Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4073286pxb; Tue, 26 Jan 2021 11:39:17 -0800 (PST) X-Google-Smtp-Source: ABdhPJw7WAfL8COeWIZZwLypcR5QPqLAUNBiwaRwSsesTJhwoFBZZSfOANPbRDIXcZYdj31z4xvI X-Received: by 2002:a05:6402:149:: with SMTP id s9mr5776495edu.247.1611689957428; Tue, 26 Jan 2021 11:39:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611689957; cv=none; d=google.com; s=arc-20160816; b=rVjM7Ln7gGEkFRYosBL2eOz/CQUuejyuXodHc5P3ONZoAY5SxWQui3iSaX1eLieNgr IN7+NZBxjEFir51xmG6VX3mCRCZ2fGY72TzD6BkMF5lCOJY37w9LfIZJizN1eipIHK/6 BYBKx5G7mVzlUMJpijg3uoU1B9iPZq8t89bi03jj4JD1w6qeg0haJPf/ziNnYtVpFWHr 2AtII3NMxHWMf21BLVB+txsoW6FgVy+xzq6InHBsjme28aorA4EA6TGOICmDeiFFxuDL DXPli89xovktZfcYIs4hFmayRwUXw5A1zBhkFKHt4pqFPqqlNr/mbn9G9IeLmVsFBuIT SWpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :to:subject:dkim-signature; bh=4qdeiXmug5Tm9rl7HCi16WcjBeUeGjHrBBC0r8Nh5h0=; b=gGozjZ/9rxhu4+B5jFQhW8KMlldiY14mwjKrm1qKEeDQLQOFZVbFEGOx06QewZOJIZ 1Fi5t1RQ8Cs2ZIu6+5D8RGu1p1KzbHRw+9KWgApuIsBZhj7cOF22UmmUTbHMejDF8YY0 WVpwmAlHWHYoBxNSUx2DdNx7ylSrajJMk+I3DbZYow5+GM1ZSKrKwOKl0sHVYEQ1fDrw 3trDUkcWZLzSKws74i6LudH5Jh1GCHM8oVl+xXer9ewkliWCMv5z/Szi0In+IG4Db4fv wtYrAq+BWhpedYCqyelebLKZaMJ/vJT/mGFaxvwCXIr7MFFx/OEuRt/3DAa8Mo4qOCI5 5PbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=cCcwlRIB; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gs10si7303764ejb.494.2021.01.26.11.39.12; Tue, 26 Jan 2021 11:39:17 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@ieee.org header.s=google header.b=cCcwlRIB; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ieee.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727030AbhAZGAv (ORCPT + 16 others); Tue, 26 Jan 2021 01:00:51 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44526 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729473AbhAYO3L (ORCPT ); Mon, 25 Jan 2021 09:29:11 -0500 Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A1A72C06178A for ; Mon, 25 Jan 2021 06:26:51 -0800 (PST) Received: by mail-qk1-x72b.google.com with SMTP id v126so12531436qkd.11 for ; Mon, 25 Jan 2021 06:26:51 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=4qdeiXmug5Tm9rl7HCi16WcjBeUeGjHrBBC0r8Nh5h0=; b=cCcwlRIB2VM9Qoxg38Csh8h+ViJWxj8iNNJFNw9oWmLwi6w1kP5Tei6vLxsYsGqW9S t9XJs5eZhLuae61uv829TIs0A8EndLReEXCYjOpAp9ETcQDXhtjbgrGbW6BVrqAbs+1b 6yMVzhLOn2C/80De+0RX33oj0EOMtKGS+WfuE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=4qdeiXmug5Tm9rl7HCi16WcjBeUeGjHrBBC0r8Nh5h0=; b=ibRqspG5BsmKC+O9qsW73JJOBto3y5DkS6R+IqNhbp2ztsT6uv4KrAwC4vF7YBYWx4 y4iCGyjOBGEbyPVl1bVh7lghRt88EO+5tstEg+OzP7WDgPURTias0ETpsmjxZRdjvOUL JlMLdHDIvHwjipYhpZz9NggdX8ztXMYyVoEzsmVFStyfG+H0Ug00HRs7tm8jhge1eOAe oFf76gG4LI8x0LszuMy0ulZ5/GV4JNa8xq0n98yhZl2igTwlpVw5o8f8rbmjb9J0owGh fjYizM4535VpKv1KXFIQlY9Ba7scI5QcQTFCa05dZWgmDwFU3zn1/8Eat6Rh90KhuV+V efyw== X-Gm-Message-State: AOAM532KIOIiBqyumt4b3vvlYeP9mvMvhbMt04XUUvvVbCBgRw0Wb5vD rOV15ktaTvFH2VqJg8TI7U+zcNVliMiCxQ== X-Received: by 2002:a05:620a:8cb:: with SMTP id z11mr905318qkz.411.1611584810141; Mon, 25 Jan 2021 06:26:50 -0800 (PST) Received: from fedora.pebenito.net (pool-96-234-173-17.bltmmd.fios.verizon.net. [96.234.173.17]) by smtp.gmail.com with ESMTPSA id 193sm2253022qki.28.2021.01.25.06.26.49 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Jan 2021 06:26:49 -0800 (PST) Subject: Re: [PATCH] remove deprecated from 20190201 To: Russell Coker , selinux-refpolicy@vger.kernel.org References: From: Chris PeBenito Message-ID: Date: Mon, 25 Jan 2021 09:00:00 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org On 1/22/21 8:10 AM, Russell Coker wrote: > This patch removes every macro and interface that was deprecated in 20190201. > > Some of them date back to 2016 or 2017. I chose 20190201 as that is the one > that is in the previous release of Debian. For any distribution I don't > think it makes sense to carry interfaces that were deprecated in version N > to version N+1. > > One thing that particularly annoys me is when audit2allow -R gives deprecated > interfaces in it's output. Removing some of these should reduce the > incidence of that. > > I believe this is worthy of merging. > > Signed-off-by: Russell Coker Merged. > Index: refpolicy-2.20210120/policy/modules/admin/dphysswapfile.