From 2cca6b79b436464c1378eb5274187adff3248d97 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Oct 17 2008 17:31:04 +0000 Subject: trunk: remove redundant shared lib calls. --- diff --git a/policy/modules/admin/acct.te b/policy/modules/admin/acct.te index 1e6ec2d..8a7c421 100644 --- a/policy/modules/admin/acct.te +++ b/policy/modules/admin/acct.te @@ -59,9 +59,6 @@ init_use_fds(acct_t) init_use_script_ptys(acct_t) init_exec_script_files(acct_t) -libs_use_ld_so(acct_t) -libs_use_shared_libs(acct_t) - logging_send_syslog_msg(acct_t) miscfiles_read_localization(acct_t) diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te index ea39869..b7cb5df 100644 --- a/policy/modules/admin/alsa.te +++ b/policy/modules/admin/alsa.te @@ -54,9 +54,6 @@ auth_use_nsswitch(alsa_t) init_use_fds(alsa_t) -libs_use_ld_so(alsa_t) -libs_use_shared_libs(alsa_t) - logging_send_syslog_msg(alsa_t) miscfiles_read_localization(alsa_t) diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te index 0eb3c67..dd39ca4 100644 --- a/policy/modules/admin/amanda.te +++ b/policy/modules/admin/amanda.te @@ -158,9 +158,6 @@ term_use_unallocated_ttys(amanda_t) auth_use_nsswitch(amanda_t) auth_read_shadow(amanda_t) -libs_use_ld_so(amanda_t) -libs_use_shared_libs(amanda_t) - optional_policy(` logging_send_syslog_msg(amanda_t) ') @@ -226,9 +223,6 @@ auth_use_nsswitch(amanda_recover_t) fstools_domtrans(amanda_t) fstools_signal(amanda_t) -libs_use_ld_so(amanda_recover_t) -libs_use_shared_libs(amanda_recover_t) - logging_search_logs(amanda_recover_t) miscfiles_read_localization(amanda_recover_t) diff --git a/policy/modules/admin/amtu.te b/policy/modules/admin/amtu.te index 45eca9d..fd34746 100644 --- a/policy/modules/admin/amtu.te +++ b/policy/modules/admin/amtu.te @@ -21,9 +21,6 @@ files_manage_boot_files(amtu_t) files_read_etc_runtime_files(amtu_t) files_read_etc_files(amtu_t) -libs_use_ld_so(amtu_t) -libs_use_shared_libs(amtu_t) - logging_send_audit_msgs(amtu_t) optional_policy(` diff --git a/policy/modules/admin/apt.te b/policy/modules/admin/apt.te index 09c463b..d59fc5c 100644 --- a/policy/modules/admin/apt.te +++ b/policy/modules/admin/apt.te @@ -108,8 +108,6 @@ term_create_pty(apt_t, apt_devpts_t) term_list_ptys(apt_t) term_use_all_terms(apt_t) -libs_use_ld_so(apt_t) -libs_use_shared_libs(apt_t) libs_exec_ld_so(apt_t) libs_exec_lib_files(apt_t) diff --git a/policy/modules/admin/backup.te b/policy/modules/admin/backup.te index 73abd58..bfe5fab 100644 --- a/policy/modules/admin/backup.te +++ b/policy/modules/admin/backup.te @@ -67,9 +67,6 @@ fs_list_all(backup_t) auth_read_shadow(backup_t) -libs_use_ld_so(backup_t) -libs_use_shared_libs(backup_t) - logging_send_syslog_msg(backup_t) sysnet_read_config(backup_t) diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te index f49310f..292be8b 100644 --- a/policy/modules/admin/bootloader.te +++ b/policy/modules/admin/bootloader.te @@ -121,8 +121,6 @@ init_use_script_ptys(bootloader_t) init_use_script_fds(bootloader_t) init_rw_script_pipes(bootloader_t) -libs_use_ld_so(bootloader_t) -libs_use_shared_libs(bootloader_t) libs_read_lib_files(bootloader_t) libs_exec_lib_files(bootloader_t) diff --git a/policy/modules/admin/brctl.te b/policy/modules/admin/brctl.te index 4f46d88..e78f1c6 100644 --- a/policy/modules/admin/brctl.te +++ b/policy/modules/admin/brctl.te @@ -35,9 +35,6 @@ files_read_etc_files(brctl_t) term_dontaudit_use_console(brctl_t) -libs_use_ld_so(brctl_t) -libs_use_shared_libs(brctl_t) - miscfiles_read_localization(brctl_t) optional_policy(` diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te index 74d3726..46913fd 100644 --- a/policy/modules/admin/certwatch.te +++ b/policy/modules/admin/certwatch.te @@ -27,9 +27,6 @@ files_list_tmp(certwatch_t) fs_list_inotifyfs(certwatch_t) -libs_use_ld_so(certwatch_t) -libs_use_shared_libs(certwatch_t) - logging_send_syslog_msg(certwatch_t) miscfiles_read_certs(certwatch_t) diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te index 0a77e45..2672c68 100644 --- a/policy/modules/admin/consoletype.te +++ b/policy/modules/admin/consoletype.te @@ -54,9 +54,6 @@ domain_use_interactive_fds(consoletype_t) files_dontaudit_read_root_files(consoletype_t) files_list_usr(consoletype_t) -libs_use_ld_so(consoletype_t) -libs_use_shared_libs(consoletype_t) - ifdef(`distro_redhat',` fs_rw_tmpfs_chr_files(consoletype_t) ') diff --git a/policy/modules/admin/ddcprobe.te b/policy/modules/admin/ddcprobe.te index c48d8e8..07f9f03 100644 --- a/policy/modules/admin/ddcprobe.te +++ b/policy/modules/admin/ddcprobe.te @@ -40,8 +40,6 @@ term_use_all_user_ttys(ddcprobe_t) term_use_all_user_ptys(ddcprobe_t) libs_read_lib_files(ddcprobe_t) -libs_use_ld_so(ddcprobe_t) -libs_use_shared_libs(ddcprobe_t) miscfiles_read_localization(ddcprobe_t) diff --git a/policy/modules/admin/dmesg.te b/policy/modules/admin/dmesg.te index dab491d..02bd258 100644 --- a/policy/modules/admin/dmesg.te +++ b/policy/modules/admin/dmesg.te @@ -42,9 +42,6 @@ files_dontaudit_search_isid_type_dirs(dmesg_t) init_use_fds(dmesg_t) init_use_script_ptys(dmesg_t) -libs_use_ld_so(dmesg_t) -libs_use_shared_libs(dmesg_t) - logging_send_syslog_msg(dmesg_t) logging_write_generic_logs(dmesg_t) diff --git a/policy/modules/admin/dmidecode.te b/policy/modules/admin/dmidecode.te index 48e3b5f..8fb4783 100644 --- a/policy/modules/admin/dmidecode.te +++ b/policy/modules/admin/dmidecode.te @@ -28,7 +28,4 @@ term_list_ptys(dmidecode_t) files_list_usr(dmidecode_t) -libs_use_ld_so(dmidecode_t) -libs_use_shared_libs(dmidecode_t) - locallogin_use_fds(dmidecode_t) diff --git a/policy/modules/admin/dpkg.te b/policy/modules/admin/dpkg.te index 07e58a5..f57eab0 100644 --- a/policy/modules/admin/dpkg.te +++ b/policy/modules/admin/dpkg.te @@ -152,8 +152,6 @@ files_exec_etc_files(dpkg_t) init_domtrans_script(dpkg_t) init_use_script_ptys(dpkg_t) -libs_use_ld_so(dpkg_t) -libs_use_shared_libs(dpkg_t) libs_exec_ld_so(dpkg_t) libs_exec_lib_files(dpkg_t) libs_domtrans_ldconfig(dpkg_t) @@ -297,8 +295,6 @@ auth_manage_all_files_except_shadow(dpkg_script_t) init_domtrans_script(dpkg_script_t) init_use_script_fds(dpkg_script_t) -libs_use_ld_so(dpkg_script_t) -libs_use_shared_libs(dpkg_script_t) libs_exec_ld_so(dpkg_script_t) libs_exec_lib_files(dpkg_script_t) libs_domtrans_ldconfig(dpkg_script_t) diff --git a/policy/modules/admin/firstboot.te b/policy/modules/admin/firstboot.te index cadd349..ea98cfd 100644 --- a/policy/modules/admin/firstboot.te +++ b/policy/modules/admin/firstboot.te @@ -67,8 +67,6 @@ files_manage_var_symlinks(firstboot_t) init_domtrans_script(firstboot_t) init_rw_utmp(firstboot_t) -libs_use_ld_so(firstboot_t) -libs_use_shared_libs(firstboot_t) libs_exec_ld_so(firstboot_t) libs_exec_lib_files(firstboot_t) diff --git a/policy/modules/admin/kismet.te b/policy/modules/admin/kismet.te index d4e135e..c6aaa1d 100644 --- a/policy/modules/admin/kismet.te +++ b/policy/modules/admin/kismet.te @@ -51,7 +51,4 @@ auth_use_nsswitch(kismet_t) files_read_etc_files(kismet_t) -libs_use_ld_so(kismet_t) -libs_use_shared_libs(kismet_t) - miscfiles_read_localization(kismet_t) diff --git a/policy/modules/admin/kudzu.te b/policy/modules/admin/kudzu.te index 40d3ee2..fe122aa 100644 --- a/policy/modules/admin/kudzu.te +++ b/policy/modules/admin/kudzu.te @@ -110,8 +110,6 @@ init_ptrace(kudzu_t) # the inittab after configuring serial consoles init_telinit(kudzu_t) -libs_use_ld_so(kudzu_t) -libs_use_shared_libs(kudzu_t) # Read /usr/lib/gconv/gconv-modules.* libs_read_lib_files(kudzu_t) diff --git a/policy/modules/admin/logrotate.te b/policy/modules/admin/logrotate.te index 78cf1b6..0743fca 100644 --- a/policy/modules/admin/logrotate.te +++ b/policy/modules/admin/logrotate.te @@ -111,9 +111,6 @@ logging_send_syslog_msg(logrotate_t) # cjp: why is this needed? logging_exec_all_logs(logrotate_t) -libs_use_ld_so(logrotate_t) -libs_use_shared_libs(logrotate_t) - miscfiles_read_localization(logrotate_t) seutil_dontaudit_read_config(logrotate_t) diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te index ef4f944..80fd11b 100644 --- a/policy/modules/admin/logwatch.te +++ b/policy/modules/admin/logwatch.te @@ -75,8 +75,6 @@ auth_dontaudit_read_shadow(logwatch_t) init_read_utmp(logwatch_t) init_dontaudit_write_utmp(logwatch_t) -libs_use_ld_so(logwatch_t) -libs_use_shared_libs(logwatch_t) libs_read_lib_files(logwatch_t) logging_read_all_logs(logwatch_t) diff --git a/policy/modules/admin/mrtg.te b/policy/modules/admin/mrtg.te index 7cc90c2..2e013ac 100644 --- a/policy/modules/admin/mrtg.te +++ b/policy/modules/admin/mrtg.te @@ -106,8 +106,6 @@ init_dontaudit_write_utmp(mrtg_t) auth_use_nsswitch(mrtg_t) libs_read_lib_files(mrtg_t) -libs_use_ld_so(mrtg_t) -libs_use_shared_libs(mrtg_t) logging_send_syslog_msg(mrtg_t) diff --git a/policy/modules/admin/netutils.te b/policy/modules/admin/netutils.te index c348458..ca45fce 100644 --- a/policy/modules/admin/netutils.te +++ b/policy/modules/admin/netutils.te @@ -81,9 +81,6 @@ init_use_script_ptys(netutils_t) auth_use_nsswitch(netutils_t) -libs_use_ld_so(netutils_t) -libs_use_shared_libs(netutils_t) - logging_send_syslog_msg(netutils_t) miscfiles_read_localization(netutils_t) @@ -132,9 +129,6 @@ files_dontaudit_search_var(ping_t) auth_use_nsswitch(ping_t) -libs_use_ld_so(ping_t) -libs_use_shared_libs(ping_t) - logging_send_syslog_msg(ping_t) miscfiles_read_localization(ping_t) @@ -199,9 +193,6 @@ init_use_fds(traceroute_t) auth_use_nsswitch(traceroute_t) -libs_use_ld_so(traceroute_t) -libs_use_shared_libs(traceroute_t) - logging_send_syslog_msg(traceroute_t) miscfiles_read_localization(traceroute_t) diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if index 878a7dd..4f69198 100644 --- a/policy/modules/admin/portage.if +++ b/policy/modules/admin/portage.if @@ -177,8 +177,6 @@ interface(`portage_compile_domain',` auth_read_all_files_except_shadow($1) auth_read_all_symlinks_except_shadow($1) - libs_use_ld_so($1) - libs_use_shared_libs($1) libs_exec_lib_files($1) # some config scripts use ldd libs_exec_ld_so($1) diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te index 4f8ebcd..af61ccf 100644 --- a/policy/modules/admin/portage.te +++ b/policy/modules/admin/portage.te @@ -95,8 +95,6 @@ term_search_ptys(gcc_config_t) # seems to be ok without this init_dontaudit_read_script_status_files(gcc_config_t) -libs_use_ld_so(gcc_config_t) -libs_use_shared_libs(gcc_config_t) libs_read_lib_files(gcc_config_t) libs_domtrans_ldconfig(gcc_config_t) libs_manage_shared_libs(gcc_config_t) @@ -242,9 +240,6 @@ files_dontaudit_search_pids(portage_fetch_t) term_search_ptys(portage_fetch_t) -libs_use_ld_so(portage_fetch_t) -libs_use_shared_libs(portage_fetch_t) - miscfiles_read_localization(portage_fetch_t) sysnet_read_config(portage_fetch_t) diff --git a/policy/modules/admin/prelink.te b/policy/modules/admin/prelink.te index 73b6233..6fe27d0 100644 --- a/policy/modules/admin/prelink.te +++ b/policy/modules/admin/prelink.te @@ -70,11 +70,9 @@ fs_getattr_xattr_fs(prelink_t) selinux_get_enforce_mode(prelink_t) -libs_use_ld_so(prelink_t) libs_exec_ld_so(prelink_t) libs_manage_ld_so(prelink_t) libs_relabel_ld_so(prelink_t) -libs_use_shared_libs(prelink_t) libs_manage_shared_libs(prelink_t) libs_relabel_shared_libs(prelink_t) libs_delete_lib_symlinks(prelink_t) diff --git a/policy/modules/admin/quota.te b/policy/modules/admin/quota.te index 39d2336..098d817 100644 --- a/policy/modules/admin/quota.te +++ b/policy/modules/admin/quota.te @@ -70,9 +70,6 @@ files_read_etc_runtime_files(quota_t) init_use_fds(quota_t) init_use_script_ptys(quota_t) -libs_use_ld_so(quota_t) -libs_use_shared_libs(quota_t) - logging_send_syslog_msg(quota_t) userdom_dontaudit_use_unpriv_user_fds(quota_t) diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te index b846e46..cbf5853 100644 --- a/policy/modules/admin/readahead.te +++ b/policy/modules/admin/readahead.te @@ -71,9 +71,6 @@ init_use_fds(readahead_t) init_use_script_ptys(readahead_t) init_getattr_initctl(readahead_t) -libs_use_ld_so(readahead_t) -libs_use_shared_libs(readahead_t) - logging_send_syslog_msg(readahead_t) logging_dontaudit_search_audit_config(readahead_t) diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te index fc30eb5..aa77c0f 100644 --- a/policy/modules/admin/rpm.te +++ b/policy/modules/admin/rpm.te @@ -158,8 +158,6 @@ files_exec_etc_files(rpm_t) init_domtrans_script(rpm_t) -libs_use_ld_so(rpm_t) -libs_use_shared_libs(rpm_t) libs_exec_ld_so(rpm_t) libs_exec_lib_files(rpm_t) libs_domtrans_ldconfig(rpm_t) @@ -299,8 +297,6 @@ files_exec_usr_files(rpm_script_t) init_domtrans_script(rpm_script_t) -libs_use_ld_so(rpm_script_t) -libs_use_shared_libs(rpm_script_t) libs_exec_ld_so(rpm_script_t) libs_exec_lib_files(rpm_script_t) libs_domtrans_ldconfig(rpm_script_t) diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if index d8c2029..801577e 100644 --- a/policy/modules/admin/su.if +++ b/policy/modules/admin/su.if @@ -86,9 +86,6 @@ template(`su_restricted_domain_template', ` # Write to utmp. init_rw_utmp($1_su_t) - libs_use_ld_so($1_su_t) - libs_use_shared_libs($1_su_t) - logging_send_syslog_msg($1_su_t) miscfiles_read_localization($1_su_t) @@ -223,9 +220,6 @@ template(`su_per_role_template',` mls_file_write_all_levels($1_su_t) - libs_use_ld_so($1_su_t) - libs_use_shared_libs($1_su_t) - logging_send_syslog_msg($1_su_t) miscfiles_read_localization($1_su_t) diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if index 3a73b84..a068802 100644 --- a/policy/modules/admin/sudo.if +++ b/policy/modules/admin/sudo.if @@ -109,9 +109,6 @@ template(`sudo_per_role_template',` init_rw_utmp($1_sudo_t) - libs_use_ld_so($1_sudo_t) - libs_use_shared_libs($1_sudo_t) - logging_send_syslog_msg($1_sudo_t) miscfiles_read_localization($1_sudo_t) diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te index 406f0f5..e70d591 100644 --- a/policy/modules/admin/sxid.te +++ b/policy/modules/admin/sxid.te @@ -73,9 +73,6 @@ auth_dontaudit_getattr_shadow(sxid_t) init_use_fds(sxid_t) init_use_script_ptys(sxid_t) -libs_use_ld_so(sxid_t) -libs_use_shared_libs(sxid_t) - logging_send_syslog_msg(sxid_t) miscfiles_read_localization(sxid_t) diff --git a/policy/modules/admin/tmpreaper.te b/policy/modules/admin/tmpreaper.te index f128926..069f2a9 100644 --- a/policy/modules/admin/tmpreaper.te +++ b/policy/modules/admin/tmpreaper.te @@ -32,9 +32,6 @@ files_setattr_all_tmp_dirs(tmpreaper_t) mls_file_read_all_levels(tmpreaper_t) mls_file_write_all_levels(tmpreaper_t) -libs_use_ld_so(tmpreaper_t) -libs_use_shared_libs(tmpreaper_t) - logging_send_syslog_msg(tmpreaper_t) miscfiles_read_localization(tmpreaper_t) diff --git a/policy/modules/admin/tripwire.te b/policy/modules/admin/tripwire.te index 0ed471d..151a18c 100644 --- a/policy/modules/admin/tripwire.te +++ b/policy/modules/admin/tripwire.te @@ -79,9 +79,6 @@ files_read_all_symlinks(tripwire_t) files_getattr_all_pipes(tripwire_t) files_getattr_all_sockets(tripwire_t) -libs_use_ld_so(tripwire_t) -libs_use_shared_libs(tripwire_t) - logging_send_syslog_msg(tripwire_t) optional_policy(` @@ -99,9 +96,6 @@ manage_lnk_files_pattern(twadmin_t, tripwire_etc_t, tripwire_etc_t) domain_use_interactive_fds(twadmin_t) -libs_use_ld_so(twadmin_t) -libs_use_shared_libs(twadmin_t) - logging_send_syslog_msg(twadmin_t) miscfiles_read_localization(twadmin_t) @@ -126,9 +120,6 @@ files_search_var_lib(twprint_t) domain_use_interactive_fds(twprint_t) -libs_use_ld_so(twprint_t) -libs_use_shared_libs(twprint_t) - logging_send_syslog_msg(twprint_t) miscfiles_read_localization(twprint_t) @@ -143,9 +134,6 @@ domain_use_interactive_fds(siggen_t) # Need permission to read files files_read_all_files(siggen_t) -libs_use_ld_so(siggen_t) -libs_use_shared_libs(siggen_t) - logging_send_syslog_msg(siggen_t) miscfiles_read_localization(siggen_t) diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te index 6f19990..ad5d172 100644 --- a/policy/modules/admin/tzdata.te +++ b/policy/modules/admin/tzdata.te @@ -21,9 +21,6 @@ files_search_spool(tzdata_t) term_dontaudit_list_ptys(tzdata_t) -libs_use_ld_so(tzdata_t) -libs_use_shared_libs(tzdata_t) - locallogin_dontaudit_use_fds(tzdata_t) miscfiles_read_localization(tzdata_t) diff --git a/policy/modules/admin/updfstab.te b/policy/modules/admin/updfstab.te index d23ce81..976ee15 100644 --- a/policy/modules/admin/updfstab.te +++ b/policy/modules/admin/updfstab.te @@ -67,9 +67,6 @@ files_read_etc_runtime_files(updfstab_t) init_use_fds(updfstab_t) init_use_script_ptys(updfstab_t) -libs_use_ld_so(updfstab_t) -libs_use_shared_libs(updfstab_t) - logging_send_syslog_msg(updfstab_t) logging_search_logs(updfstab_t) diff --git a/policy/modules/admin/usbmodules.te b/policy/modules/admin/usbmodules.te index 0886322..9932456 100644 --- a/policy/modules/admin/usbmodules.te +++ b/policy/modules/admin/usbmodules.te @@ -33,9 +33,6 @@ term_write_console(usbmodules_t) init_use_fds(usbmodules_t) -libs_use_ld_so(usbmodules_t) -libs_use_shared_libs(usbmodules_t) - miscfiles_read_hwdata(usbmodules_t) modutils_read_module_deps(usbmodules_t) diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te index 9f6e3bc..384df0d 100644 --- a/policy/modules/admin/usermanage.te +++ b/policy/modules/admin/usermanage.te @@ -109,9 +109,6 @@ files_dontaudit_search_home(chfn_t) # correctly without it. Do not audit write denials to utmp. init_dontaudit_rw_utmp(chfn_t) -libs_use_ld_so(chfn_t) -libs_use_shared_libs(chfn_t) - miscfiles_read_localization(chfn_t) logging_send_syslog_msg(chfn_t) @@ -154,9 +151,6 @@ files_read_usr_files(crack_t) corecmd_exec_bin(crack_t) -libs_use_ld_so(crack_t) -libs_use_shared_libs(crack_t) - logging_send_syslog_msg(crack_t) sysadm_dontaudit_search_home_dirs(crack_t) @@ -216,9 +210,6 @@ files_manage_etc_files(groupadd_t) files_relabel_etc_files(groupadd_t) files_read_etc_runtime_files(groupadd_t) -libs_use_ld_so(groupadd_t) -libs_use_shared_libs(groupadd_t) - # Execute /usr/bin/{passwd,chfn,chsh} and /usr/sbin/{useradd,vipw}. corecmd_exec_bin(groupadd_t) @@ -318,9 +309,6 @@ files_relabel_etc_files(passwd_t) # correctly without it. Do not audit write denials to utmp. init_dontaudit_rw_utmp(passwd_t) -libs_use_ld_so(passwd_t) -libs_use_shared_libs(passwd_t) - logging_send_audit_msgs(passwd_t) logging_send_syslog_msg(passwd_t) @@ -409,9 +397,6 @@ files_dontaudit_search_pids(sysadm_passwd_t) # correctly without it. Do not audit write denials to utmp. init_dontaudit_rw_utmp(sysadm_passwd_t) -libs_use_ld_so(sysadm_passwd_t) -libs_use_shared_libs(sysadm_passwd_t) - miscfiles_read_localization(sysadm_passwd_t) logging_send_syslog_msg(sysadm_passwd_t) @@ -487,9 +472,6 @@ auth_use_nsswitch(useradd_t) init_use_fds(useradd_t) init_rw_utmp(useradd_t) -libs_use_ld_so(useradd_t) -libs_use_shared_libs(useradd_t) - logging_send_audit_msgs(useradd_t) logging_send_syslog_msg(useradd_t) diff --git a/policy/modules/admin/vbetool.te b/policy/modules/admin/vbetool.te index 832bdda..a6d316e 100644 --- a/policy/modules/admin/vbetool.te +++ b/policy/modules/admin/vbetool.te @@ -25,9 +25,6 @@ dev_read_sysfs(vbetool_t) term_use_unallocated_ttys(vbetool_t) -libs_use_ld_so(vbetool_t) -libs_use_shared_libs(vbetool_t) - miscfiles_read_localization(vbetool_t) optional_policy(` diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te index a036f75..c7db478 100644 --- a/policy/modules/admin/vpn.te +++ b/policy/modules/admin/vpn.te @@ -90,8 +90,6 @@ auth_use_nsswitch(vpnc_t) libs_exec_ld_so(vpnc_t) libs_exec_lib_files(vpnc_t) -libs_use_ld_so(vpnc_t) -libs_use_shared_libs(vpnc_t) locallogin_use_fds(vpnc_t) diff --git a/policy/modules/apps/authbind.te b/policy/modules/apps/authbind.te index 4d91328..c67a422 100644 --- a/policy/modules/apps/authbind.te +++ b/policy/modules/apps/authbind.te @@ -30,6 +30,3 @@ files_list_etc(authbind_t) term_use_console(authbind_t) logging_send_syslog_msg(authbind_t) - -libs_use_ld_so(authbind_t) -libs_use_shared_libs(authbind_t) diff --git a/policy/modules/apps/awstats.te b/policy/modules/apps/awstats.te index 43af46d..8b1cbb2 100644 --- a/policy/modules/apps/awstats.te +++ b/policy/modules/apps/awstats.te @@ -48,8 +48,6 @@ files_read_etc_files(awstats_t) files_read_usr_files(awstats_t) libs_read_lib_files(awstats_t) -libs_use_ld_so(awstats_t) -libs_use_shared_libs(awstats_t) miscfiles_read_localization(awstats_t) diff --git a/policy/modules/apps/calamaris.te b/policy/modules/apps/calamaris.te index 6096881..39213d5 100644 --- a/policy/modules/apps/calamaris.te +++ b/policy/modules/apps/calamaris.te @@ -58,8 +58,6 @@ files_read_var_files(calamaris_t) files_read_etc_runtime_files(calamaris_t) libs_read_lib_files(calamaris_t) -libs_use_ld_so(calamaris_t) -libs_use_shared_libs(calamaris_t) logging_send_syslog_msg(calamaris_t) diff --git a/policy/modules/apps/cdrecord.if b/policy/modules/apps/cdrecord.if index 1d6274a..1319eaf 100644 --- a/policy/modules/apps/cdrecord.if +++ b/policy/modules/apps/cdrecord.if @@ -81,9 +81,6 @@ template(`cdrecord_per_role_template', ` storage_raw_write_removable_device($1_cdrecord_t) storage_write_scsi_generic($1_cdrecord_t) - libs_use_ld_so($1_cdrecord_t) - libs_use_shared_libs($1_cdrecord_t) - logging_send_syslog_msg($1_cdrecord_t) miscfiles_read_localization($1_cdrecord_t) diff --git a/policy/modules/apps/ethereal.if b/policy/modules/apps/ethereal.if index 3464f5d..20eee67 100644 --- a/policy/modules/apps/ethereal.if +++ b/policy/modules/apps/ethereal.if @@ -124,8 +124,6 @@ template(`ethereal_per_role_template',` fs_search_auto_mountpoints($1_ethereal_t) libs_read_lib_files($1_ethereal_t) - libs_use_ld_so($1_ethereal_t) - libs_use_shared_libs($1_ethereal_t) miscfiles_read_fonts($1_ethereal_t) miscfiles_read_localization($1_ethereal_t) diff --git a/policy/modules/apps/ethereal.te b/policy/modules/apps/ethereal.te index 9348110..e4d312d 100644 --- a/policy/modules/apps/ethereal.te +++ b/policy/modules/apps/ethereal.te @@ -42,9 +42,6 @@ files_read_usr_files(tethereal_t) # /etc/nsswitch.conf files_read_etc_files(tethereal_t) -libs_use_ld_so(tethereal_t) -libs_use_shared_libs(tethereal_t) - miscfiles_read_localization(tethereal_t) seutil_use_newrole_fds(tethereal_t) diff --git a/policy/modules/apps/evolution.if b/policy/modules/apps/evolution.if index da77447..66f4659 100644 --- a/policy/modules/apps/evolution.if +++ b/policy/modules/apps/evolution.if @@ -223,9 +223,6 @@ template(`evolution_per_role_template',` fs_search_auto_mountpoints($1_evolution_t) - libs_use_ld_so($1_evolution_t) - libs_use_shared_libs($1_evolution_t) - logging_send_syslog_msg($1_evolution_t) miscfiles_read_localization($1_evolution_t) @@ -501,9 +498,6 @@ template(`evolution_per_role_template',` fs_search_auto_mountpoints($1_evolution_alarm_t) - libs_use_ld_so($1_evolution_alarm_t) - libs_use_shared_libs($1_evolution_alarm_t) - miscfiles_read_localization($1_evolution_alarm_t) # Access evolution home @@ -603,9 +597,6 @@ template(`evolution_per_role_template',` # Access evolution home fs_search_auto_mountpoints($1_evolution_exchange_t) - libs_use_ld_so($1_evolution_exchange_t) - libs_use_shared_libs($1_evolution_exchange_t) - miscfiles_read_localization($1_evolution_exchange_t) # Access evolution home @@ -693,9 +684,6 @@ template(`evolution_per_role_template',` fs_search_auto_mountpoints($1_evolution_server_t) - libs_use_ld_so($1_evolution_server_t) - libs_use_shared_libs($1_evolution_server_t) - miscfiles_read_localization($1_evolution_server_t) # Look in /etc/pki miscfiles_read_certs($1_evolution_server_t) diff --git a/policy/modules/apps/games.if b/policy/modules/apps/games.if index 4f810fb..86b8ff7 100644 --- a/policy/modules/apps/games.if +++ b/policy/modules/apps/games.if @@ -122,9 +122,6 @@ template(`games_per_role_template',` logging_dontaudit_search_logs($1_games_t) - libs_use_shared_libs($1_games_t) - libs_use_ld_so($1_games_t) - miscfiles_read_man_pages($1_games_t) miscfiles_read_localization($1_games_t) diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te index 40a8a85..92b1513 100644 --- a/policy/modules/apps/games.te +++ b/policy/modules/apps/games.te @@ -50,9 +50,6 @@ domain_use_interactive_fds(games_t) init_use_fds(games_t) init_use_script_ptys(games_t) -libs_use_ld_so(games_t) -libs_use_shared_libs(games_t) - logging_send_syslog_msg(games_t) miscfiles_read_localization(games_t) diff --git a/policy/modules/apps/gift.if b/policy/modules/apps/gift.if index 0046af5..7ab618e 100644 --- a/policy/modules/apps/gift.if +++ b/policy/modules/apps/gift.if @@ -173,9 +173,6 @@ template(`gift_per_role_template',` # Read /etc/mtab files_read_etc_runtime_files($1_giftd_t) - libs_use_ld_so($1_giftd_t) - libs_use_shared_libs($1_giftd_t) - miscfiles_read_localization($1_giftd_t) sysnet_read_config($1_giftd_t) diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if index e5dd078..8da9f61 100644 --- a/policy/modules/apps/gnome.if +++ b/policy/modules/apps/gnome.if @@ -86,9 +86,6 @@ template(`gnome_per_role_template',` files_read_etc_files($1_gconfd_t) - libs_use_ld_so($1_gconfd_t) - libs_use_shared_libs($1_gconfd_t) - miscfiles_read_localization($1_gconfd_t) logging_send_syslog_msg($1_gconfd_t) diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if index 028d3e6..9b03de2 100644 --- a/policy/modules/apps/gpg.if +++ b/policy/modules/apps/gpg.if @@ -115,9 +115,6 @@ template(`gpg_per_role_template',` files_read_usr_files($1_gpg_t) files_dontaudit_search_var($1_gpg_t) - libs_use_shared_libs($1_gpg_t) - libs_use_ld_so($1_gpg_t) - miscfiles_read_localization($1_gpg_t) logging_send_syslog_msg($1_gpg_t) @@ -177,9 +174,6 @@ template(`gpg_per_role_template',` # for nscd files_dontaudit_search_var($1_gpg_helper_t) - libs_use_ld_so($1_gpg_helper_t) - libs_use_shared_libs($1_gpg_helper_t) - sysnet_read_config($1_gpg_helper_t) tunable_policy(`use_nfs_home_dirs',` @@ -238,9 +232,6 @@ template(`gpg_per_role_template',` domain_use_interactive_fds($1_gpg_agent_t) - libs_use_ld_so($1_gpg_agent_t) - libs_use_shared_libs($1_gpg_agent_t) - miscfiles_read_localization($1_gpg_agent_t) # Write to the user domain tty. @@ -288,9 +279,6 @@ template(`gpg_per_role_template',` # read /etc/X11/qtrc files_read_etc_files($1_gpg_pinentry_t) - libs_use_ld_so($1_gpg_pinentry_t) - libs_use_shared_libs($1_gpg_pinentry_t) - miscfiles_read_fonts($1_gpg_pinentry_t) miscfiles_read_localization($1_gpg_pinentry_t) diff --git a/policy/modules/apps/irc.if b/policy/modules/apps/irc.if index a432984..42d49ac 100644 --- a/policy/modules/apps/irc.if +++ b/policy/modules/apps/irc.if @@ -119,9 +119,6 @@ template(`irc_per_role_template',` init_read_utmp($1_irc_t) init_dontaudit_lock_utmp($1_irc_t) - libs_use_ld_so($1_irc_t) - libs_use_shared_libs($1_irc_t) - miscfiles_read_localization($1_irc_t) # Inherit and use descriptors from newrole. diff --git a/policy/modules/apps/java.if b/policy/modules/apps/java.if index f59bba3..11f192c 100644 --- a/policy/modules/apps/java.if +++ b/policy/modules/apps/java.if @@ -123,9 +123,6 @@ template(`java_per_role_template',` fs_getattr_xattr_fs($1_javaplugin_t) fs_dontaudit_rw_tmpfs_files($1_javaplugin_t) - libs_use_ld_so($1_javaplugin_t) - libs_use_shared_libs($1_javaplugin_t) - logging_send_syslog_msg($1_javaplugin_t) miscfiles_read_localization($1_javaplugin_t) diff --git a/policy/modules/apps/loadkeys.te b/policy/modules/apps/loadkeys.te index e5423c1..bcb6676 100644 --- a/policy/modules/apps/loadkeys.te +++ b/policy/modules/apps/loadkeys.te @@ -35,9 +35,6 @@ term_use_unallocated_ttys(loadkeys_t) init_dontaudit_use_fds(loadkeys_t) init_dontaudit_use_script_ptys(loadkeys_t) -libs_use_ld_so(loadkeys_t) -libs_use_shared_libs(loadkeys_t) - locallogin_use_fds(loadkeys_t) miscfiles_read_localization(loadkeys_t) diff --git a/policy/modules/apps/lockdev.if b/policy/modules/apps/lockdev.if index 6a3a994..c818c1e 100644 --- a/policy/modules/apps/lockdev.if +++ b/policy/modules/apps/lockdev.if @@ -69,9 +69,6 @@ template(`lockdev_per_role_template',` fs_getattr_xattr_fs($1_lockdev_t) - libs_use_ld_so($1_lockdev_t) - libs_use_shared_libs($1_lockdev_t) - logging_send_syslog_msg($1_lockdev_t) userdom_use_user_terminals($1, $1_lockdev_t) diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if index 5d9f74a..abbb2bb 100644 --- a/policy/modules/apps/mozilla.if +++ b/policy/modules/apps/mozilla.if @@ -172,9 +172,6 @@ template(`mozilla_per_role_template',` term_dontaudit_getattr_pty_dirs($1_mozilla_t) - libs_use_ld_so($1_mozilla_t) - libs_use_shared_libs($1_mozilla_t) - logging_send_syslog_msg($1_mozilla_t) miscfiles_read_fonts($1_mozilla_t) diff --git a/policy/modules/apps/mplayer.if b/policy/modules/apps/mplayer.if index ffcbabe..664a3e9 100644 --- a/policy/modules/apps/mplayer.if +++ b/policy/modules/apps/mplayer.if @@ -98,9 +98,6 @@ template(`mplayer_per_role_template',` # Access to DVD/CD/V4L storage_raw_read_removable_device($1_mencoder_t) - libs_use_ld_so($1_mencoder_t) - libs_use_shared_libs($1_mencoder_t) - miscfiles_read_localization($1_mencoder_t) userdom_use_user_terminals($1,$1_mencoder_t) @@ -327,9 +324,6 @@ template(`mplayer_per_role_template',` fs_search_auto_mountpoints($1_mplayer_t) fs_list_inotifyfs($1_mplayer_t) - libs_use_ld_so($1_mplayer_t) - libs_use_shared_libs($1_mplayer_t) - miscfiles_read_localization($1_mplayer_t) miscfiles_read_fonts($1_mplayer_t) diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te index 67d52ed..08b504b 100644 --- a/policy/modules/apps/podsleuth.te +++ b/policy/modules/apps/podsleuth.te @@ -26,9 +26,6 @@ dev_read_urand(podsleuth_t) files_read_etc_files(podsleuth_t) -libs_use_ld_so(podsleuth_t) -libs_use_shared_libs(podsleuth_t) - miscfiles_read_localization(podsleuth_t) dbus_system_bus_client_template(podsleuth, podsleuth_t) diff --git a/policy/modules/apps/qemu.if b/policy/modules/apps/qemu.if index 95cde51..aff0165 100644 --- a/policy/modules/apps/qemu.if +++ b/policy/modules/apps/qemu.if @@ -191,9 +191,6 @@ template(`qemu_domain_template',` term_getattr_pty_fs($1_t) term_use_generic_ptys($1_t) - libs_use_ld_so($1_t) - libs_use_shared_libs($1_t) - miscfiles_read_localization($1_t) sysnet_read_config($1_t) diff --git a/policy/modules/apps/rssh.if b/policy/modules/apps/rssh.if index 019c504..d0129a8 100644 --- a/policy/modules/apps/rssh.if +++ b/policy/modules/apps/rssh.if @@ -87,9 +87,6 @@ template(`rssh_per_role_template',` fs_search_auto_mountpoints($1_rssh_t) - libs_use_ld_so($1_rssh_t) - libs_use_shared_libs($1_rssh_t) - logging_send_syslog_msg($1_rssh_t) miscfiles_read_localization($1_rssh_t) diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if index 46eb9bf..2c949a3 100644 --- a/policy/modules/apps/screen.if +++ b/policy/modules/apps/screen.if @@ -142,9 +142,6 @@ template(`screen_per_role_template',` # Write to utmp. init_rw_utmp($1_screen_t) - libs_use_ld_so($1_screen_t) - libs_use_shared_libs($1_screen_t) - logging_send_syslog_msg($1_screen_t) miscfiles_read_localization($1_screen_t) diff --git a/policy/modules/apps/slocate.te b/policy/modules/apps/slocate.te index fbb1b76..01915af 100644 --- a/policy/modules/apps/slocate.te +++ b/policy/modules/apps/slocate.te @@ -52,9 +52,6 @@ fs_list_inotifyfs(locate_t) # getpwnam auth_use_nsswitch(locate_t) -libs_use_shared_libs(locate_t) -libs_use_ld_so(locate_t) - miscfiles_read_localization(locate_t) ifdef(`enable_mls',` diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if index 168be3a..d9d5af8 100644 --- a/policy/modules/apps/thunderbird.if +++ b/policy/modules/apps/thunderbird.if @@ -147,9 +147,6 @@ template(`thunderbird_per_role_template',` auth_use_nsswitch($1_thunderbird_t) - libs_use_shared_libs($1_thunderbird_t) - libs_use_ld_so($1_thunderbird_t) - miscfiles_read_fonts($1_thunderbird_t) miscfiles_read_localization($1_thunderbird_t) diff --git a/policy/modules/apps/tvtime.if b/policy/modules/apps/tvtime.if index ca1f399..2cfec68 100644 --- a/policy/modules/apps/tvtime.if +++ b/policy/modules/apps/tvtime.if @@ -112,9 +112,6 @@ template(`tvtime_per_role_template',` # X access, Home files fs_search_auto_mountpoints($1_tvtime_t) - libs_use_ld_so($1_tvtime_t) - libs_use_shared_libs($1_tvtime_t) - miscfiles_read_localization($1_tvtime_t) miscfiles_read_fonts($1_tvtime_t) diff --git a/policy/modules/apps/uml.if b/policy/modules/apps/uml.if index b3e7a9e..810ee04 100644 --- a/policy/modules/apps/uml.if +++ b/policy/modules/apps/uml.if @@ -176,8 +176,6 @@ template(`uml_per_role_template',` init_dontaudit_write_utmp($1_uml_t) # for xterm - libs_use_ld_so($1_uml_t) - libs_use_shared_libs($1_uml_t) libs_exec_lib_files($1_uml_t) # Inherit and use descriptors from newrole. diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te index 0c3d8e1..b9f8783 100644 --- a/policy/modules/apps/uml.te +++ b/policy/modules/apps/uml.te @@ -49,9 +49,6 @@ term_dontaudit_use_console(uml_switch_t) init_use_fds(uml_switch_t) init_use_script_ptys(uml_switch_t) -libs_use_ld_so(uml_switch_t) -libs_use_shared_libs(uml_switch_t) - logging_send_syslog_msg(uml_switch_t) miscfiles_read_localization(uml_switch_t) diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if index 7a4f429..b144715 100644 --- a/policy/modules/apps/userhelper.if +++ b/policy/modules/apps/userhelper.if @@ -139,9 +139,6 @@ template(`userhelper_per_role_template',` # Write to utmp. init_manage_utmp($1_userhelper_t) - libs_use_ld_so($1_userhelper_t) - libs_use_shared_libs($1_userhelper_t) - miscfiles_read_localization($1_userhelper_t) seutil_read_config($1_userhelper_t) diff --git a/policy/modules/apps/usernetctl.te b/policy/modules/apps/usernetctl.te index 748ddba..aa63889 100644 --- a/policy/modules/apps/usernetctl.te +++ b/policy/modules/apps/usernetctl.te @@ -51,9 +51,6 @@ fs_search_auto_mountpoints(usernetctl_t) auth_use_nsswitch(usernetctl_t) -libs_use_ld_so(usernetctl_t) -libs_use_shared_libs(usernetctl_t) - logging_send_syslog_msg(usernetctl_t) miscfiles_read_localization(usernetctl_t) diff --git a/policy/modules/apps/vmware.if b/policy/modules/apps/vmware.if index b6c923e..806bb80 100644 --- a/policy/modules/apps/vmware.if +++ b/policy/modules/apps/vmware.if @@ -146,8 +146,6 @@ template(`vmware_per_role_template',` storage_raw_read_removable_device($1_vmware_t) storage_raw_write_removable_device($1_vmware_t) - libs_use_ld_so($1_vmware_t) - libs_use_shared_libs($1_vmware_t) # startup scripts run ldd libs_exec_ld_so($1_vmware_t) # Access X11 config files diff --git a/policy/modules/apps/vmware.te b/policy/modules/apps/vmware.te index d24b3f7..bf61196 100644 --- a/policy/modules/apps/vmware.te +++ b/policy/modules/apps/vmware.te @@ -85,9 +85,6 @@ term_dontaudit_use_console(vmware_host_t) init_use_fds(vmware_host_t) init_use_script_ptys(vmware_host_t) -libs_use_ld_so(vmware_host_t) -libs_use_shared_libs(vmware_host_t) - logging_send_syslog_msg(vmware_host_t) miscfiles_read_localization(vmware_host_t) diff --git a/policy/modules/apps/webalizer.te b/policy/modules/apps/webalizer.te index 8d02fca..3553ffc 100644 --- a/policy/modules/apps/webalizer.te +++ b/policy/modules/apps/webalizer.te @@ -72,9 +72,6 @@ fs_getattr_xattr_fs(webalizer_t) files_read_etc_files(webalizer_t) files_read_etc_runtime_files(webalizer_t) -libs_use_ld_so(webalizer_t) -libs_use_shared_libs(webalizer_t) - logging_list_logs(webalizer_t) logging_send_syslog_msg(webalizer_t) diff --git a/policy/modules/apps/wireshark.if b/policy/modules/apps/wireshark.if index 81320c3..8a0af00 100644 --- a/policy/modules/apps/wireshark.if +++ b/policy/modules/apps/wireshark.if @@ -124,8 +124,6 @@ template(`wireshark_per_role_template',` fs_search_auto_mountpoints($1_wireshark_t) libs_read_lib_files($1_wireshark_t) - libs_use_ld_so($1_wireshark_t) - libs_use_shared_libs($1_wireshark_t) miscfiles_read_fonts($1_wireshark_t) miscfiles_read_localization($1_wireshark_t) diff --git a/policy/modules/apps/yam.te b/policy/modules/apps/yam.te index bf2bf54..5c5b8a3 100644 --- a/policy/modules/apps/yam.te +++ b/policy/modules/apps/yam.te @@ -86,9 +86,6 @@ fs_read_iso9660_files(yam_t) term_search_ptys(yam_t) -libs_use_ld_so(yam_t) -libs_use_shared_libs(yam_t) - logging_send_syslog_msg(yam_t) miscfiles_read_localization(yam_t) diff --git a/policy/modules/services/afs.te b/policy/modules/services/afs.te index b6c15b1..7f193c4 100644 --- a/policy/modules/services/afs.te +++ b/policy/modules/services/afs.te @@ -105,9 +105,6 @@ files_read_etc_files(afs_bosserver_t) files_list_home(afs_bosserver_t) files_read_usr_files(afs_bosserver_t) -libs_use_ld_so(afs_bosserver_t) -libs_use_shared_libs(afs_bosserver_t) - miscfiles_read_localization(afs_bosserver_t) seutil_read_config(afs_bosserver_t) @@ -175,9 +172,6 @@ term_dontaudit_use_console(afs_fsserver_t) init_dontaudit_use_script_fds(afs_fsserver_t) -libs_use_ld_so(afs_fsserver_t) -libs_use_shared_libs(afs_fsserver_t) - logging_send_syslog_msg(afs_fsserver_t) miscfiles_read_localization(afs_fsserver_t) @@ -225,9 +219,6 @@ files_read_etc_files(afs_kaserver_t) files_list_home(afs_kaserver_t) files_read_usr_files(afs_kaserver_t) -libs_use_ld_so(afs_kaserver_t) -libs_use_shared_libs(afs_kaserver_t) - miscfiles_read_localization(afs_kaserver_t) seutil_read_config(afs_kaserver_t) @@ -268,9 +259,6 @@ corenet_sendrecv_afs_pt_server_packets(afs_ptserver_t) files_read_etc_files(afs_ptserver_t) -libs_use_ld_so(afs_ptserver_t) -libs_use_shared_libs(afs_ptserver_t) - miscfiles_read_localization(afs_ptserver_t) sysnet_read_config(afs_ptserver_t) @@ -309,9 +297,6 @@ corenet_sendrecv_afs_vl_server_packets(afs_vlserver_t) files_read_etc_files(afs_vlserver_t) -libs_use_ld_so(afs_vlserver_t) -libs_use_shared_libs(afs_vlserver_t) - miscfiles_read_localization(afs_vlserver_t) sysnet_read_config(afs_vlserver_t) diff --git a/policy/modules/services/aide.te b/policy/modules/services/aide.te index 4e90fab..af51f7f 100644 --- a/policy/modules/services/aide.te +++ b/policy/modules/services/aide.te @@ -34,9 +34,6 @@ logging_log_filetrans(aide_t, aide_log_t, file) files_read_all_files(aide_t) -libs_use_ld_so(aide_t) -libs_use_shared_libs(aide_t) - logging_send_audit_msgs(aide_t) seutil_use_newrole_fds(aide_t) diff --git a/policy/modules/services/amavis.te b/policy/modules/services/amavis.te index 4ddac8b..42ffed8 100644 --- a/policy/modules/services/amavis.te +++ b/policy/modules/services/amavis.te @@ -138,9 +138,6 @@ auth_dontaudit_read_shadow(amavis_t) init_stream_connect_script(amavis_t) -libs_use_ld_so(amavis_t) -libs_use_shared_libs(amavis_t) - logging_send_syslog_msg(amavis_t) miscfiles_read_localization(amavis_t) diff --git a/policy/modules/services/apache.if b/policy/modules/services/apache.if index 6bb849d..f038c0d 100644 --- a/policy/modules/services/apache.if +++ b/policy/modules/services/apache.if @@ -101,8 +101,6 @@ template(`apache_content_template',` files_read_etc_files(httpd_$1_script_t) files_search_home(httpd_$1_script_t) - libs_use_ld_so(httpd_$1_script_t) - libs_use_shared_libs(httpd_$1_script_t) libs_exec_ld_so(httpd_$1_script_t) libs_exec_lib_files(httpd_$1_script_t) diff --git a/policy/modules/services/apache.te b/policy/modules/services/apache.te index 490683f..ab19229 100644 --- a/policy/modules/services/apache.te +++ b/policy/modules/services/apache.te @@ -336,8 +336,6 @@ files_read_var_lib_symlinks(httpd_t) fs_search_auto_mountpoints(httpd_sys_script_t) -libs_use_ld_so(httpd_t) -libs_use_shared_libs(httpd_t) libs_read_lib_files(httpd_t) logging_send_syslog_msg(httpd_t) @@ -513,9 +511,6 @@ allow httpd_helper_t httpd_config_t:file read_file_perms; allow httpd_helper_t httpd_log_t:file append_file_perms; -libs_use_ld_so(httpd_helper_t) -libs_use_shared_libs(httpd_helper_t) - logging_send_syslog_msg(httpd_helper_t) tunable_policy(`httpd_tty_comm',` @@ -552,8 +547,6 @@ files_tmp_filetrans(httpd_php_t, httpd_php_tmp_t, { file dir }) fs_search_auto_mountpoints(httpd_php_t) libs_exec_lib_files(httpd_php_t) -libs_use_ld_so(httpd_php_t) -libs_use_shared_libs(httpd_php_t) userdom_use_unpriv_users_fds(httpd_php_t) @@ -609,9 +602,6 @@ files_search_home(httpd_suexec_t) auth_use_nsswitch(httpd_suexec_t) -libs_use_ld_so(httpd_suexec_t) -libs_use_shared_libs(httpd_suexec_t) - logging_search_logs(httpd_suexec_t) logging_send_syslog_msg(httpd_suexec_t) @@ -735,9 +725,6 @@ kernel_dontaudit_read_proc_symlinks(httpd_rotatelogs_t) files_read_etc_files(httpd_rotatelogs_t) -libs_use_ld_so(httpd_rotatelogs_t) -libs_use_shared_libs(httpd_rotatelogs_t) - logging_search_logs(httpd_rotatelogs_t) miscfiles_read_localization(httpd_rotatelogs_t) diff --git a/policy/modules/services/apcupsd.te b/policy/modules/services/apcupsd.te index ab42eaa..2a96926 100644 --- a/policy/modules/services/apcupsd.te +++ b/policy/modules/services/apcupsd.te @@ -82,9 +82,6 @@ term_use_unallocated_ttys(apcupsd_t) init_rw_utmp(apcupsd_t) init_telinit(apcupsd_t) -libs_use_ld_so(apcupsd_t) -libs_use_shared_libs(apcupsd_t) - logging_send_syslog_msg(apcupsd_t) miscfiles_read_localization(apcupsd_t) diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te index 0fc2e12..80c7780 100644 --- a/policy/modules/services/apm.te +++ b/policy/modules/services/apm.te @@ -50,9 +50,6 @@ term_use_all_terms(apm_t) domain_use_interactive_fds(apm_t) -libs_use_ld_so(apm_t) -libs_use_shared_libs(apm_t) - logging_send_syslog_msg(apm_t) ######################################## @@ -123,9 +120,7 @@ init_rw_utmp(apmd_t) init_telinit(apmd_t) libs_exec_ld_so(apmd_t) -libs_use_ld_so(apmd_t) libs_exec_lib_files(apmd_t) -libs_use_shared_libs(apmd_t) logging_send_syslog_msg(apmd_t) diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te index d697881..efff63c 100644 --- a/policy/modules/services/arpwatch.te +++ b/policy/modules/services/arpwatch.te @@ -73,9 +73,6 @@ files_search_var_lib(arpwatch_t) auth_use_nsswitch(arpwatch_t) -libs_use_ld_so(arpwatch_t) -libs_use_shared_libs(arpwatch_t) - logging_send_syslog_msg(arpwatch_t) miscfiles_read_localization(arpwatch_t) diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te index afa439c..5aaa127 100644 --- a/policy/modules/services/asterisk.te +++ b/policy/modules/services/asterisk.te @@ -116,9 +116,6 @@ files_read_usr_files(asterisk_t) fs_getattr_all_fs(asterisk_t) fs_search_auto_mountpoints(asterisk_t) -libs_use_ld_so(asterisk_t) -libs_use_shared_libs(asterisk_t) - logging_send_syslog_msg(asterisk_t) miscfiles_read_localization(asterisk_t) diff --git a/policy/modules/services/audioentropy.te b/policy/modules/services/audioentropy.te index f15f6d7..66672f4 100644 --- a/policy/modules/services/audioentropy.te +++ b/policy/modules/services/audioentropy.te @@ -41,9 +41,6 @@ fs_search_auto_mountpoints(entropyd_t) domain_use_interactive_fds(entropyd_t) -libs_use_ld_so(entropyd_t) -libs_use_shared_libs(entropyd_t) - logging_send_syslog_msg(entropyd_t) miscfiles_read_localization(entropyd_t) diff --git a/policy/modules/services/automount.te b/policy/modules/services/automount.te index f608f34..61b06c6 100644 --- a/policy/modules/services/automount.te +++ b/policy/modules/services/automount.te @@ -134,9 +134,6 @@ term_dontaudit_getattr_pty_dirs(automount_t) auth_use_nsswitch(automount_t) -libs_use_ld_so(automount_t) -libs_use_shared_libs(automount_t) - logging_send_syslog_msg(automount_t) logging_search_logs(automount_t) diff --git a/policy/modules/services/avahi.te b/policy/modules/services/avahi.te index 6703a6b..dddae90 100644 --- a/policy/modules/services/avahi.te +++ b/policy/modules/services/avahi.te @@ -70,9 +70,6 @@ auth_use_nsswitch(avahi_t) init_signal_script(avahi_t) init_signull_script(avahi_t) -libs_use_ld_so(avahi_t) -libs_use_shared_libs(avahi_t) - logging_send_syslog_msg(avahi_t) miscfiles_read_localization(avahi_t) diff --git a/policy/modules/services/bind.te b/policy/modules/services/bind.te index 57ab115..4ceaab3 100644 --- a/policy/modules/services/bind.te +++ b/policy/modules/services/bind.te @@ -139,9 +139,6 @@ fs_search_auto_mountpoints(named_t) auth_use_nsswitch(named_t) -libs_use_ld_so(named_t) -libs_use_shared_libs(named_t) - logging_send_syslog_msg(named_t) miscfiles_read_localization(named_t) @@ -237,9 +234,6 @@ fs_getattr_xattr_fs(ndc_t) init_use_fds(ndc_t) init_use_script_ptys(ndc_t) -libs_use_ld_so(ndc_t) -libs_use_shared_libs(ndc_t) - logging_send_syslog_msg(ndc_t) miscfiles_read_localization(ndc_t) diff --git a/policy/modules/services/bitlbee.te b/policy/modules/services/bitlbee.te index 474bef6..259a911 100644 --- a/policy/modules/services/bitlbee.te +++ b/policy/modules/services/bitlbee.te @@ -78,7 +78,6 @@ files_search_pids(bitlbee_t) files_read_usr_files(bitlbee_t) libs_legacy_use_shared_libs(bitlbee_t) -libs_use_ld_so(bitlbee_t) miscfiles_read_localization(bitlbee_t) diff --git a/policy/modules/services/bluetooth.if b/policy/modules/services/bluetooth.if index ec038c4..deb7d45 100644 --- a/policy/modules/services/bluetooth.if +++ b/policy/modules/services/bluetooth.if @@ -84,9 +84,6 @@ template(`bluetooth_per_role_template',` files_read_usr_files($1_bluetooth_t) files_dontaudit_list_default($1_bluetooth_t) - libs_use_ld_so($1_bluetooth_t) - libs_use_shared_libs($1_bluetooth_t) - locallogin_dontaudit_use_fds($1_bluetooth_t) logging_send_syslog_msg($1_bluetooth_t) diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te index daa5ae1..0da2c88 100644 --- a/policy/modules/services/bluetooth.te +++ b/policy/modules/services/bluetooth.te @@ -110,9 +110,6 @@ files_read_etc_files(bluetooth_t) files_read_etc_runtime_files(bluetooth_t) files_read_usr_files(bluetooth_t) -libs_use_ld_so(bluetooth_t) -libs_use_shared_libs(bluetooth_t) - logging_send_syslog_msg(bluetooth_t) miscfiles_read_localization(bluetooth_t) diff --git a/policy/modules/services/canna.te b/policy/modules/services/canna.te index 099154b..5f14678 100644 --- a/policy/modules/services/canna.te +++ b/policy/modules/services/canna.te @@ -71,9 +71,6 @@ files_read_usr_files(canna_t) files_search_tmp(canna_t) files_dontaudit_read_root_files(canna_t) -libs_use_ld_so(canna_t) -libs_use_shared_libs(canna_t) - logging_send_syslog_msg(canna_t) miscfiles_read_localization(canna_t) diff --git a/policy/modules/services/ccs.te b/policy/modules/services/ccs.te index 670a60d..05495b7 100644 --- a/policy/modules/services/ccs.te +++ b/policy/modules/services/ccs.te @@ -98,9 +98,6 @@ files_read_etc_runtime_files(ccs_t) init_rw_script_tmp_files(ccs_t) -libs_use_ld_so(ccs_t) -libs_use_shared_libs(ccs_t) - logging_send_syslog_msg(ccs_t) miscfiles_read_localization(ccs_t) diff --git a/policy/modules/services/cipe.te b/policy/modules/services/cipe.te index e809543..9fa0736 100644 --- a/policy/modules/services/cipe.te +++ b/policy/modules/services/cipe.te @@ -52,9 +52,6 @@ files_dontaudit_search_var(ciped_t) fs_search_auto_mountpoints(ciped_t) -libs_use_ld_so(ciped_t) -libs_use_shared_libs(ciped_t) - logging_send_syslog_msg(ciped_t) miscfiles_read_localization(ciped_t) diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te index a73375c..f611ddf 100644 --- a/policy/modules/services/clamav.te +++ b/policy/modules/services/clamav.te @@ -107,9 +107,6 @@ files_read_etc_files(clamd_t) files_read_etc_runtime_files(clamd_t) files_search_spool(clamd_t) -libs_use_ld_so(clamd_t) -libs_use_shared_libs(clamd_t) - logging_send_syslog_msg(clamd_t) miscfiles_read_localization(clamd_t) @@ -175,9 +172,6 @@ domain_use_interactive_fds(freshclam_t) files_read_etc_files(freshclam_t) files_read_etc_runtime_files(freshclam_t) -libs_use_ld_so(freshclam_t) -libs_use_shared_libs(freshclam_t) - miscfiles_read_localization(freshclam_t) sysnet_dns_name_resolve(freshclam_t) @@ -222,9 +216,6 @@ files_search_var_lib(clamscan_t) init_read_utmp(clamscan_t) init_dontaudit_write_utmp(clamscan_t) -libs_use_ld_so(clamscan_t) -libs_use_shared_libs(clamscan_t) - miscfiles_read_localization(clamscan_t) miscfiles_read_public_files(clamscan_t) diff --git a/policy/modules/services/clockspeed.te b/policy/modules/services/clockspeed.te index f4ff7b1..f1699bc 100644 --- a/policy/modules/services/clockspeed.te +++ b/policy/modules/services/clockspeed.te @@ -37,9 +37,6 @@ corenet_sendrecv_ntp_client_packets(clockspeed_cli_t) files_list_var_lib(clockspeed_cli_t) files_read_etc_files(clockspeed_cli_t) -libs_use_ld_so(clockspeed_cli_t) -libs_use_shared_libs(clockspeed_cli_t) - miscfiles_read_localization(clockspeed_cli_t) ######################################## @@ -67,9 +64,6 @@ corenet_sendrecv_clockspeed_server_packets(clockspeed_srv_t) files_read_etc_files(clockspeed_srv_t) files_list_var_lib(clockspeed_srv_t) -libs_use_ld_so(clockspeed_srv_t) -libs_use_shared_libs(clockspeed_srv_t) - miscfiles_read_localization(clockspeed_srv_t) optional_policy(` diff --git a/policy/modules/services/comsat.te b/policy/modules/services/comsat.te index 534ec19..4881daf 100644 --- a/policy/modules/services/comsat.te +++ b/policy/modules/services/comsat.te @@ -62,9 +62,6 @@ auth_use_nsswitch(comsat_t) init_read_utmp(comsat_t) init_dontaudit_write_utmp(comsat_t) -libs_use_ld_so(comsat_t) -libs_use_shared_libs(comsat_t) - logging_send_syslog_msg(comsat_t) miscfiles_read_localization(comsat_t) diff --git a/policy/modules/services/consolekit.te b/policy/modules/services/consolekit.te index 5ab16bf..33deb95 100644 --- a/policy/modules/services/consolekit.te +++ b/policy/modules/services/consolekit.te @@ -47,9 +47,6 @@ term_use_all_terms(consolekit_t) auth_use_nsswitch(consolekit_t) -libs_use_ld_so(consolekit_t) -libs_use_shared_libs(consolekit_t) - miscfiles_read_localization(consolekit_t) optional_policy(` diff --git a/policy/modules/services/courier.if b/policy/modules/services/courier.if index 88f0170..f78a09f 100644 --- a/policy/modules/services/courier.if +++ b/policy/modules/services/courier.if @@ -68,9 +68,6 @@ template(`courier_domain_template',` fs_getattr_xattr_fs(courier_$1_t) fs_search_auto_mountpoints(courier_$1_t) - libs_use_ld_so(courier_$1_t) - libs_use_shared_libs(courier_$1_t) - logging_send_syslog_msg(courier_$1_t) sysnet_read_config(courier_$1_t) diff --git a/policy/modules/services/cpucontrol.te b/policy/modules/services/cpucontrol.te index bc750a4..0be0d01 100644 --- a/policy/modules/services/cpucontrol.te +++ b/policy/modules/services/cpucontrol.te @@ -51,9 +51,6 @@ files_list_usr(cpucontrol_t) init_use_fds(cpucontrol_t) init_use_script_ptys(cpucontrol_t) -libs_use_ld_so(cpucontrol_t) -libs_use_shared_libs(cpucontrol_t) - logging_send_syslog_msg(cpucontrol_t) userdom_dontaudit_use_unpriv_user_fds(cpucontrol_t) @@ -107,9 +104,6 @@ term_dontaudit_use_console(cpuspeed_t) init_use_fds(cpuspeed_t) init_use_script_ptys(cpuspeed_t) -libs_use_ld_so(cpuspeed_t) -libs_use_shared_libs(cpuspeed_t) - logging_send_syslog_msg(cpuspeed_t) miscfiles_read_localization(cpuspeed_t) diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if index c01a2fa..00186a1 100644 --- a/policy/modules/services/cron.if +++ b/policy/modules/services/cron.if @@ -120,8 +120,6 @@ template(`cron_per_role_template',` # for nscd: files_dontaudit_search_pids($1_crond_t) - libs_use_ld_so($1_crond_t) - libs_use_shared_libs($1_crond_t) libs_exec_lib_files($1_crond_t) libs_exec_ld_so($1_crond_t) @@ -233,9 +231,6 @@ template(`cron_per_role_template',` files_read_etc_files($1_crontab_t) files_dontaudit_search_pids($1_crontab_t) - libs_use_ld_so($1_crontab_t) - libs_use_shared_libs($1_crontab_t) - logging_send_syslog_msg($1_crontab_t) miscfiles_read_localization($1_crontab_t) diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te index 2277800..d8ffcc3 100644 --- a/policy/modules/services/cron.te +++ b/policy/modules/services/cron.te @@ -145,9 +145,6 @@ init_rw_utmp(crond_t) auth_use_nsswitch(crond_t) -libs_use_ld_so(crond_t) -libs_use_shared_libs(crond_t) - logging_send_syslog_msg(crond_t) seutil_read_config(crond_t) @@ -327,8 +324,6 @@ init_write_initctl(system_crond_t) auth_use_nsswitch(system_crond_t) -libs_use_ld_so(system_crond_t) -libs_use_shared_libs(system_crond_t) libs_exec_lib_files(system_crond_t) libs_exec_ld_so(system_crond_t) diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te index 22d152d..43bcd15 100644 --- a/policy/modules/services/cups.te +++ b/policy/modules/services/cups.te @@ -206,8 +206,6 @@ init_exec_script_files(cupsd_t) auth_use_nsswitch(cupsd_t) -libs_use_ld_so(cupsd_t) -libs_use_shared_libs(cupsd_t) # Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.* libs_read_lib_files(cupsd_t) @@ -347,9 +345,6 @@ init_getattr_script_files(cupsd_config_t) auth_use_nsswitch(cupsd_config_t) -libs_use_ld_so(cupsd_config_t) -libs_use_shared_libs(cupsd_config_t) - logging_send_syslog_msg(cupsd_config_t) miscfiles_read_localization(cupsd_config_t) @@ -470,9 +465,6 @@ files_read_etc_files(cupsd_lpd_t) auth_use_nsswitch(cupsd_lpd_t) -libs_use_ld_so(cupsd_lpd_t) -libs_use_shared_libs(cupsd_lpd_t) - logging_send_syslog_msg(cupsd_lpd_t) miscfiles_read_localization(cupsd_lpd_t) @@ -552,9 +544,6 @@ files_read_etc_files(hplip_t) files_read_etc_runtime_files(hplip_t) files_read_usr_files(hplip_t) -libs_use_ld_so(hplip_t) -libs_use_shared_libs(hplip_t) - logging_send_syslog_msg(hplip_t) miscfiles_read_localization(hplip_t) @@ -632,9 +621,6 @@ domain_use_interactive_fds(ptal_t) files_read_etc_files(ptal_t) files_read_etc_runtime_files(ptal_t) -libs_use_ld_so(ptal_t) -libs_use_shared_libs(ptal_t) - logging_send_syslog_msg(ptal_t) miscfiles_read_localization(ptal_t) diff --git a/policy/modules/services/cvs.te b/policy/modules/services/cvs.te index 98c88db..5d75e29 100644 --- a/policy/modules/services/cvs.te +++ b/policy/modules/services/cvs.te @@ -82,9 +82,6 @@ files_read_etc_runtime_files(cvs_t) # for identd; cjp: this should probably only be inetd_child rules? files_search_home(cvs_t) -libs_use_ld_so(cvs_t) -libs_use_shared_libs(cvs_t) - logging_send_syslog_msg(cvs_t) logging_send_audit_msgs(cvs_t) diff --git a/policy/modules/services/cyphesis.te b/policy/modules/services/cyphesis.te index 3133350..6e1c9fd 100644 --- a/policy/modules/services/cyphesis.te +++ b/policy/modules/services/cyphesis.te @@ -64,9 +64,6 @@ domain_use_interactive_fds(cyphesis_t) files_read_etc_files(cyphesis_t) files_read_usr_files(cyphesis_t) -libs_use_ld_so(cyphesis_t) -libs_use_shared_libs(cyphesis_t) - logging_send_syslog_msg(cyphesis_t) miscfiles_read_localization(cyphesis_t) diff --git a/policy/modules/services/cyrus.te b/policy/modules/services/cyrus.te index b782dda..b8fe817 100644 --- a/policy/modules/services/cyrus.te +++ b/policy/modules/services/cyrus.te @@ -99,8 +99,6 @@ files_read_usr_files(cyrus_t) auth_use_nsswitch(cyrus_t) -libs_use_ld_so(cyrus_t) -libs_use_shared_libs(cyrus_t) libs_exec_lib_files(cyrus_t) logging_send_syslog_msg(cyrus_t) diff --git a/policy/modules/services/dante.te b/policy/modules/services/dante.te index d2a6899..fd80978 100644 --- a/policy/modules/services/dante.te +++ b/policy/modules/services/dante.te @@ -62,9 +62,6 @@ fs_search_auto_mountpoints(dante_t) init_write_utmp(dante_t) -libs_use_ld_so(dante_t) -libs_use_shared_libs(dante_t) - logging_send_syslog_msg(dante_t) miscfiles_read_localization(dante_t) diff --git a/policy/modules/services/dbskk.te b/policy/modules/services/dbskk.te index 81293f8..b569c1a 100644 --- a/policy/modules/services/dbskk.te +++ b/policy/modules/services/dbskk.te @@ -65,9 +65,6 @@ files_read_etc_files(dbskkd_t) auth_use_nsswitch(dbskkd_t) -libs_use_ld_so(dbskkd_t) -libs_use_shared_libs(dbskkd_t) - logging_send_syslog_msg(dbskkd_t) miscfiles_read_localization(dbskkd_t) diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if index 3569877..f63337c 100644 --- a/policy/modules/services/dbus.if +++ b/policy/modules/services/dbus.if @@ -150,9 +150,6 @@ template(`dbus_per_role_template',` auth_read_pam_console_data($1_dbusd_t) auth_use_nsswitch($1_dbusd_t) - libs_use_ld_so($1_dbusd_t) - libs_use_shared_libs($1_dbusd_t) - logging_send_audit_msgs($1_dbusd_t) logging_send_syslog_msg($1_dbusd_t) diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te index 3054bce..0e5c879 100644 --- a/policy/modules/services/dbus.te +++ b/policy/modules/services/dbus.te @@ -92,9 +92,6 @@ files_read_usr_files(system_dbusd_t) init_use_fds(system_dbusd_t) init_use_script_ptys(system_dbusd_t) -libs_use_ld_so(system_dbusd_t) -libs_use_shared_libs(system_dbusd_t) - logging_send_audit_msgs(system_dbusd_t) logging_send_syslog_msg(system_dbusd_t) diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te index 6d7a82b..b3c90f3 100644 --- a/policy/modules/services/dcc.te +++ b/policy/modules/services/dcc.te @@ -105,9 +105,6 @@ corenet_udp_sendrecv_all_ports(cdcc_t) files_read_etc_files(cdcc_t) files_read_etc_runtime_files(cdcc_t) -libs_use_ld_so(cdcc_t) -libs_use_shared_libs(cdcc_t) - logging_send_syslog_msg(cdcc_t) miscfiles_read_localization(cdcc_t) @@ -148,9 +145,6 @@ corenet_udp_sendrecv_all_ports(dcc_client_t) files_read_etc_files(dcc_client_t) files_read_etc_runtime_files(dcc_client_t) -libs_use_ld_so(dcc_client_t) -libs_use_shared_libs(dcc_client_t) - logging_send_syslog_msg(dcc_client_t) miscfiles_read_localization(dcc_client_t) @@ -191,9 +185,6 @@ corenet_udp_sendrecv_all_ports(dcc_dbclean_t) files_read_etc_files(dcc_dbclean_t) files_read_etc_runtime_files(dcc_dbclean_t) -libs_use_ld_so(dcc_dbclean_t) -libs_use_shared_libs(dcc_dbclean_t) - logging_send_syslog_msg(dcc_dbclean_t) miscfiles_read_localization(dcc_dbclean_t) @@ -262,9 +253,6 @@ files_read_etc_runtime_files(dccd_t) fs_getattr_all_fs(dccd_t) fs_search_auto_mountpoints(dccd_t) -libs_use_ld_so(dccd_t) -libs_use_shared_libs(dccd_t) - logging_send_syslog_msg(dccd_t) miscfiles_read_localization(dccd_t) @@ -336,9 +324,6 @@ files_read_etc_runtime_files(dccifd_t) fs_getattr_all_fs(dccifd_t) fs_search_auto_mountpoints(dccifd_t) -libs_use_ld_so(dccifd_t) -libs_use_shared_libs(dccifd_t) - logging_send_syslog_msg(dccifd_t) miscfiles_read_localization(dccifd_t) @@ -409,9 +394,6 @@ files_read_etc_runtime_files(dccm_t) fs_getattr_all_fs(dccm_t) fs_search_auto_mountpoints(dccm_t) -libs_use_ld_so(dccm_t) -libs_use_shared_libs(dccm_t) - logging_send_syslog_msg(dccm_t) miscfiles_read_localization(dccm_t) diff --git a/policy/modules/services/ddclient.te b/policy/modules/services/ddclient.te index 9963cbb..dccbbe2 100644 --- a/policy/modules/services/ddclient.te +++ b/policy/modules/services/ddclient.te @@ -90,9 +90,6 @@ files_read_usr_files(ddclient_t) fs_getattr_all_fs(ddclient_t) fs_search_auto_mountpoints(ddclient_t) -libs_use_ld_so(ddclient_t) -libs_use_shared_libs(ddclient_t) - logging_send_syslog_msg(ddclient_t) miscfiles_read_localization(ddclient_t) diff --git a/policy/modules/services/dhcp.te b/policy/modules/services/dhcp.te index 7f7729e..9e125b7 100644 --- a/policy/modules/services/dhcp.te +++ b/policy/modules/services/dhcp.te @@ -88,9 +88,6 @@ files_read_usr_files(dhcpd_t) files_read_etc_runtime_files(dhcpd_t) files_search_var_lib(dhcpd_t) -libs_use_ld_so(dhcpd_t) -libs_use_shared_libs(dhcpd_t) - logging_send_syslog_msg(dhcpd_t) miscfiles_read_localization(dhcpd_t) diff --git a/policy/modules/services/dictd.te b/policy/modules/services/dictd.te index 0efb8d0..1300aec 100644 --- a/policy/modules/services/dictd.te +++ b/policy/modules/services/dictd.te @@ -74,9 +74,6 @@ files_search_var_lib(dictd_t) # for checking for nscd files_dontaudit_search_pids(dictd_t) -libs_use_ld_so(dictd_t) -libs_use_shared_libs(dictd_t) - logging_send_syslog_msg(dictd_t) miscfiles_read_localization(dictd_t) diff --git a/policy/modules/services/distcc.te b/policy/modules/services/distcc.te index 10b412c..eb74f4e 100644 --- a/policy/modules/services/distcc.te +++ b/policy/modules/services/distcc.te @@ -70,8 +70,6 @@ domain_use_interactive_fds(distccd_t) files_read_etc_files(distccd_t) files_read_etc_runtime_files(distccd_t) -libs_use_ld_so(distccd_t) -libs_use_shared_libs(distccd_t) libs_exec_lib_files(distccd_t) logging_send_syslog_msg(distccd_t) diff --git a/policy/modules/services/djbdns.if b/policy/modules/services/djbdns.if index ca7d45f..eec46ce 100644 --- a/policy/modules/services/djbdns.if +++ b/policy/modules/services/djbdns.if @@ -49,7 +49,4 @@ template(`djbdns_daemontools_domain_template',` corenet_sendrecv_generic_server_packets(djbdns_$1_t) files_search_var(djbdns_$1_t) - - libs_use_ld_so(djbdns_$1_t) - libs_use_shared_libs(djbdns_$1_t) ') diff --git a/policy/modules/services/djbdns.te b/policy/modules/services/djbdns.te index 4fce93a..d1693cb 100644 --- a/policy/modules/services/djbdns.te +++ b/policy/modules/services/djbdns.te @@ -41,7 +41,4 @@ allow djbdns_axfrdns_t djbdns_tinydns_conf_t:file read_file_perms; files_search_var(djbdns_axfrdns_t) -libs_use_ld_so(djbdns_axfrdns_t) -libs_use_shared_libs(djbdns_axfrdns_t) - ucspitcp_service_domain(djbdns_axfrdns_t, djbdns_axfrdns_exec_t) diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te index 86085fb..9dbbc52 100644 --- a/policy/modules/services/dnsmasq.te +++ b/policy/modules/services/dnsmasq.te @@ -71,9 +71,6 @@ files_read_etc_files(dnsmasq_t) fs_getattr_all_fs(dnsmasq_t) fs_search_auto_mountpoints(dnsmasq_t) -libs_use_ld_so(dnsmasq_t) -libs_use_shared_libs(dnsmasq_t) - logging_send_syslog_msg(dnsmasq_t) miscfiles_read_localization(dnsmasq_t) diff --git a/policy/modules/services/dovecot.te b/policy/modules/services/dovecot.te index 9785ac9..0148550 100644 --- a/policy/modules/services/dovecot.te +++ b/policy/modules/services/dovecot.te @@ -104,9 +104,6 @@ init_getattr_utmp(dovecot_t) auth_use_nsswitch(dovecot_t) -libs_use_ld_so(dovecot_t) -libs_use_shared_libs(dovecot_t) - logging_send_syslog_msg(dovecot_t) miscfiles_read_certs(dovecot_t) @@ -173,9 +170,6 @@ files_read_var_lib_files(dovecot_t) init_rw_utmp(dovecot_auth_t) -libs_use_ld_so(dovecot_auth_t) -libs_use_shared_libs(dovecot_auth_t) - miscfiles_read_localization(dovecot_auth_t) seutil_dontaudit_search_config(dovecot_auth_t) diff --git a/policy/modules/services/exim.te b/policy/modules/services/exim.te index e74ccd5..eb01ac7 100644 --- a/policy/modules/services/exim.te +++ b/policy/modules/services/exim.te @@ -93,9 +93,6 @@ files_read_etc_files(exim_t) auth_use_nsswitch(exim_t) -libs_use_ld_so(exim_t) -libs_use_shared_libs(exim_t) - logging_send_syslog_msg(exim_t) miscfiles_read_localization(exim_t) diff --git a/policy/modules/services/fail2ban.te b/policy/modules/services/fail2ban.te index 78af654..c6fef98 100644 --- a/policy/modules/services/fail2ban.te +++ b/policy/modules/services/fail2ban.te @@ -70,9 +70,6 @@ fs_getattr_all_fs(fail2ban_t) auth_use_nsswitch(fail2ban_t) -libs_use_ld_so(fail2ban_t) -libs_use_shared_libs(fail2ban_t) - logging_read_all_logs(fail2ban_t) miscfiles_read_localization(fail2ban_t) diff --git a/policy/modules/services/fetchmail.te b/policy/modules/services/fetchmail.te index de305db..b9720c1 100644 --- a/policy/modules/services/fetchmail.te +++ b/policy/modules/services/fetchmail.te @@ -72,9 +72,6 @@ fs_search_auto_mountpoints(fetchmail_t) domain_use_interactive_fds(fetchmail_t) -libs_use_ld_so(fetchmail_t) -libs_use_shared_libs(fetchmail_t) - logging_send_syslog_msg(fetchmail_t) miscfiles_read_localization(fetchmail_t) diff --git a/policy/modules/services/finger.te b/policy/modules/services/finger.te index add0d44..0c8a0b8 100644 --- a/policy/modules/services/finger.te +++ b/policy/modules/services/finger.te @@ -80,9 +80,6 @@ files_read_etc_runtime_files(fingerd_t) init_read_utmp(fingerd_t) init_dontaudit_write_utmp(fingerd_t) -libs_use_ld_so(fingerd_t) -libs_use_shared_libs(fingerd_t) - logging_send_syslog_msg(fingerd_t) mta_getattr_spool(fingerd_t) diff --git a/policy/modules/services/ftp.te b/policy/modules/services/ftp.te index b5932e8..6c0dcf0 100644 --- a/policy/modules/services/ftp.te +++ b/policy/modules/services/ftp.te @@ -171,9 +171,6 @@ auth_rw_faillog(ftpd_t) init_rw_utmp(ftpd_t) -libs_use_ld_so(ftpd_t) -libs_use_shared_libs(ftpd_t) - logging_send_audit_msgs(ftpd_t) logging_send_syslog_msg(ftpd_t) logging_set_loginuid(ftpd_t) @@ -295,6 +292,3 @@ files_tmp_filetrans(ftpdctl_t, ftpdctl_tmp_t, sock_file) # Allow ftpdctl to read config files files_read_etc_files(ftpdctl_t) - -libs_use_ld_so(ftpdctl_t) -libs_use_shared_libs(ftpdctl_t) diff --git a/policy/modules/services/gatekeeper.te b/policy/modules/services/gatekeeper.te index 70acca3..c8b8742 100644 --- a/policy/modules/services/gatekeeper.te +++ b/policy/modules/services/gatekeeper.te @@ -78,9 +78,6 @@ files_read_etc_files(gatekeeper_t) fs_getattr_all_fs(gatekeeper_t) fs_search_auto_mountpoints(gatekeeper_t) -libs_use_ld_so(gatekeeper_t) -libs_use_shared_libs(gatekeeper_t) - logging_send_syslog_msg(gatekeeper_t) miscfiles_read_localization(gatekeeper_t) diff --git a/policy/modules/services/gpm.te b/policy/modules/services/gpm.te index c666074..9ad5472 100644 --- a/policy/modules/services/gpm.te +++ b/policy/modules/services/gpm.te @@ -61,9 +61,6 @@ term_use_unallocated_ttys(gpm_t) domain_use_interactive_fds(gpm_t) -libs_use_ld_so(gpm_t) -libs_use_shared_libs(gpm_t) - logging_send_syslog_msg(gpm_t) miscfiles_read_localization(gpm_t) diff --git a/policy/modules/services/hal.te b/policy/modules/services/hal.te index 3ad7b73..260c08d 100644 --- a/policy/modules/services/hal.te +++ b/policy/modules/services/hal.te @@ -178,8 +178,6 @@ init_read_utmp(hald_t) init_rw_utmp(hald_t) init_telinit(hald_t) -libs_use_ld_so(hald_t) -libs_use_shared_libs(hald_t) libs_exec_ld_so(hald_t) libs_exec_lib_files(hald_t) @@ -341,9 +339,6 @@ storage_setattr_removable_dev(hald_acl_t) auth_use_nsswitch(hald_acl_t) -libs_use_ld_so(hald_acl_t) -libs_use_shared_libs(hald_acl_t) - miscfiles_read_localization(hald_acl_t) ######################################## @@ -367,9 +362,6 @@ dev_read_sysfs(hald_mac_t) files_read_usr_files(hald_mac_t) -libs_use_ld_so(hald_mac_t) -libs_use_shared_libs(hald_mac_t) - miscfiles_read_localization(hald_mac_t) ######################################## @@ -390,9 +382,6 @@ files_search_var_lib(hald_sonypic_t) files_read_usr_files(hald_sonypic_t) -libs_use_ld_so(hald_sonypic_t) -libs_use_shared_libs(hald_sonypic_t) - miscfiles_read_localization(hald_sonypic_t) ######################################## @@ -412,9 +401,6 @@ dev_rw_input_dev(hald_keymap_t) files_read_usr_files(hald_keymap_t) -libs_use_ld_so(hald_keymap_t) -libs_use_shared_libs(hald_keymap_t) - miscfiles_read_localization(hald_keymap_t) # This is caused by a bug in hald and PolicyKit. diff --git a/policy/modules/services/howl.te b/policy/modules/services/howl.te index 91ab1a8..e135a7e 100644 --- a/policy/modules/services/howl.te +++ b/policy/modules/services/howl.te @@ -59,9 +59,6 @@ files_read_etc_files(howl_t) init_rw_utmp(howl_t) -libs_use_ld_so(howl_t) -libs_use_shared_libs(howl_t) - logging_send_syslog_msg(howl_t) miscfiles_read_localization(howl_t) diff --git a/policy/modules/services/i18n_input.te b/policy/modules/services/i18n_input.te index eef4f21..f3db142 100644 --- a/policy/modules/services/i18n_input.te +++ b/policy/modules/services/i18n_input.te @@ -67,9 +67,6 @@ files_read_usr_files(i18n_input_t) init_stream_connect_script(i18n_input_t) -libs_use_ld_so(i18n_input_t) -libs_use_shared_libs(i18n_input_t) - logging_send_syslog_msg(i18n_input_t) miscfiles_read_localization(i18n_input_t) diff --git a/policy/modules/services/imaze.te b/policy/modules/services/imaze.te index 6ecb759..d8c62bf 100644 --- a/policy/modules/services/imaze.te +++ b/policy/modules/services/imaze.te @@ -78,9 +78,6 @@ files_read_etc_files(imazesrv_t) fs_getattr_all_fs(imazesrv_t) fs_search_auto_mountpoints(imazesrv_t) -libs_use_ld_so(imazesrv_t) -libs_use_shared_libs(imazesrv_t) - logging_send_syslog_msg(imazesrv_t) miscfiles_read_localization(imazesrv_t) diff --git a/policy/modules/services/inetd.te b/policy/modules/services/inetd.te index acd1ea8..d788754 100644 --- a/policy/modules/services/inetd.te +++ b/policy/modules/services/inetd.te @@ -137,9 +137,6 @@ domain_use_interactive_fds(inetd_t) files_read_etc_files(inetd_t) -libs_use_ld_so(inetd_t) -libs_use_shared_libs(inetd_t) - logging_send_syslog_msg(inetd_t) miscfiles_read_localization(inetd_t) @@ -226,9 +223,6 @@ files_read_etc_files(inetd_child_t) auth_use_nsswitch(inetd_child_t) -libs_use_ld_so(inetd_child_t) -libs_use_shared_libs(inetd_child_t) - logging_send_syslog_msg(inetd_child_t) miscfiles_read_localization(inetd_child_t) diff --git a/policy/modules/services/inn.te b/policy/modules/services/inn.te index 84432ed..e0d02e0 100644 --- a/policy/modules/services/inn.te +++ b/policy/modules/services/inn.te @@ -96,9 +96,6 @@ files_read_etc_files(innd_t) files_read_etc_runtime_files(innd_t) files_read_usr_files(innd_t) -libs_use_ld_so(innd_t) -libs_use_shared_libs(innd_t) - logging_send_syslog_msg(innd_t) miscfiles_read_localization(innd_t) diff --git a/policy/modules/services/ircd.te b/policy/modules/services/ircd.te index 9cc6fef..fafbdd5 100644 --- a/policy/modules/services/ircd.te +++ b/policy/modules/services/ircd.te @@ -72,9 +72,6 @@ files_read_etc_runtime_files(ircd_t) fs_getattr_all_fs(ircd_t) fs_search_auto_mountpoints(ircd_t) -libs_use_ld_so(ircd_t) -libs_use_shared_libs(ircd_t) - logging_send_syslog_msg(ircd_t) miscfiles_read_localization(ircd_t) diff --git a/policy/modules/services/irqbalance.te b/policy/modules/services/irqbalance.te index 625cb8c..a7e1ad4 100644 --- a/policy/modules/services/irqbalance.te +++ b/policy/modules/services/irqbalance.te @@ -42,9 +42,6 @@ fs_search_auto_mountpoints(irqbalance_t) domain_use_interactive_fds(irqbalance_t) -libs_use_ld_so(irqbalance_t) -libs_use_shared_libs(irqbalance_t) - logging_send_syslog_msg(irqbalance_t) miscfiles_read_localization(irqbalance_t) diff --git a/policy/modules/services/jabber.te b/policy/modules/services/jabber.te index 04674d9..6a123ff 100644 --- a/policy/modules/services/jabber.te +++ b/policy/modules/services/jabber.te @@ -73,9 +73,6 @@ files_read_etc_runtime_files(jabberd_t) fs_getattr_all_fs(jabberd_t) fs_search_auto_mountpoints(jabberd_t) -libs_use_ld_so(jabberd_t) -libs_use_shared_libs(jabberd_t) - logging_send_syslog_msg(jabberd_t) miscfiles_read_localization(jabberd_t) diff --git a/policy/modules/services/kerberos.te b/policy/modules/services/kerberos.te index 7956795..8ab5c86 100644 --- a/policy/modules/services/kerberos.te +++ b/policy/modules/services/kerberos.te @@ -143,9 +143,6 @@ files_read_var_files(kadmind_t) selinux_validate_context(kadmind_t) -libs_use_ld_so(kadmind_t) -libs_use_shared_libs(kadmind_t) - logging_send_syslog_msg(kadmind_t) miscfiles_read_localization(kadmind_t) @@ -247,9 +244,6 @@ files_read_var_files(krb5kdc_t) selinux_validate_context(krb5kdc_t) -libs_use_ld_so(krb5kdc_t) -libs_use_shared_libs(krb5kdc_t) - logging_send_syslog_msg(krb5kdc_t) miscfiles_read_localization(krb5kdc_t) @@ -304,9 +298,6 @@ dev_read_urand(kpropd_t) files_read_etc_files(kpropd_t) files_search_tmp(kpropd_t) -libs_use_ld_so(kpropd_t) -libs_use_shared_libs(kpropd_t) - logging_send_syslog_msg(kpropd_t) miscfiles_read_localization(kpropd_t) diff --git a/policy/modules/services/kerneloops.te b/policy/modules/services/kerneloops.te index 19b297f..f9bb268 100644 --- a/policy/modules/services/kerneloops.te +++ b/policy/modules/services/kerneloops.te @@ -38,9 +38,6 @@ corenet_tcp_connect_http_port(kerneloops_t) files_read_etc_files(kerneloops_t) -libs_use_ld_so(kerneloops_t) -libs_use_shared_libs(kerneloops_t) - logging_send_syslog_msg(kerneloops_t) logging_read_generic_logs(kerneloops_t) diff --git a/policy/modules/services/ktalk.te b/policy/modules/services/ktalk.te index d4ac027..f0bece2 100644 --- a/policy/modules/services/ktalk.te +++ b/policy/modules/services/ktalk.te @@ -74,8 +74,6 @@ auth_use_nsswitch(ktalkd_t) init_read_utmp(ktalkd_t) -libs_use_ld_so(ktalkd_t) -libs_use_shared_libs(ktalkd_t) logging_send_syslog_msg(ktalkd_t) miscfiles_read_localization(ktalkd_t) diff --git a/policy/modules/services/ldap.te b/policy/modules/services/ldap.te index 0038d75..07d2572 100644 --- a/policy/modules/services/ldap.te +++ b/policy/modules/services/ldap.te @@ -108,9 +108,6 @@ files_list_var_lib(slapd_t) auth_use_nsswitch(slapd_t) -libs_use_ld_so(slapd_t) -libs_use_shared_libs(slapd_t) - logging_send_syslog_msg(slapd_t) miscfiles_read_certs(slapd_t) diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if index b447c02..ae4ac06 100644 --- a/policy/modules/services/lpd.if +++ b/policy/modules/services/lpd.if @@ -134,9 +134,6 @@ template(`lpd_per_role_template',` term_use_controlling_term($1_lpr_t) term_use_generic_ptys($1_lpr_t) - libs_use_ld_so($1_lpr_t) - libs_use_shared_libs($1_lpr_t) - miscfiles_read_localization($1_lpr_t) sysnet_read_config($1_lpr_t) diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te index ca30c34..6093e9b 100644 --- a/policy/modules/services/lpd.te +++ b/policy/modules/services/lpd.te @@ -98,9 +98,6 @@ init_use_script_ptys(checkpc_t) # Allow access to /dev/console through the fd: init_use_fds(checkpc_t) -libs_use_ld_so(checkpc_t) -libs_use_shared_libs(checkpc_t) - sysnet_read_config(checkpc_t) optional_policy(` @@ -189,9 +186,6 @@ files_read_var_lib_symlinks(lpd_t) # config files for lpd are of type etc_t, probably should change this files_read_etc_files(lpd_t) -libs_use_ld_so(lpd_t) -libs_use_shared_libs(lpd_t) - logging_send_syslog_msg(lpd_t) miscfiles_read_fonts(lpd_t) diff --git a/policy/modules/services/mailman.if b/policy/modules/services/mailman.if index dfe403b..717d14b 100644 --- a/policy/modules/services/mailman.if +++ b/policy/modules/services/mailman.if @@ -76,8 +76,6 @@ template(`mailman_domain_template', ` auth_use_nsswitch(mailman_$1_t) - libs_use_ld_so(mailman_$1_t) - libs_use_shared_libs(mailman_$1_t) libs_exec_ld_so(mailman_$1_t) libs_exec_lib_files(mailman_$1_t) diff --git a/policy/modules/services/memcached.te b/policy/modules/services/memcached.te index 1726752..3dc2b48 100644 --- a/policy/modules/services/memcached.te +++ b/policy/modules/services/memcached.te @@ -44,9 +44,6 @@ files_pid_filetrans(memcached_t,memcached_var_run_t, { file dir }) files_read_etc_files(memcached_t) -libs_use_ld_so(memcached_t) -libs_use_shared_libs(memcached_t) - miscfiles_read_localization(memcached_t) sysnet_dns_name_resolve(memcached_t) diff --git a/policy/modules/services/monop.te b/policy/modules/services/monop.te index 04b480f..df46abf 100644 --- a/policy/modules/services/monop.te +++ b/policy/modules/services/monop.te @@ -64,9 +64,6 @@ files_read_etc_files(monopd_t) fs_getattr_all_fs(monopd_t) fs_search_auto_mountpoints(monopd_t) -libs_use_ld_so(monopd_t) -libs_use_shared_libs(monopd_t) - logging_send_syslog_msg(monopd_t) miscfiles_read_localization(monopd_t) diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if index f5c6a87..23ba2b2 100644 --- a/policy/modules/services/mta.if +++ b/policy/modules/services/mta.if @@ -89,9 +89,6 @@ template(`mta_base_mail_template',` auth_use_nsswitch($1_mail_t) - libs_use_ld_so($1_mail_t) - libs_use_shared_libs($1_mail_t) - logging_send_syslog_msg($1_mail_t) miscfiles_read_localization($1_mail_t) diff --git a/policy/modules/services/munin.te b/policy/modules/services/munin.te index 2a7f58f..e5f05ae 100644 --- a/policy/modules/services/munin.te +++ b/policy/modules/services/munin.te @@ -86,9 +86,6 @@ files_read_usr_files(munin_t) fs_getattr_all_fs(munin_t) fs_search_auto_mountpoints(munin_t) -libs_use_ld_so(munin_t) -libs_use_shared_libs(munin_t) - logging_send_syslog_msg(munin_t) miscfiles_read_localization(munin_t) diff --git a/policy/modules/services/mysql.te b/policy/modules/services/mysql.te index 760dad2..c093fc4 100644 --- a/policy/modules/services/mysql.te +++ b/policy/modules/services/mysql.te @@ -90,9 +90,6 @@ files_search_var_lib(mysqld_t) auth_use_nsswitch(mysqld_t) -libs_use_ld_so(mysqld_t) -libs_use_shared_libs(mysqld_t) - logging_send_syslog_msg(mysqld_t) miscfiles_read_localization(mysqld_t) diff --git a/policy/modules/services/nagios.te b/policy/modules/services/nagios.te index 5a92af1..3d6b783 100644 --- a/policy/modules/services/nagios.te +++ b/policy/modules/services/nagios.te @@ -95,9 +95,6 @@ init_read_utmp(nagios_t) auth_use_nsswitch(nagios_t) -libs_use_ld_so(nagios_t) -libs_use_shared_libs(nagios_t) - logging_send_syslog_msg(nagios_t) miscfiles_read_localization(nagios_t) @@ -156,9 +153,6 @@ files_read_etc_files(nagios_cgi_t) files_read_etc_runtime_files(nagios_cgi_t) files_read_kernel_symbol_table(nagios_cgi_t) -libs_use_ld_so(nagios_cgi_t) -libs_use_shared_libs(nagios_cgi_t) - logging_send_syslog_msg(nagios_cgi_t) logging_search_logs(nagios_cgi_t) @@ -195,9 +189,6 @@ files_read_etc_runtime_files(nrpe_t) fs_search_auto_mountpoints(nrpe_t) -libs_use_ld_so(nrpe_t) -libs_use_shared_libs(nrpe_t) - logging_send_syslog_msg(nrpe_t) miscfiles_read_localization(nrpe_t) diff --git a/policy/modules/services/nessus.te b/policy/modules/services/nessus.te