From: jwcart2@tycho.nsa.gov (James Carter)
Date: Wed, 25 Apr 2012 10:25:49 -0400
Subject: [refpolicy] [PATCH 3/4 v2] Changed non-contrib policy to use the
 new non_auth_file_type interfaces
Message-ID: <1335363949.17855.32.camel@moss-lions.epoch.ncsc.mil>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Replaced calls to interfaces allowing access to all files except
auth_file_type files with calls to interfaces allowing access to
non_auth_file_type files.


Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
 policy/modules/kernel/kernel.te      |    8 ++++----
 policy/modules/roles/secadm.te       |    2 +-
 policy/modules/system/mount.te       |    4 ++--
 policy/modules/system/selinuxutil.te |    4 ++--
 policy/modules/system/userdomain.if  |    6 +++---
 5 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 8340ca8..0aea702 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -342,9 +342,9 @@ optional_policy(`
 		fs_read_noxattr_fs_files(kernel_t)
 		fs_read_noxattr_fs_symlinks(kernel_t)
 
-		auth_read_all_dirs_except_auth_files(kernel_t)
-		auth_read_all_files_except_auth_files(kernel_t)
-		auth_read_all_symlinks_except_auth_files(kernel_t)
+		files_list_non_auth_dirs(kernel_t)
+		files_read_non_auth_files(kernel_t)
+		files_read_non_auth_symlinks(kernel_t)
 	')
 
 	tunable_policy(`nfs_export_all_rw',`
@@ -353,7 +353,7 @@ optional_policy(`
 		fs_read_noxattr_fs_files(kernel_t)
 		fs_read_noxattr_fs_symlinks(kernel_t)
 
-		auth_manage_all_files_except_auth_files(kernel_t)
+		files_manage_non_auth_files(kernel_t)
 	')
 ')
 
diff --git a/policy/modules/roles/secadm.te b/policy/modules/roles/secadm.te
index 89ddeaa..63f22d5 100644
--- a/policy/modules/roles/secadm.te
+++ b/policy/modules/roles/secadm.te
@@ -30,7 +30,7 @@ mls_file_upgrade(secadm_t)
 mls_file_downgrade(secadm_t)
 
 auth_role(secadm_r, secadm_t)
-auth_relabel_all_files_except_auth_files(secadm_t)
+files_relabel_non_auth_files(secadm_t)
 auth_relabel_shadow(secadm_t)
 
 init_exec(secadm_t)
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index fba350b..b4e88d4 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -145,8 +145,8 @@ ifdef(`distro_ubuntu',`
 ')
 
 tunable_policy(`allow_mount_anyfile',`
-	auth_read_all_dirs_except_auth_files(mount_t)
-	auth_read_all_files_except_auth_files(mount_t)
+	files_list_non_auth_dirs(mount_t)
+	files_read_non_auth_files(mount_t)
 	files_mounton_non_security(mount_t)
 ')
 
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index ab78aea..2cc83fe 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -339,8 +339,8 @@ selinux_compute_create_context(restorecond_t)
 selinux_compute_relabel_context(restorecond_t)
 selinux_compute_user_contexts(restorecond_t)
 
-auth_relabel_all_files_except_auth_files(restorecond_t )
-auth_read_all_files_except_auth_files(restorecond_t)
+files_relabel_non_auth_files(restorecond_t )
+files_read_non_auth_files(restorecond_t)
 auth_use_nsswitch(restorecond_t)
 
 locallogin_dontaudit_use_fds(restorecond_t)
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index a6b2f79..a094ec7 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1134,9 +1134,9 @@ template(`userdom_admin_user_template',`
 
 	auth_getattr_shadow($1_t)
 	# Manage almost all files
-	auth_manage_all_files_except_auth_files($1_t)
+	files_manage_non_auth_files($1_t)
 	# Relabel almost all files
-	auth_relabel_all_files_except_auth_files($1_t)
+	files_relabel_non_auth_files($1_t)
 
 	init_telinit($1_t)
 
@@ -1224,7 +1224,7 @@ template(`userdom_security_admin_template',`
 	selinux_set_all_booleans($1)
 	selinux_set_parameters($1)
 
-	auth_relabel_all_files_except_auth_files($1)
+	files_relabel_non_auth_files($1)
 	auth_relabel_shadow($1)
 
 	init_exec($1)
-- 
1.7.7.6