From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Wed, 5 Sep 2012 13:49:35 -0400
Subject: [refpolicy] [PATCH 1/9] Mark use of deprecated interfaces that
 are not providing replacement as errors
In-Reply-To: <1346794648-27101-1-git-send-email-bigon@debian.org>
References: <1346794648-27101-1-git-send-email-bigon@debian.org>
Message-ID: <504790AF.6070707@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 09/04/12 17:37, Laurent Bigonville wrote:
> From: Laurent Bigonville <bigon@bigon.be>
> 
> ---
>  bind.if        |    2 +-
>  bluetooth.if   |    4 ++--
>  cups.if        |    2 +-
>  dictd.if       |    2 +-
>  finger.if      |    2 +-
>  ftp.if         |    2 +-
>  i18n_input.if  |    2 +-
>  inetd.if       |    4 ++--
>  jabber.if      |    2 +-
>  ldap.if        |    2 +-
>  mta.if         |    2 +-
>  nessus.if      |    2 +-
>  nis.if         |    4 ++--
>  nsd.if         |    4 ++--
>  perdition.if   |    2 +-
>  portmap.if     |    6 +++---
>  radius.if      |    2 +-
>  rpc.if         |    4 ++--
>  snmp.if        |    4 ++--
>  soundserver.if |    2 +-
>  squid.if       |    2 +-
>  21 files changed, 29 insertions(+), 29 deletions(-)

I can see why you'd want to do this as a distribution, but for upstream, I'd prefer to keep it a warning.  I'd be open to a patch that created a build option that would turn warnings into errors, like -Werror for gcc.

