From: pebenito@ieee.org (Chris PeBenito) Date: Thu, 12 Apr 2018 18:46:53 -0400 Subject: [refpolicy] [PATCH 0/8] Fixes issues identified by spt_lint.lua to non-contrib In-Reply-To: <20180411185525.23486-1-jwcart2@tycho.nsa.gov> References: <20180411185525.23486-1-jwcart2@tycho.nsa.gov> Message-ID: To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 04/11/2018 02:55 PM, James Carter via refpolicy wrote: > The first seven patches cause no change in the final kernel policy, but the > last one does. > > Explanations for some of the patches. > > Patch 2: > spt_lint.lua looks for calls that have too many or too few arguments and it > parses the interface XML header looking for optional and unused parameters, > so by marking parameters that are unused as unused it will not falsely > report a problem. > > Patches 3-6: > These patches move file contexts to the module that actually declares > the type being used in the context. Patches 4 and 6 remove dependencies > from the base module on the init module in case of patch 4 and on > the userdomain module in the case of patch 6. Patches 3 and 5 remove > inter-module dependencies. > > Patch 7: > This patch fixes interfaces that are not used in the policy. It causes > no change in the final policy. > > Patch 8: > This patch changes the final kernel policy because the interface had > an undelcared type and the call to it was causing an optional block > with another call in it to be removed, but now that other call will > show up in the policy. Merged. > James Carter (8): > Removed unnecessary semicolons > Mark unused parameters as unused > Move the use of var_log_t from authlogin.fc to logging.fc > Move the use of initrc_var_run_t from files.fc to init.fc > Move use of systemd_unit_t from systemd.fc to init.fc > Move use of user_devpts_t from terminal.fc to userdomain.fc > Remove undeclared identifiers from interfaces > Remove undeclared identifiers from xserver interface > > policy/modules/kernel/corenetwork.if.in | 18 ++++++------------ > policy/modules/kernel/devices.if | 8 ++------ > policy/modules/kernel/files.fc | 5 ----- > policy/modules/kernel/terminal.fc | 1 - > policy/modules/services/xserver.if | 9 ++------- > policy/modules/system/authlogin.fc | 2 -- > policy/modules/system/init.fc | 3 +++ > policy/modules/system/ipsec.te | 24 ++++++++++++------------ > policy/modules/system/logging.fc | 2 ++ > policy/modules/system/logging.te | 2 +- > policy/modules/system/systemd.fc | 1 - > policy/modules/system/systemd.te | 8 ++++---- > policy/modules/system/userdomain.fc | 2 ++ > policy/modules/system/userdomain.if | 8 ++++---- > 14 files changed, 38 insertions(+), 55 deletions(-) > -- Chris PeBenito