tty_device_t)
')
# for running depmod as part of the kernel packaging process
- optional_policy(`modutils.te',`
+ optional_policy(`modutils',`
modutils_read_module_conf($1_t)
')
- optional_policy(`netutils.te',`
+ optional_policy(`netutils',`
netutils_run_ping_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
netutils_run_traceroute_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
')
# Run pppd in pppd_t by default for user
- optional_policy(`ppp.te', `
+ optional_policy(`ppp', `
ppp_run_cond($1_t,$1_r,{ $1_tty_device_t $1_devpts_t })
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
# for when the network connection is killed
seutil_dontaudit_signal_newrole($1_t)
')
# Need the following rule to allow users to run vpnc
- optional_policy(`xserver.te', `
+ optional_policy(`xserver', `
corenet_tcp_bind_xserver_port($1_t)
')
@@ -897,7 +897,7 @@ template(`admin_user_template',`
# But presently necessary for installing the file_contexts file.
seutil_manage_binary_pol($1_t)
- optional_policy(`cron.te',`
+ optional_policy(`cron',`
cron_admin_template($1)
')
diff --git a/refpolicy/policy/modules/system/userdomain.te b/refpolicy/policy/modules/system/userdomain.te
index fbdc5e6..d7927f3 100644
--- a/refpolicy/policy/modules/system/userdomain.te
+++ b/refpolicy/policy/modules/system/userdomain.te
@@ -92,7 +92,7 @@ ifdef(`targeted_policy',`
type_transition privhome user_home_dir_t:{ dir file lnk_file fifo_file sock_file } user_home_t;
files_search_home(privhome)
- optional_policy(`samba.te',`
+ optional_policy(`samba',`
samba_per_userdomain_template(user)
')
',`
@@ -130,7 +130,7 @@ ifdef(`targeted_policy',`
files_create_home_dirs(sysadm_t,user_home_dir_t)
ifdef(`direct_sysadm_daemon',`
- optional_policy(`init.te',`
+ optional_policy(`init',`
init_run_daemon(sysadm_t,sysadm_r,admin_terminal)
')
')
@@ -139,54 +139,54 @@ ifdef(`targeted_policy',`
domain_ptrace_all_domains(sysadm_t)
')
- optional_policy(`amanda.te',`
+ optional_policy(`amanda',`
amanda_run_recover(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`apache.te',`
+ optional_policy(`apache',`
apache_run_helper(sysadm_t,sysadm_r,admin_terminal)
#apache_run_all_scripts(sysadm_t,sysadm_r)
#apache_domtrans_sys_script(sysadm_t)
')
- optional_policy(`apm.te',`
+ optional_policy(`apm',`
# cjp: why is this not apm_run_client
apm_domtrans_client(sysadm_t)
')
- optional_policy(`bootloader.te',`
+ optional_policy(`bootloader',`
bootloader_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`bind.te',`
+ optional_policy(`bind',`
bind_run_ndc(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`bluetooth.te',`
+ optional_policy(`bluetooth',`
bluetooth_run_helper(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`clock.te',`
+ optional_policy(`clock',`
clock_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`dmidecode.te',`
+ optional_policy(`dmidecode',`
dmidecode_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`firstboot.te',`
+ optional_policy(`firstboot',`
firstboot_run(sysadm_t,sysadm_r,sysadm_tty_device_t)
')
- optional_policy(`fstools.te',`
+ optional_policy(`fstools',`
fstools_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`hostname.te',`
+ optional_policy(`hostname',`
hostname_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`ipsec.te',`
+ optional_policy(`ipsec',`
# allow system administrator to use the ipsec script to look
# at things (e.g., ipsec auto --status)
# probably should create an ipsec_admin role for this kind of thing
@@ -196,85 +196,85 @@ ifdef(`targeted_policy',`
ipsec_getattr_key_socket(sysadm_t)
')
- optional_policy(`iptables.te',`
+ optional_policy(`iptables',`
iptables_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`libraries.te',`
+ optional_policy(`libraries',`
libs_run_ldconfig(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`lvm.te',`
+ optional_policy(`lvm',`
lvm_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`logrotate.te',`
+ optional_policy(`logrotate',`
logrotate_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`lpd.te',`
+ optional_policy(`lpd',`
lpd_run_checkpc(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`kudzu.te',`
+ optional_policy(`kudzu',`
kudzu_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`modutils.te',`
+ optional_policy(`modutils',`
modutils_run_depmod(sysadm_t,sysadm_r,admin_terminal)
modutils_run_insmod(sysadm_t,sysadm_r,admin_terminal)
modutils_run_update_mods(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`mount.te',`
+ optional_policy(`mount',`
mount_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`mysql.te',`
+ optional_policy(`mysql',`
mysql_stream_connect(sysadm_t)
')
- optional_policy(`netutils.te',`
+ optional_policy(`netutils',`
netutils_run(sysadm_t,sysadm_r,admin_terminal)
netutils_run_ping(sysadm_t,sysadm_r,admin_terminal)
netutils_run_traceroute(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`rpc.te',`
+ optional_policy(`rpc',`
rpc_domtrans_nfsd(sysadm_t)
')
- optional_policy(`ntp.te',`
+ optional_policy(`ntp',`
ntp_stub()
corenet_udp_bind_ntp_port(sysadm_t)
')
- optional_policy(`pcmcia.te',`
+ optional_policy(`pcmcia',`
pcmcia_run_cardctl(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`portmap.te',`
+ optional_policy(`portmap',`
portmap_run_helper(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`quota.te',`
+ optional_policy(`quota',`
quota_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`radius.te',`
+ optional_policy(`radius',`
radius_use(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`rpm.te',`
+ optional_policy(`rpm',`
rpm_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`samba.te',`
+ optional_policy(`samba',`
samba_run_net(sysadm_t,sysadm_r,admin_terminal)
samba_run_winbind_helper(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`selinuxutil.te',`
+ optional_policy(`selinuxutil',`
seutil_run_checkpol(sysadm_t,sysadm_r,admin_terminal)
seutil_run_loadpol(sysadm_t,sysadm_r,admin_terminal)
seutil_run_restorecon(sysadm_t,sysadm_r,admin_terminal)
@@ -285,25 +285,25 @@ ifdef(`targeted_policy',`
')
')
- optional_policy(`sysnetwork.te',`
+ optional_policy(`sysnetwork',`
sysnet_run_ifconfig(sysadm_t,sysadm_r,admin_terminal)
sysnet_run_dhcpc(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`unconfined.te',`
+ optional_policy(`unconfined',`
unconfined_domtrans(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`usermanage.te',`
+ optional_policy(`usermanage',`
usermanage_run_groupadd(sysadm_t,sysadm_r,admin_terminal)
usermanage_run_useradd(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`vpn.te',`
+ optional_policy(`vpn',`
vpn_run(sysadm_t,sysadm_r,admin_terminal)
')
- optional_policy(`webalizer.te',`
+ optional_policy(`webalizer',`
webalizer_run(sysadm_t,sysadm_r,admin_terminal)
')
')
diff --git a/refpolicy/policy/support/loadable_module.spt b/refpolicy/policy/support/loadable_module.spt
index de48b3b..308dcb6 100644
--- a/refpolicy/policy/support/loadable_module.spt
+++ b/refpolicy/policy/support/loadable_module.spt
@@ -87,7 +87,7 @@ define(`policy_call_depth',0)
#
define(`optional_policy',`
ifdef(`self_contained_policy',`
- ifdef(`$1',`$2',`$3')
+ ifdef(`$1.te',`$2',`$3')
',`
optional {
$2