> diff --git a/bind.if b/bind.if
> index 44a1e3d..b5e0ea5 100644
> --- a/bind.if
> +++ b/bind.if
> @@ -336,7 +336,7 @@ interface(`bind_manage_zone',`
>  ## </param>
>  #
>  interface(`bind_udp_chat_named',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/bluetooth.if b/bluetooth.if
> index 3e45431..f232b3b 100644
> --- a/bluetooth.if
> +++ b/bluetooth.if
> @@ -126,7 +126,7 @@ interface(`bluetooth_dbus_chat',`
>  ## </param>
>  #
>  interface(`bluetooth_domtrans_helper',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -152,7 +152,7 @@ interface(`bluetooth_domtrans_helper',`
>  ## <rolecap/>
>  #
>  interface(`bluetooth_run_helper',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/cups.if b/cups.if
> index 305ddf4..56cb53f 100644
> --- a/cups.if
> +++ b/cups.if
> @@ -75,7 +75,7 @@ interface(`cups_stream_connect',`
>  ## </param>
>  #
>  interface(`cups_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/dictd.if b/dictd.if
> index a0d23ce..7650335 100644
> --- a/dictd.if
> +++ b/dictd.if
> @@ -12,7 +12,7 @@
>  ## </param>
>  #
>  interface(`dictd_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/finger.if b/finger.if
> index b5dd671..9bbb169 100644
> --- a/finger.if
> +++ b/finger.if
> @@ -29,5 +29,5 @@ interface(`finger_domtrans',`
>  ## </param>
>  #
>  interface(`finger_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
> diff --git a/ftp.if b/ftp.if
> index 9d3201b..3d29482 100644
> --- a/ftp.if
> +++ b/ftp.if
> @@ -29,7 +29,7 @@ interface(`ftp_dyntrans_anon_sftpd',`
>  ## </param>
>  #
>  interface(`ftp_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/i18n_input.if b/i18n_input.if
> index bc7de4f..bd85f3b 100644
> --- a/i18n_input.if
> +++ b/i18n_input.if
> @@ -11,5 +11,5 @@
>  ## </param>
>  #
>  interface(`i18n_use',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
> diff --git a/inetd.if b/inetd.if
> index df48e5e..75a7539 100644
> --- a/inetd.if
> +++ b/inetd.if
> @@ -150,7 +150,7 @@ interface(`inetd_use_fds',`
>  ## </param>
>  #
>  interface(`inetd_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -183,7 +183,7 @@ interface(`inetd_domtrans_child',`
>  ## </param>
>  #
>  interface(`inetd_udp_send',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/jabber.if b/jabber.if
> index 9878499..00f78ed 100644
> --- a/jabber.if
> +++ b/jabber.if
> @@ -11,7 +11,7 @@
>  ## </param>
>  #
>  interface(`jabber_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/ldap.if b/ldap.if
> index d6b7b2d..5585d7d 100644
> --- a/ldap.if
> +++ b/ldap.if
> @@ -50,7 +50,7 @@ interface(`ldap_read_config',`
>  ## </param>
>  #
>  interface(`ldap_use',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/mta.if b/mta.if
> index 4e2a5ba..f5b7fcd 100644
> --- a/mta.if
> +++ b/mta.if
> @@ -587,7 +587,7 @@ interface(`mta_dontaudit_rw_delivery_tcp_sockets',`
>  ## </param>
>  #
>  interface(`mta_tcp_connect_all_mailservers',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  #######################################
> diff --git a/nessus.if b/nessus.if
> index 6ec8003..edc4d91 100644
> --- a/nessus.if
> +++ b/nessus.if
> @@ -11,5 +11,5 @@
>  ## </param>
>  #
>  interface(`nessus_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
> diff --git a/nis.if b/nis.if
> index abe3f7f..1430352 100644
> --- a/nis.if
> +++ b/nis.if
> @@ -205,7 +205,7 @@ interface(`nis_list_var_yp',`
>  ## </param>
>  #
>  interface(`nis_udp_send_ypbind',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -219,7 +219,7 @@ interface(`nis_udp_send_ypbind',`
>  ## </param>
>  #
>  interface(`nis_tcp_connect_ypbind',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/nsd.if b/nsd.if
> index a1371d5..5142540 100644
> --- a/nsd.if
> +++ b/nsd.if
> @@ -11,7 +11,7 @@
>  ## </param>
>  #
>  interface(`nsd_udp_chat',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -25,5 +25,5 @@ interface(`nsd_udp_chat',`
>  ## </param>
>  #
>  interface(`nsd_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
> diff --git a/perdition.if b/perdition.if
> index 2b0bd64..8919276 100644
> --- a/perdition.if
> +++ b/perdition.if
> @@ -11,5 +11,5 @@
>  ## </param>
>  #
>  interface(`perdition_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
> diff --git a/portmap.if b/portmap.if
> index 374afcf..f0484c3 100644
> --- a/portmap.if
> +++ b/portmap.if
> @@ -57,7 +57,7 @@ interface(`portmap_run_helper',`
>  ## </param>
>  #
>  interface(`portmap_udp_send',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -71,7 +71,7 @@ interface(`portmap_udp_send',`
>  ## </param>
>  #
>  interface(`portmap_udp_chat',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -85,5 +85,5 @@ interface(`portmap_udp_chat',`
>  ## </param>
>  #
>  interface(`portmap_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
> diff --git a/radius.if b/radius.if
> index 75e5dc4..9b35194 100644
> --- a/radius.if
> +++ b/radius.if
> @@ -11,7 +11,7 @@
>  ## </param>
>  #
>  interface(`radius_use',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/rpc.if b/rpc.if
> index dddabcf..a8a31b7 100644
> --- a/rpc.if
> +++ b/rpc.if
> @@ -133,7 +133,7 @@ template(`rpc_domain_template', `
>  ## </param>
>  #
>  interface(`rpc_udp_send',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -374,7 +374,7 @@ interface(`rpc_udp_rw_nfs_sockets',`
>  ## </param>
>  #
>  interface(`rpc_udp_send_nfs',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/snmp.if b/snmp.if
> index 275f9fb..f143171 100644
> --- a/snmp.if
> +++ b/snmp.if
> @@ -30,7 +30,7 @@ interface(`snmp_stream_connect',`
>  ## </param>
>  #
>  interface(`snmp_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> @@ -44,7 +44,7 @@ interface(`snmp_tcp_connect',`
>  ## </param>
>  #
>  interface(`snmp_udp_chat',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/soundserver.if b/soundserver.if
> index 93fe7bf..d27ebc5 100644
> --- a/soundserver.if
> +++ b/soundserver.if
> @@ -11,7 +11,7 @@
>  ## </param>
>  #
>  interface(`soundserver_tcp_connect',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> diff --git a/squid.if b/squid.if
> index d2496bd..de25872 100644
> --- a/squid.if
> +++ b/squid.if
> @@ -184,7 +184,7 @@ interface(`squid_manage_logs',`
>  ## </param>
>  #
>  interface(`squid_use',`
> -	refpolicywarn(`$0($*) has been deprecated.')
> +	refpolicyerr(`$0($*) has been deprecated.')
>  ')
>  
>  ########################################
> 


-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com