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/admin/dphysswapfile.if > +++ refpolicy-2.20210120/policy/modules/admin/dphysswapfile.if > @@ -2,26 +2,6 @@ > > ######################################## > ## > -## Dontaudit access to the swap file. > -## > -## > -## > -## Domain to not audit. > -## > -## > -# > -interface(`dphysswapfile_dontaudit_read_swap',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - type dphysswapfile_swap_t; > - ') > - > - dontaudit $1 dphysswapfile_swap_t:file read_file_perms; > -') > - > -######################################## > -## > ## All of the rules required to > ## administrate an dphys-swapfile environment. > ## > Index: refpolicy-2.20210120/policy/modules/admin/fakehwclock.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/admin/fakehwclock.if > +++ refpolicy-2.20210120/policy/modules/admin/fakehwclock.if > @@ -2,55 +2,6 @@ > > ######################################## > ## > -## Execute a domain transition to run fake-hwclock. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -# > -interface(`fakehwclock_domtrans',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - type fakehwclock_t, fakehwclock_exec_t; > - ') > - > - corecmd_search_bin($1) > - domtrans_pattern($1, fakehwclock_exec_t, fakehwclock_t) > -') > - > -######################################## > -## > -## Execute fake-hwclock in the fake-hwclock domain, > -## and allow the specified role > -## the fake-hwclock domain. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -## > -## > -## Role allowed access. > -## > -## > -# > -interface(`fakehwclock_run',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - attribute_role fakehwclock_roles; > - ') > - > - fakehwclock_domtrans($1) > - roleattribute $2 fakehwclock_roles; > -') > - > -######################################## > -## > ## All the rules required to > ## administrate an fake-hwclock environment. > ## > Index: refpolicy-2.20210120/policy/modules/kernel/corecommands.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/kernel/corecommands.if > +++ refpolicy-2.20210120/policy/modules/kernel/corecommands.if > @@ -238,22 +238,6 @@ interface(`corecmd_dontaudit_write_bin_f > > ######################################## > ## > -## Read symbolic links in bin directories. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`corecmd_read_bin_symlinks',` > - refpolicywarn(`$0() has been deprecated, please use corecmd_search_bin() instead.') > - > - corecmd_search_bin($1) > -') > - > -######################################## > -## > ## Read pipes in bin directories. > ## > ## > Index: refpolicy-2.20210120/policy/modules/kernel/devices.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/kernel/devices.if > +++ refpolicy-2.20210120/policy/modules/kernel/devices.if > @@ -3631,20 +3631,6 @@ interface(`dev_rw_pmqos',` > > ######################################## > ## > -## Read printk devices (e.g., /dev/kmsg /dev/mcelog) > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`dev_read_printk',` > - refpolicywarn(`$0() has been deprecated.') > -') > - > -######################################## > -## > ## Get the attributes of the QEMU > ## microcode and id interfaces. > ## > Index: refpolicy-2.20210120/policy/modules/kernel/mls.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/kernel/mls.if > +++ refpolicy-2.20210120/policy/modules/kernel/mls.if > @@ -849,22 +849,6 @@ interface(`mls_fd_share_all_levels',` > ######################################## > ## > ## Make specified domain MLS trusted > -## for translating contexts at all levels. (Deprecated) > -## > -## > -## > -## Domain allowed access. > -## > -## > -## > -# > -interface(`mls_context_translate_all_levels',` > - refpolicywarn(`$0($*) has been deprecated') > -') > - > -######################################## > -## > -## Make specified domain MLS trusted > ## for reading from databases at any level. > ## > ## > Index: refpolicy-2.20210120/policy/modules/services/vnstatd.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/services/vnstatd.if > +++ refpolicy-2.20210120/policy/modules/services/vnstatd.if > @@ -47,113 +47,6 @@ interface(`vnstatd_run_vnstat',` > > ######################################## > ## > -## Execute a domain transition to run vnstatd. