Replaced calls to interfaces allowing access to all files except
auth_file_type files with calls to interfaces allowing access to
non_auth_file_type files.
Signed-off-by: James Carter <[email protected]>
---
policy/modules/kernel/kernel.te | 8 ++++----
policy/modules/roles/secadm.te | 2 +-
policy/modules/system/mount.te | 4 ++--
policy/modules/system/selinuxutil.te | 4 ++--
policy/modules/system/userdomain.if | 6 +++---
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 8340ca8..0aea702 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -342,9 +342,9 @@ optional_policy(`
fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t)
- auth_read_all_dirs_except_auth_files(kernel_t)
- auth_read_all_files_except_auth_files(kernel_t)
- auth_read_all_symlinks_except_auth_files(kernel_t)
+ files_list_non_auth_dirs(kernel_t)
+ files_read_non_auth_files(kernel_t)
+ files_read_non_auth_symlinks(kernel_t)
')
tunable_policy(`nfs_export_all_rw',`
@@ -353,7 +353,7 @@ optional_policy(`
fs_read_noxattr_fs_files(kernel_t)
fs_read_noxattr_fs_symlinks(kernel_t)
- auth_manage_all_files_except_auth_files(kernel_t)
+ files_manage_non_auth_files(kernel_t)
')
')
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
index 89ddeaa..63f22d5 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -30,7 +30,7 @@ mls_file_upgrade(secadm_t)
mls_file_downgrade(secadm_t)
auth_role(secadm_r, secadm_t)
-auth_relabel_all_files_except_auth_files(secadm_t)
+files_relabel_non_auth_files(secadm_t)
auth_relabel_shadow(secadm_t)
init_exec(secadm_t)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index fba350b..b4e88d4 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -145,8 +145,8 @@ ifdef(`distro_ubuntu',`
')
tunable_policy(`allow_mount_anyfile',`
- auth_read_all_dirs_except_auth_files(mount_t)
- auth_read_all_files_except_auth_files(mount_t)
+ files_list_non_auth_dirs(mount_t)
+ files_read_non_auth_files(mount_t)
files_mounton_non_security(mount_t)
')
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index ab78aea..2cc83fe 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -339,8 +339,8 @@ selinux_compute_create_context(restorecond_t)
selinux_compute_relabel_context(restorecond_t)
selinux_compute_user_contexts(restorecond_t)
-auth_relabel_all_files_except_auth_files(restorecond_t )
-auth_read_all_files_except_auth_files(restorecond_t)
+files_relabel_non_auth_files(restorecond_t )
+files_read_non_auth_files(restorecond_t)
auth_use_nsswitch(restorecond_t)
locallogin_dontaudit_use_fds(restorecond_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index a6b2f79..a094ec7 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1134,9 +1134,9 @@ template(`userdom_admin_user_template',`
auth_getattr_shadow($1_t)
# Manage almost all files
- auth_manage_all_files_except_auth_files($1_t)
+ files_manage_non_auth_files($1_t)
# Relabel almost all files
- auth_relabel_all_files_except_auth_files($1_t)
+ files_relabel_non_auth_files($1_t)
init_telinit($1_t)
@@ -1224,7 +1224,7 @@ template(`userdom_security_admin_template',`
selinux_set_all_booleans($1)
selinux_set_parameters($1)
- auth_relabel_all_files_except_auth_files($1)
+ files_relabel_non_auth_files($1)
auth_relabel_shadow($1)
init_exec($1)
--
1.7.7.6