From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 12 Jul 2010 14:00:30 -0400
Subject: [refpolicy] [ userdom_user_home_content patch 1/1] Add
 files_poly_member() to userdom_user_home_content() Remove redundant
 files_poly_member() calls.
In-Reply-To: <20100709132923.GA7115@localhost.localdomain>
References: <20100709132923.GA7115@localhost.localdomain>
Message-ID: <4C3B583E.6060304@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 07/09/10 09:29, Dominick Grift wrote:
> Signed-off-by: Dominick Grift<domg472@gmail.com>

Merged.

> ---
> :100644 100644 db570f6... f294491... M	policy/modules/apps/evolution.te
> :100644 100644 4204eec... 5bb9e30... M	policy/modules/apps/gift.te
> :100644 100644 62631ec... ebcd681... M	policy/modules/apps/mozilla.te
> :100644 100644 da32014... 82c4a54... M	policy/modules/apps/mplayer.te
> :100644 100644 c4e581e... 6f08115... M	policy/modules/apps/thunderbird.te
> :100644 100644 acc7244... d736572... M	policy/modules/apps/tvtime.te
> :100644 100644 3c43106... 31bbf17... M	policy/modules/apps/wireshark.te
> :100644 100644 7629cf8... e4ecbbd... M	policy/modules/services/razor.te
> :100644 100644 438dab7... b6a8919... M	policy/modules/services/spamassassin.te
> :100644 100644 4566008... d2b2626... M	policy/modules/services/xserver.te
> :100644 100644 c7c83c4... a3135e6... M	policy/modules/system/userdomain.if
>   policy/modules/apps/evolution.te        |    1 -
>   policy/modules/apps/gift.te             |    1 -
>   policy/modules/apps/mozilla.te          |    1 -
>   policy/modules/apps/mplayer.te          |    1 -
>   policy/modules/apps/thunderbird.te      |    1 -
>   policy/modules/apps/tvtime.te           |    1 -
>   policy/modules/apps/wireshark.te        |    1 -
>   policy/modules/services/razor.te        |    1 -
>   policy/modules/services/spamassassin.te |    1 -
>   policy/modules/services/xserver.te      |    2 --
>   policy/modules/system/userdomain.if     |    1 +
>   11 files changed, 1 insertions(+), 11 deletions(-)
>
> diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
> index db570f6..f294491 100644
> --- a/policy/modules/apps/evolution.te
> +++ b/policy/modules/apps/evolution.te
> @@ -59,7 +59,6 @@ ubac_constrained(evolution_exchange_orbit_tmp_t)
>   type evolution_home_t;
>   typealias evolution_home_t alias { user_evolution_home_t staff_evolution_home_t sysadm_evolution_home_t };
>   typealias evolution_home_t alias { auditadm_evolution_home_t secadm_evolution_home_t };
> -files_poly_member(evolution_home_t)
>   userdom_user_home_content(evolution_home_t)
>
>   type evolution_orbit_tmp_t;
> diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te
> index 4204eec..5bb9e30 100644
> --- a/policy/modules/apps/gift.te
> +++ b/policy/modules/apps/gift.te
> @@ -15,7 +15,6 @@ ubac_constrained(gift_t)
>   type gift_home_t;
>   typealias gift_home_t alias { user_gift_home_t staff_gift_home_t sysadm_gift_home_t };
>   typealias gift_home_t alias { auditadm_gift_home_t secadm_gift_home_t };
> -files_poly_member(gift_home_t)
>   userdom_user_home_content(gift_home_t)
>
>   type gift_tmpfs_t;
> diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
> index 62631ec..ebcd681 100644
> --- a/policy/modules/apps/mozilla.te
> +++ b/policy/modules/apps/mozilla.te
> @@ -25,7 +25,6 @@ files_config_file(mozilla_conf_t)
>   type mozilla_home_t;
>   typealias mozilla_home_t alias { user_mozilla_home_t staff_mozilla_home_t sysadm_mozilla_home_t };
>   typealias mozilla_home_t alias { auditadm_mozilla_home_t secadm_mozilla_home_t };
> -files_poly_member(mozilla_home_t)
>   userdom_user_home_content(mozilla_home_t)
>
>   type mozilla_tmpfs_t;
> diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
> index da32014..82c4a54 100644
> --- a/policy/modules/apps/mplayer.te
> +++ b/policy/modules/apps/mplayer.te
> @@ -32,7 +32,6 @@ files_config_file(mplayer_etc_t)
>   type mplayer_home_t;
>   typealias mplayer_home_t alias { user_mplayer_home_t staff_mplayer_home_t sysadm_mplayer_home_t };
>   typealias mplayer_home_t alias { auditadm_mplayer_home_t secadm_mplayer_home_t };
> -files_poly_member(mplayer_home_t)
>   userdom_user_home_content(mplayer_home_t)
>
>   type mplayer_tmpfs_t;
> diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te
> index c4e581e..6f08115 100644
> --- a/policy/modules/apps/thunderbird.te
> +++ b/policy/modules/apps/thunderbird.te
