From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 12 Apr 2018 18:47:10 -0400
Subject: [refpolicy] [PATCH 00/13] Fix issues identified by spt_lint.lua
 to contrib
In-Reply-To: <20180411185639.23547-1-jwcart2@tycho.nsa.gov>
References: <20180411185639.23547-1-jwcart2@tycho.nsa.gov>
Message-ID: <81af43c4-f0a6-6d73-d422-ab0bf4afc4c9@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 04/11/2018 02:56 PM, James Carter via refpolicy wrote:
> The first nine patches cause no change in the final kernel policy.
> The last four do because they fix interfaces that were always being
> removed because they required an undeclared identifier.
> 
> Explanations for some of the patches.
> 
> Patches 2 and 3:
> spt_lint.lua looks for calls that have too many or too few arguments and
> it parses the interface XML header looking for optional and unused
> parameters, so by marking parameters that are unused as unused it will
> not report a problem.
> 
> Patches 5 and 6:
> spt_lint.lua will report a problem when a type is used in a module other
> than the one that it is declared in. Enforcing this helps reduce the
> amount of inter-module dependencies.
> 
> Patches 7 - 9:
> These patches fix interfaces that are not used in the policy. This is why
> they do not change the final policy.
> 
> Patches 10 - 13:
> These patches fix intefaces (or interface call) that are used in the policy.
> These do cause a change in the final policy.

Merged.


> James Carter (13):
>    Remove unnecessary semicolons
>    Mark unused parameter as unused
>    Add unused parameter and mark as unused
>    Remove use of undeclared attribute from portage.te
>    Move use of httpd_t from mojomojo.te to apache.te
>    Move use of sendmail_exec_t from sendmail.te to mta.te
>    Fix typos in identifier names
>    Remove undeclared identifiers from shorewall interfaces
>    Fix interfaces that use an undeclared identifier
>    Fix typos in identifier names
>    Remove undeclared identifiers from interfaces
>    Fix interfaces that use an undeclared identifier
>    Removed call to deprecated interface xserver_manage_xdm_spool_files()
> 
>   accountsd.if      |  2 +-
>   alsa.te           |  2 +-
>   apache.if         | 19 +++++++++++++++++++
>   bugzilla.if       |  2 +-
>   ccs.if            |  4 ++--
>   cfengine.if       |  4 ++--
>   cobbler.if        |  6 +++---
>   cron.if           |  4 ++--
>   cups.if           |  3 +--
>   dbus.if           |  2 +-
>   devicekit.if      |  2 +-
>   djbdns.if         |  4 ++--
>   dspam.if          |  4 ++--
>   evolution.if      |  2 +-
>   firewalld.if      |  4 ++--
>   ftp.te            |  2 +-
>   kismet.if         |  4 ++--
>   lsm.if            |  2 +-
>   mojomojo.te       |  2 +-
>   mta.if            | 19 +++++++++++++++++++
>   obex.if           |  2 +-
>   plymouthd.if      |  2 +-
>   plymouthd.te      |  1 -
>   portage.te        |  2 --
>   qemu.te           |  2 +-
>   rabbitmq.if       |  6 ++++--
>   rpm.if            |  4 ++--
>   rsync.if          |  2 +-
>   samba.if          |  3 +--
>   samhain.if        |  2 +-
>   sectoolm.if       |  2 +-
>   sendmail.te       |  3 ++-
>   setroubleshoot.if |  5 +++++
>   shorewall.if      | 14 ++------------
>   sosreport.if      |  2 +-
>   sssd.if           |  4 ++--
>   tftp.if           |  9 +++++++--
>   wm.if             |  2 +-
>   38 files changed, 98 insertions(+), 62 deletions(-)
> 


-- 
Chris PeBenito