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -# > -interface(`vnstatd_domtrans',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - type vnstatd_t, vnstatd_exec_t; > - ') > - > - corecmd_search_bin($1) > - domtrans_pattern($1, vnstatd_exec_t, vnstatd_t) > -') > - > -######################################## > -## > -## Search vnstatd lib directories. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`vnstatd_search_lib',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - type vnstatd_var_lib_t; > - ') > - > - files_search_var_lib($1) > - allow $1 vnstatd_var_lib_t:dir search_dir_perms; > -') > - > -######################################## > -## > -## Create, read, write, and delete > -## vnstatd lib directories. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`vnstatd_manage_lib_dirs',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - type vnstatd_var_lib_t; > - ') > - > - files_search_var_lib($1) > - manage_dirs_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) > -') > - > -######################################## > -## > -## Read vnstatd lib files. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`vnstatd_read_lib_files',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - type vnstatd_var_lib_t; > - ') > - > - files_search_var_lib($1) > - read_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) > -') > - > -######################################## > -## > -## Create, read, write, and delete > -## vnstatd lib files. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`vnstatd_manage_lib_files',` > - refpolicywarn(`$0($*) has been deprecated') > - > - gen_require(` > - type vnstatd_var_lib_t; > - ') > - > - files_search_var_lib($1) > - manage_files_pattern($1, vnstatd_var_lib_t, vnstatd_var_lib_t) > -') > - > -######################################## > -## > ## All of the rules required to > ## administrate an vnstatd environment. > ## > Index: refpolicy-2.20210120/policy/modules/services/xserver.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/services/xserver.if > +++ refpolicy-2.20210120/policy/modules/services/xserver.if > @@ -866,21 +866,6 @@ interface(`xserver_setsched_xdm',` > > ######################################## > ## > -## Create, read, write, and delete > -## xdm_spool files. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`xserver_manage_xdm_spool_files',` > - refpolicywarn(`$0() has been deprecated.') > -') > - > -######################################## > -## > ## Connect to XDM over a unix domain > ## stream socket. > ## > Index: refpolicy-2.20210120/policy/modules/system/init.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/system/init.if > +++ refpolicy-2.20210120/policy/modules/system/init.if > @@ -3038,22 +3038,6 @@ interface(`init_relabel_utmp',` > ## > ## > # > -interface(`init_pid_filetrans_utmp',` > - refpolicywarn(`$0($*) has been deprecated, please use init_runtime_filetrans_utmp() instead.') > - init_runtime_filetrans_utmp($1) > -') > - > -######################################## > -## > -## Create files in /var/run with the > -## utmp file type. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > interface(`init_runtime_filetrans_utmp',` > gen_require(` > type initrc_runtime_t; > @@ -3072,21 +3056,6 @@ interface(`init_runtime_filetrans_utmp', > ## > ## > # > -interface(`init_create_pid_dirs',` > - refpolicywarn(`$0($*) has been deprecated, please use init_create_runtime_dirs() instead.') > - init_create_runtime_dirs($1) > -') > - > -####################################### > -## > -## Create a directory in the /run/systemd directory. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > interface(`init_create_runtime_dirs',` > gen_require(` > type init_runtime_t; > @@ -3124,21 +3093,6 @@ interface(`init_read_runtime_files',` > ## > ## > # > -interface(`init_rename_pid_files',` > - refpolicywarn(`$0($*) has been deprecated, please use init_rename_runtime_files() instead.') > - init_rename_runtime_files($1) > -') > - > -######################################## > -## > -## Rename init_runtime_t files > -## > -## > -## > -## domain > -## > -## > -# > interface(`init_rename_runtime_files',` > gen_require(` > type init_runtime_t; > @@ -3175,21 +3129,6 @@ interface(`init_setattr_runtime_files',` > ## > ## > # > -interface(`init_delete_pid_files',` > - refpolicywarn(`$0($*) has been deprecated, please