> @@ -15,7 +15,6 @@ ubac_constrained(thunderbird_t)
>   type thunderbird_home_t;
>   typealias thunderbird_home_t alias { user_thunderbird_home_t staff_thunderbird_home_t sysadm_thunderbird_home_t };
>   typealias thunderbird_home_t alias { auditadm_thunderbird_home_t secadm_thunderbird_home_t };
> -files_poly_member(thunderbird_home_t)
>   userdom_user_home_content(thunderbird_home_t)
>
>   type thunderbird_tmpfs_t;
> diff --git a/policy/modules/apps/tvtime.te b/policy/modules/apps/tvtime.te
> index acc7244..d736572 100644
> --- a/policy/modules/apps/tvtime.te
> +++ b/policy/modules/apps/tvtime.te
> @@ -16,7 +16,6 @@ type tvtime_home_t alias tvtime_rw_t;
>   typealias tvtime_home_t alias { user_tvtime_home_t staff_tvtime_home_t sysadm_tvtime_home_t };
>   typealias tvtime_home_t alias { auditadm_tvtime_home_t secadm_tvtime_home_t };
>   userdom_user_home_content(tvtime_home_t)
> -files_poly_member(tvtime_home_t)
>
>   type tvtime_tmp_t;
>   typealias tvtime_tmp_t alias { user_tvtime_tmp_t staff_tvtime_tmp_t sysadm_tvtime_tmp_t };
> diff --git a/policy/modules/apps/wireshark.te b/policy/modules/apps/wireshark.te
> index 3c43106..31bbf17 100644
> --- a/policy/modules/apps/wireshark.te
> +++ b/policy/modules/apps/wireshark.te
> @@ -15,7 +15,6 @@ ubac_constrained(wireshark_t)
>   type wireshark_home_t;
>   typealias wireshark_home_t alias { user_wireshark_home_t staff_wireshark_home_t sysadm_wireshark_home_t };
>   typealias wireshark_home_t alias { auditadm_wireshark_home_t secadm_wireshark_home_t };
> -files_poly_member(wireshark_home_t)
>   userdom_user_home_content(wireshark_home_t)
>
>   type wireshark_tmp_t;
> diff --git a/policy/modules/services/razor.te b/policy/modules/services/razor.te
> index 7629cf8..e4ecbbd 100644
> --- a/policy/modules/services/razor.te
> +++ b/policy/modules/services/razor.te
> @@ -14,7 +14,6 @@ files_config_file(razor_etc_t)
>   type razor_home_t;
>   typealias razor_home_t alias { user_razor_home_t staff_razor_home_t sysadm_razor_home_t };
>   typealias razor_home_t alias { auditadm_razor_home_t secadm_razor_home_t };
> -files_poly_member(razor_home_t)
>   userdom_user_home_content(razor_home_t)
>
>   type razor_log_t;
> diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
> index 438dab7..b6a8919 100644
> --- a/policy/modules/services/spamassassin.te
> +++ b/policy/modules/services/spamassassin.te
> @@ -30,7 +30,6 @@ type spamassassin_home_t;
>   typealias spamassassin_home_t alias { user_spamassassin_home_t staff_spamassassin_home_t sysadm_spamassassin_home_t };
>   typealias spamassassin_home_t alias { auditadm_spamassassin_home_t secadm_spamassassin_home_t };
>   userdom_user_home_content(spamassassin_home_t)
> -files_poly_member(spamassassin_home_t)
>
>   type spamassassin_tmp_t;
>   typealias spamassassin_tmp_t alias { user_spamassassin_tmp_t staff_spamassassin_tmp_t sysadm_spamassassin_tmp_t };
> diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
> index 4566008..d2b2626 100644
> --- a/policy/modules/services/xserver.te
> +++ b/policy/modules/services/xserver.te
> @@ -131,7 +131,6 @@ ubac_constrained(iceauth_t)
>   type iceauth_home_t;
>   typealias iceauth_home_t alias { user_iceauth_home_t staff_iceauth_home_t sysadm_iceauth_home_t };
>   typealias iceauth_home_t alias { auditadm_iceauth_home_t secadm_iceauth_home_t };
> -files_poly_member(iceauth_home_t)
>   userdom_user_home_content(iceauth_home_t)
>
>   type xauth_t;
> @@ -144,7 +143,6 @@ ubac_constrained(xauth_t)
>   type xauth_home_t;
>   typealias xauth_home_t alias { user_xauth_home_t staff_xauth_home_t sysadm_xauth_home_t };
>   typealias xauth_home_t alias { auditadm_xauth_home_t secadm_xauth_home_t };
> -files_poly_member(xauth_home_t)
>   userdom_user_home_content(xauth_home_t)
>
>   type xauth_tmp_t;
> diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
> index c7c83c4..a3135e6 100644
> --- a/policy/modules/system/userdomain.if
> +++ b/policy/modules/system/userdomain.if
> @@ -1280,6 +1280,7 @@ interface(`userdom_user_home_content',`
>
>   	allow $1 user_home_t:filesystem associate;
>   	files_type($1)
> +	files_poly_member($1)
>   	ubac_constrained($1)
>   ')
>
>
>
>
> _______________________________________________
> refpolicy mailing list
> refpolicy at oss.tresys.com
> http://oss.tresys.com/mailman/listinfo/refpolicy


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com