From: guido@trentalancia.com (Guido Trentalancia)
Date: Wed, 21 Jun 2017 18:25:09 +0200
Subject: [refpolicy] [PATCH] userdomain: rename USB write boolean
In-Reply-To: <20170621182333.2daefc16@vega.skynet.aixah.de>
References: <1498058933.4583.3.camel@trentalancia.com>
	<20170621182333.2daefc16@vega.skynet.aixah.de>
Message-ID: <1498062309.4583.5.camel@trentalancia.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The interface that is called enables writing to USB devices and nothing
else.

On Wed, 21/06/2017 at 18.23 +0200, Luis Ressel wrote:
> On Wed, 21 Jun 2017 17:28:53 +0200
> Guido Trentalancia via refpolicy <refpolicy@oss.tresys.com> wrote:
> 
> > Rename a userdomain boolean to a more meaningful name
> > and improve its description.
> > 
> > Signed-off-by: Guido Trentalancia <guido@trentalancia.com>
> > ---
> >  policy/modules/system/userdomain.if |    4 ++--
> >  policy/modules/system/userdomain.te |    6 +++---
> >  2 files changed, 5 insertions(+), 5 deletions(-)
> > 
> > diff -pru a/policy/modules/system/userdomain.if
> > b/policy/modules/system/userdomain.if ---
> > a/policy/modules/system/userdomain.if	2017-04-26
> > 17:47:14.081423048 +0200 +++
> > b/policy/modules/system/userdomain.if	2017-06-21
> > 17:12:39.854541009 +0200 @@ -598,7 +598,7 @@
> > template(`userdom_common_user_template',
> > seutil_dontaudit_signal_newrole($1_t) ifndef(`enable_mls',`
> > -		tunable_policy(`user_write_removable',`
> > +		tunable_policy(`user_write_usb',`
> 
> How on earth is this new name more "meaningful"? If anything, it is
> *misleading*. removable_t isn't only used for usb storage devices,
> but
> also for CDs, mmcblk's and various other stuff.
> 
> Cheers,
> Luis