use init_delete_runtime_files() instead.') > - init_delete_runtime_files($1) > -') > - > -######################################## > -## > -## Delete init_runtime_t files > -## > -## > -## > -## domain > -## > -## > -# > interface(`init_delete_runtime_files',` > gen_require(` > type init_runtime_t; > @@ -3209,22 +3148,6 @@ interface(`init_delete_runtime_files',` > ## > ## > # > -interface(`init_write_pid_socket',` > - refpolicywarn(`$0($*) has been deprecated, please use init_write_runtime_socket() instead.') > - init_write_runtime_socket($1) > -') > - > -####################################### > -## > -## Allow the specified domain to write to > -## init sock file. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > interface(`init_write_runtime_socket',` > gen_require(` > type init_runtime_t; > @@ -3234,21 +3157,6 @@ interface(`init_write_runtime_socket',` > ') > > ######################################## > -## > -## Read init unnamed pipes. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`init_read_pid_pipes',` > - refpolicywarn(`$0($*) has been deprecated, please use init_read_runtime_pipes() instead.') > - init_read_runtime_pipes($1) > -') > - > -######################################## > ## > ## Read init unnamed pipes. > ## > Index: refpolicy-2.20210120/policy/modules/system/modutils.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/system/modutils.if > +++ refpolicy-2.20210120/policy/modules/system/modutils.if > @@ -207,190 +207,3 @@ interface(`modutils_exec',` > corecmd_search_bin($1) > can_exec($1, kmod_exec_t) > ') > - > -######################################## > -## > -## Unconditionally execute insmod in the insmod domain. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -# > -# cjp: this is added for pppd, due to nested > -# conditionals not working. > -interface(`modutils_domtrans_insmod_uncond',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.') > - modutils_domtrans($1) > -') > - > -######################################## > -## > -## Execute insmod in the insmod domain. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -# > -interface(`modutils_domtrans_insmod',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.') > - modutils_domtrans($1) > -') > - > -######################################## > -## > -## Execute insmod in the insmod domain, and > -## allow the specified role the insmod domain, > -## and use the caller's terminal. Has a sigchld > -## backchannel. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -## > -## > -## Role allowed access. > -## > -## > -## > -# > -interface(`modutils_run_insmod',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_run() instead.') > - modutils_run($1, $2) > -') > - > -######################################## > -## > -## Execute insmod in the caller domain. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`modutils_exec_insmod',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_exec() instead.') > - modutils_exec($1) > -') > - > -######################################## > -## > -## Execute depmod in the depmod domain. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -# > -interface(`modutils_domtrans_depmod',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.') > - modutils_domtrans($1) > -') > - > -######################################## > -## > -## Execute depmod in the depmod domain. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -## > -## > -## Role allowed access. > -## > -## > -## > -# > -interface(`modutils_run_depmod',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_run() instead.') > - modutils_run($1, $2) > -') > - > -######################################## > -## > -## Execute depmod in the caller domain. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`modutils_exec_depmod',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_exec() instead.') > - modutils_exec($1) > -') > - > -######################################## > -## > -## Execute update_modules in the update_modules domain. