From: jwcart2@tycho.nsa.gov (James Carter)
Date: Wed, 11 Apr 2018 14:57:12 -0400
Subject: [refpolicy] [PATCH 12/13] Fix interfaces that use an undeclared
	identifier
Message-ID: <20180411185712.23720-1-jwcart2@tycho.nsa.gov>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

All the interfaces below were always being removed because of unmet requires.

ccs.if:ccs_admin()
  Use cluster_conf_t instead of ccs_conf_t.
  Called in roles/sysadm.te.

cfengine.if:cfengine_dontaudit_write_log_files()
  Use cfengine_log_t instead of cfengine_var_log_t.
  Called in contrib/sendmail.te.

cobbler.if:cobbler_admin()
  Use cobbler_content_t instead of httpd_cobbler_content_t,
  httpd_cobbler_content_ra_t, and httpd_cobbler_content_rw_t.
  Called in roles/sysadm.te.

cron.if:cron_manage_system_spool()
  Use system_cron_spool_t instead of cron_system_spool_t.
  Called in system/init.te.

rpm.if:rpm_admin()
  Use rpm_var_cache_t instead of rpm_cache_t.
  Called in roles/sysadm.te

sssd.if:sssd_admin()
  Use sssd_var_log_t instead of sssd_log_t.
  Called in roles/sysadm.te

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
---
 ccs.if      | 4 ++--
 cfengine.if | 4 ++--
 cobbler.if  | 6 +++---
 cron.if     | 4 ++--
 rpm.if      | 4 ++--
 sssd.if     | 4 ++--
 6 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/ccs.if b/ccs.if
index 92f67fa..767fb71 100644
--- a/ccs.if
+++ b/ccs.if
@@ -99,7 +99,7 @@ interface(`ccs_admin',`
 	gen_require(`
 		type ccs_t, ccs_initrc_exec_t, cluster_conf_t;
 		type ccs_var_lib_t, ccs_var_log_t;
-		type ccs_var_run_t, ccs_tmp_t, ccs_conf_t;
+		type ccs_var_run_t, ccs_tmp_t;
 	')
 
 	allow $1 ccs_t:process { ptrace signal_perms };
@@ -108,7 +108,7 @@ interface(`ccs_admin',`
 	init_startstop_service($1, $2, ccs_t, ccs_initrc_exec_t)
 
 	files_search_etc($1)
-	admin_pattern($1, ccs_conf_t)
+	admin_pattern($1, cluster_conf_t)
 
 	files_search_var_lib($1)
 	admin_pattern($1, ccs_var_lib_t)
diff --git a/cfengine.if b/cfengine.if
index fdef5f3..ff0b003 100644
--- a/cfengine.if
+++ b/cfengine.if
@@ -65,10 +65,10 @@ interface(`cfengine_read_lib_files',`
 #
 interface(`cfengine_dontaudit_write_log_files',`
 	gen_require(`
-		type cfengine_var_log_t;
+		type cfengine_log_t;
 	')
 
-	dontaudit $1 cfengine_var_log_t:file write_file_perms;
+	dontaudit $1 cfengine_log_t:file write_file_perms;
 ')
 
 ########################################
diff --git a/cobbler.if b/cobbler.if
index 40f8999..6c6b575 100644
--- a/cobbler.if
+++ b/cobbler.if
@@ -154,8 +154,8 @@ interface(`cobbler_manage_lib_files',`
 interface(`cobbler_admin',`
 	gen_require(`
 		type cobblerd_t, cobbler_var_lib_t, cobbler_var_log_t;
-		type cobbler_etc_t, cobblerd_initrc_exec_t, httpd_cobbler_content_t;
-		type httpd_cobbler_content_ra_t, httpd_cobbler_content_rw_t, cobbler_tmp_t;
+		type cobbler_etc_t, cobblerd_initrc_exec_t, cobbler_content_t;
+		type cobbler_tmp_t;
 	')
 
 	allow $1 cobblerd_t:process { ptrace signal_perms };
@@ -176,5 +176,5 @@ interface(`cobbler_admin',`
 	admin_pattern($1, cobbler_var_log_t)
 
 	apache_search_sys_content($1)
-	admin_pattern($1, { httpd_cobbler_content_t httpd_cobbler_content_ra_t httpd_cobbler_content_rw_t })
+	admin_pattern($1, cobbler_content_t)
 ')
diff --git a/cron.if b/cron.if
index 23bd141..d40848a 100644
--- a/cron.if
+++ b/cron.if
@@ -699,11 +699,11 @@ interface(`cron_use_system_job_fds',`
 #
 interface(`cron_manage_system_spool',`
 	gen_require(`
-		type cron_system_spool_t;
+		type system_cron_spool_t;
 	')
 
 	files_search_spool($1)
-	manage_files_pattern($1, cron_system_spool_t, cron_system_spool_t)
+	manage_files_pattern($1, system_cron_spool_t, system_cron_spool_t)
 ')
 
 ########################################
diff --git a/rpm.if b/rpm.if
index 016cdb2..d316410 100644
--- a/rpm.if
+++ b/rpm.if
@@ -613,7 +613,7 @@ interface(`rpm_pid_filetrans_rpm_pid',`
 interface(`rpm_admin',`
 	gen_require(`
 		type rpm_t, rpm_script_t, rpm_initrc_exec_t;
-		type rpm_cache_t, rpm_var_lib_t, rpm_lock_t;
+		type rpm_var_cache_t, rpm_var_lib_t, rpm_lock_t;
 		type rpm_log_t, rpm_tmpfs_t, rpm_tmp_t, rpm_var_run_t;
 		type rpm_script_tmp_t, rpm_script_tmpfs_t, rpm_file_t;
 	')
@@ -626,7 +626,7 @@ interface(`rpm_admin',`
 	admin_pattern($1, rpm_file_t)
 
 	files_list_var($1)
-	admin_pattern($1, rpm_cache_t)
+	admin_pattern($1, rpm_var_cache_t)
 
 	files_list_tmp($1)
 	admin_pattern($1, { rpm_tmp_t rpm_script_tmp_t })
diff --git a/sssd.if b/sssd.if
index e1b4cb0..bdb7f88 100644
--- a/sssd.if
+++ b/sssd.if
@@ -336,7 +336,7 @@ interface(`sssd_admin',`
 	gen_require(`
 		type sssd_t, sssd_public_t, sssd_initrc_exec_t;
 		type sssd_var_lib_t, sssd_var_run_t, sssd_conf_t;
-		type sssd_log_t;
+		type sssd_var_log_t;
 	')
 
 	allow $1 sssd_t:process { ptrace signal_perms };
@@ -354,5 +354,5 @@ interface(`sssd_admin',`
 	admin_pattern($1, sssd_var_run_t)
 
 	logging_search_logs($1)
-	admin_pattern($1, sssd_log_t)
+	admin_pattern($1, sssd_var_log_t)
 ')
-- 
2.13.6