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -# > -interface(`modutils_domtrans_update_mods',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_domtrans() instead.') > - modutils_domtrans($1) > -') > - > -######################################## > -## > -## Execute update_modules in the update_modules domain. > -## > -## > -## > -## Domain allowed to transition. > -## > -## > -## > -## > -## Role allowed access. > -## > -## > -## > -# > -interface(`modutils_run_update_mods',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_run() instead.') > - modutils_run($1, $2) > -') > - > -######################################## > -## > -## Execute update_modules in the caller domain. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`modutils_exec_update_mods',` > - refpolicywarn(`$0($*) has been deprecated, please use modutils_exec() instead.') > - modutils_exec($1) > -') > - > -######################################## > -## > -## Read kmod lib files. > -## > -## > -## > -## Domain allowed access. > -## > -## > -# > -interface(`modutils_read_var_run_files',` > - refpolicywarn(`$0($*) has been deprecated.') > -') > Index: refpolicy-2.20210120/policy/modules/system/systemd.if > =================================================================== > --- refpolicy-2.20210120.orig/policy/modules/system/systemd.if > +++ refpolicy-2.20210120/policy/modules/system/systemd.if > @@ -376,21 +376,6 @@ interface(`systemd_dbus_chat_logind',` > > ######################################## > ## > -## Allow process to write to systemd_kmod_conf_t. > -## > -## > -## > -## Domain allowed access. > -## > -## > -## > -# > -interface(`systemd_write_kmod_files',` > - refpolicywarn(`$0($*) has been deprecated.') > -') > - > -######################################## > -## > ## Get the system status information from systemd_login > ## > ## > Index: refpolicy-2.20210120/policy/support/file_patterns.spt > =================================================================== > --- refpolicy-2.20210120.orig/policy/support/file_patterns.spt > +++ refpolicy-2.20210120/policy/support/file_patterns.spt > @@ -104,13 +104,6 @@ define(`mmap_read_files_pattern',` > allow $1 $3:file mmap_read_file_perms; > ') > > -define(`mmap_files_pattern',` > - # deprecated 20171213 > - refpolicywarn(`mmap_files_pattern() is deprecated, please use mmap_exec_files_pattern() instead') > - allow $1 $2:dir search_dir_perms; > - allow $1 $3:file mmap_exec_file_perms; > -') > - > define(`mmap_exec_files_pattern',` > allow $1 $2:dir search_dir_perms; > allow $1 $3:file mmap_exec_file_perms; > Index: refpolicy-2.20210120/policy/support/misc_patterns.spt > =================================================================== > --- refpolicy-2.20210120.orig/policy/support/misc_patterns.spt > +++ refpolicy-2.20210120/policy/support/misc_patterns.spt > @@ -12,12 +12,6 @@ define(`domain_transition_pattern',` > dontaudit $1 $3:process { noatsecure siginh rlimitinh }; > ') > > -# compatibility: Deprecated (20161201) > -define(`domain_trans',` > - refpolicywarn(`$0() has been deprecated, please use domain_transition_pattern() instead.') > - domain_transition_pattern($*) > -') > - > > # > # Specified domain transition patterns > @@ -49,12 +43,6 @@ define(`domain_auto_transition_pattern', > type_transition $1 $2:process $3; > ') > > -# compatibility: Deprecated (20161201) > -define(`domain_auto_trans',` > - refpolicywarn(`$0() has been deprecated, please use domain_auto_transition_pattern() instead.') > - domain_auto_transition_pattern($*) > -') > - > # > # Automatic domain transition patterns > # with feedback permissions > Index: refpolicy-2.20210120/policy/support/obj_perm_sets.spt > =================================================================== > --- refpolicy-2.20210120.orig/policy/support/obj_perm_sets.spt > +++ refpolicy-2.20210120/policy/support/obj_perm_sets.spt > @@ -150,11 +150,6 @@ define(`getattr_file_perms',`{ getattr } > define(`setattr_file_perms',`{ setattr }') > define(`read_inherited_file_perms',`{ getattr read lock ioctl }') > define(`read_file_perms',`{ getattr open read lock ioctl }') > -# deprecated 20171213 > -define(`mmap_file_perms',` > - { getattr open map read execute ioctl } > - refpolicywarn(`mmap_file_perms is deprecated, please use mmap_exec_file_perms instead') > -') > define(`mmap_read_inherited_file_perms',`{ getattr map read ioctl }') > define(`mmap_read_file_perms',`{ getattr open map read ioctl }') > define(`mmap_exec_inherited_file_perms',`{ getattr map read execute ioctl }') > -- Chris PeBenito