index af734bc..1d265b0 100644 --- a/policy/modules/services/nessus.te +++ b/policy/modules/services/nessus.te @@ -84,9 +84,6 @@ files_read_etc_runtime_files(nessusd_t) fs_getattr_all_fs(nessusd_t) fs_search_auto_mountpoints(nessusd_t) -libs_use_ld_so(nessusd_t) -libs_use_shared_libs(nessusd_t) - logging_send_syslog_msg(nessusd_t) miscfiles_read_localization(nessusd_t) diff --git a/policy/modules/services/networkmanager.te b/policy/modules/services/networkmanager.te index 3f4f55a..f978889 100644 --- a/policy/modules/services/networkmanager.te +++ b/policy/modules/services/networkmanager.te @@ -107,9 +107,6 @@ files_read_usr_files(NetworkManager_t) init_read_utmp(NetworkManager_t) init_domtrans_script(NetworkManager_t) -libs_use_ld_so(NetworkManager_t) -libs_use_shared_libs(NetworkManager_t) - logging_send_syslog_msg(NetworkManager_t) miscfiles_read_localization(NetworkManager_t) @@ -215,9 +212,6 @@ rw_sock_files_pattern(wpa_cli_t, NetworkManager_var_run_t, NetworkManager_var_ru init_dontaudit_use_fds(wpa_cli_t) init_use_script_ptys(wpa_cli_t) -libs_use_ld_so(wpa_cli_t) -libs_use_shared_libs(wpa_cli_t) - miscfiles_read_localization(wpa_cli_t) term_dontaudit_use_console(wpa_cli_t) diff --git a/policy/modules/services/nis.te b/policy/modules/services/nis.te index bd0e701..bfcdfcb 100644 --- a/policy/modules/services/nis.te +++ b/policy/modules/services/nis.te @@ -101,9 +101,6 @@ domain_use_interactive_fds(ypbind_t) files_read_etc_files(ypbind_t) files_list_var(ypbind_t) -libs_use_ld_so(ypbind_t) -libs_use_shared_libs(ypbind_t) - logging_send_syslog_msg(ypbind_t) miscfiles_read_localization(ypbind_t) @@ -183,9 +180,6 @@ files_read_etc_files(yppasswdd_t) files_read_etc_runtime_files(yppasswdd_t) files_relabel_etc_files(yppasswdd_t) -libs_use_ld_so(yppasswdd_t) -libs_use_shared_libs(yppasswdd_t) - logging_send_syslog_msg(yppasswdd_t) miscfiles_read_localization(yppasswdd_t) @@ -265,9 +259,6 @@ domain_use_interactive_fds(ypserv_t) files_read_var_files(ypserv_t) files_read_etc_files(ypserv_t) -libs_use_ld_so(ypserv_t) -libs_use_shared_libs(ypserv_t) - logging_send_syslog_msg(ypserv_t) miscfiles_read_localization(ypserv_t) @@ -327,9 +318,6 @@ corenet_sendrecv_all_client_packets(ypxfr_t) files_read_etc_files(ypxfr_t) files_search_usr(ypxfr_t) -libs_use_shared_libs(ypxfr_t) -libs_use_ld_so(ypxfr_t) - logging_send_syslog_msg(ypxfr_t) miscfiles_read_localization(ypxfr_t) diff --git a/policy/modules/services/nscd.te b/policy/modules/services/nscd.te index e871857..f99aa8a 100644 --- a/policy/modules/services/nscd.te +++ b/policy/modules/services/nscd.te @@ -90,9 +90,6 @@ files_read_generic_tmp_symlinks(nscd_t) # Needed to read files created by firstboot "/etc/hesiod.conf" files_read_etc_runtime_files(nscd_t) -libs_use_ld_so(nscd_t) -libs_use_shared_libs(nscd_t) - logging_send_syslog_msg(nscd_t) miscfiles_read_localization(nscd_t) diff --git a/policy/modules/services/nsd.te b/policy/modules/services/nsd.te index 7cd87e5..f50ef97 100644 --- a/policy/modules/services/nsd.te +++ b/policy/modules/services/nsd.te @@ -86,9 +86,6 @@ files_read_etc_runtime_files(nsd_t) fs_getattr_all_fs(nsd_t) fs_search_auto_mountpoints(nsd_t) -libs_use_ld_so(nsd_t) -libs_use_shared_libs(nsd_t) - logging_send_syslog_msg(nsd_t) miscfiles_read_localization(nsd_t) @@ -164,9 +161,6 @@ files_read_etc_files(nsd_crond_t) files_read_etc_runtime_files(nsd_crond_t) files_search_var_lib(nsd_t) -libs_use_ld_so(nsd_crond_t) -libs_use_shared_libs(nsd_crond_t) - logging_send_syslog_msg(nsd_crond_t) miscfiles_read_localization(nsd_crond_t) diff --git a/policy/modules/services/ntop.te b/policy/modules/services/ntop.te index fd48217..dce93e7 100644 --- a/policy/modules/services/ntop.te +++ b/policy/modules/services/ntop.te @@ -82,9 +82,6 @@ files_read_etc_files(ntop_t) fs_getattr_all_fs(ntop_t) fs_search_auto_mountpoints(ntop_t) -libs_use_ld_so(ntop_t) -libs_use_shared_libs(ntop_t) - logging_send_syslog_msg(ntop_t) miscfiles_read_localization(ntop_t) diff --git a/policy/modules/services/ntp.te b/policy/modules/services/ntp.te index 19005e3..b5b2701 100644 --- a/policy/modules/services/ntp.te +++ b/policy/modules/services/ntp.te @@ -108,9 +108,6 @@ files_list_var_lib(ntpd_t) init_exec_script_files(ntpd_t) -libs_use_ld_so(ntpd_t) -libs_use_shared_libs(ntpd_t) - logging_send_syslog_msg(ntpd_t) miscfiles_read_localization(ntpd_t) diff --git a/policy/modules/services/nx.te b/policy/modules/services/nx.te index 16d321d..1477950 100644 --- a/policy/modules/services/nx.te +++ b/policy/modules/services/nx.te @@ -70,9 +70,6 @@ files_read_etc_runtime_files(nx_server_t) # but users need to be able to also read the config files_read_usr_files(nx_server_t) -libs_use_ld_so(nx_server_t) -libs_use_shared_libs(nx_server_t) - miscfiles_read_localization(nx_server_t) seutil_dontaudit_search_config(nx_server_t) diff --git a/policy/modules/services/oav.te b/policy/modules/services/oav.te index fc63af2..d865e02 100644 --- a/policy/modules/services/oav.te +++ b/policy/modules/services/oav.te @@ -60,12 +60,8 @@ corenet_udp_sendrecv_all_ports(oav_update_t) files_exec_etc_files(oav_update_t) -libs_use_ld_so(oav_update_t) -libs_use_shared_libs(oav_update_t) libs_exec_ld_so(oav_update_t) libs_exec_lib_files(oav_update_t) -libs_use_ld_so(oav_update_t) -libs_use_shared_libs(oav_update_t) logging_send_syslog_msg(oav_update_t) @@ -127,11 +123,7 @@ fs_search_auto_mountpoints(scannerdaemon_t) auth_dontaudit_read_shadow(scannerdaemon_t) -libs_use_ld_so(scannerdaemon_t) -libs_use_shared_libs(scannerdaemon_t) # Can run kaffe -libs_use_ld_so(scannerdaemon_t) -libs_use_shared_libs(scannerdaemon_t) libs_exec_ld_so(scannerdaemon_t) libs_exec_lib_files(scannerdaemon_t) diff --git a/policy/modules/services/oddjob.te b/policy/modules/services/oddjob.te index 051098c..c48e0f2 100644 --- a/policy/modules/services/oddjob.te +++ b/policy/modules/services/oddjob.te @@ -47,9 +47,6 @@ selinux_compute_create_context(oddjob_t) files_read_etc_files(oddjob_t) -libs_use_ld_so(oddjob_t) -libs_use_shared_libs(oddjob_t) - miscfiles_read_localization(oddjob_t) locallogin_dontaudit_use_fds(oddjob_t) @@ -73,9 +70,6 @@ allow oddjob_mkhomedir_t self:unix_stream_socket create_stream_socket_perms; files_read_etc_files(oddjob_mkhomedir_t) -libs_use_ld_so(oddjob_mkhomedir_t) -libs_use_shared_libs(oddjob_mkhomedir_t) - miscfiles_read_localization(oddjob_mkhomedir_t) staff_manage_home_dirs(oddjob_mkhomedir_t) diff --git a/policy/modules/services/oident.te b/policy/modules/services/oident.te index e0898be..0a7195c 100644 --- a/policy/modules/services/oident.te +++ b/policy/modules/services/oident.te @@ -47,9 +47,6 @@ kernel_read_network_state(oidentd_t) kernel_read_network_state_symlinks(oidentd_t) kernel_read_sysctl(oidentd_t) -libs_use_ld_so(oidentd_t) -libs_use_shared_libs(oidentd_t) - logging_send_syslog_msg(oidentd_t) miscfiles_read_localization(oidentd_t) diff --git a/policy/modules/services/openca.te b/policy/modules/services/openca.te index 6414fe1..f5162c8 100644 --- a/policy/modules/services/openca.te +++ b/policy/modules/services/openca.te @@ -76,8 +76,6 @@ files_list_default(openca_ca_t) init_use_fds(openca_ca_t) init_use_script_fds(openca_ca_t) -libs_use_ld_so(openca_ca_t) -libs_use_shared_libs(openca_ca_t) libs_exec_lib_files(openca_ca_t) apache_append_log(openca_ca_t) diff --git a/policy/modules/services/openct.te b/policy/modules/services/openct.te index 4a48f86..cb046d9 100644 --- a/policy/modules/services/openct.te +++ b/policy/modules/services/openct.te @@ -43,9 +43,6 @@ files_read_etc_files(openct_t) fs_getattr_all_fs(openct_t) fs_search_auto_mountpoints(openct_t) -libs_use_ld_so(openct_t) -libs_use_shared_libs(openct_t) - logging_send_syslog_msg(openct_t) miscfiles_read_localization(openct_t) diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te index abca5d3..ed97458 100644 --- a/policy/modules/services/openvpn.te +++ b/policy/modules/services/openvpn.te @@ -92,9 +92,6 @@ dev_read_urand(openvpn_t) files_read_etc_files(openvpn_t) files_read_etc_runtime_files(openvpn_t) -libs_use_ld_so(openvpn_t) -libs_use_shared_libs(openvpn_t) - logging_send_syslog_msg(openvpn_t) miscfiles_read_localization(openvpn_t) diff --git a/policy/modules/services/pcscd.te b/policy/modules/services/pcscd.te index b3e9931..4258619 100644 --- a/policy/modules/services/pcscd.te +++ b/policy/modules/services/pcscd.te @@ -48,9 +48,6 @@ files_read_etc_runtime_files(pcscd_t) term_use_unallocated_ttys(pcscd_t) term_dontaudit_getattr_pty_dirs(pcscd_t) -libs_use_ld_so(pcscd_t) -libs_use_shared_libs(pcscd_t) - locallogin_use_fds(pcscd_t) logging_send_syslog_msg(pcscd_t) diff --git a/policy/modules/services/pegasus.te b/policy/modules/services/pegasus.te index c4223eb..8f206d5 100644 --- a/policy/modules/services/pegasus.te +++ b/policy/modules/services/pegasus.te @@ -110,9 +110,6 @@ hostname_exec(pegasus_t) init_rw_utmp(pegasus_t) init_stream_connect_script(pegasus_t) -libs_use_ld_so(pegasus_t) -libs_use_shared_libs(pegasus_t) - logging_send_audit_msgs(pegasus_t) logging_send_syslog_msg(pegasus_t) diff --git a/policy/modules/services/perdition.te b/policy/modules/services/perdition.te index e7c6650..e54e60d 100644 --- a/policy/modules/services/perdition.te +++ b/policy/modules/services/perdition.te @@ -58,9 +58,6 @@ fs_search_auto_mountpoints(perdition_t) files_read_etc_files(perdition_t) -libs_use_ld_so(perdition_t) -libs_use_shared_libs(perdition_t) - logging_send_syslog_msg(perdition_t) miscfiles_read_localization(perdition_t) diff --git a/policy/modules/services/portmap.te b/policy/modules/services/portmap.te index 61b8fd1..b766249 100644 --- a/policy/modules/services/portmap.te +++ b/policy/modules/services/portmap.te @@ -77,9 +77,6 @@ domain_use_interactive_fds(portmap_t) files_read_etc_files(portmap_t) -libs_use_ld_so(portmap_t) -libs_use_shared_libs(portmap_t) - logging_send_syslog_msg(portmap_t) miscfiles_read_localization(portmap_t) @@ -144,9 +141,6 @@ files_rw_generic_pids(portmap_helper_t) init_rw_utmp(portmap_helper_t) -libs_use_ld_so(portmap_helper_t) -libs_use_shared_libs(portmap_helper_t) - logging_send_syslog_msg(portmap_helper_t) sysnet_read_config(portmap_helper_t) diff --git a/policy/modules/services/portslave.te b/policy/modules/services/portslave.te index 64c4ad7..617ebe0 100644 --- a/policy/modules/services/portslave.te +++ b/policy/modules/services/portslave.te @@ -88,9 +88,6 @@ auth_domtrans_chk_passwd(portslave_t) init_rw_utmp(portslave_t) -libs_use_ld_so(portslave_t) -libs_use_shared_libs(portslave_t) - logging_send_syslog_msg(portslave_t) logging_search_logs(portslave_t) diff --git a/policy/modules/services/postfix.if b/policy/modules/services/postfix.if index 6b207df..a9d7b71 100644 --- a/policy/modules/services/postfix.if +++ b/policy/modules/services/postfix.if @@ -85,9 +85,6 @@ template(`postfix_domain_template',` auth_use_nsswitch(postfix_$1_t) - libs_use_ld_so(postfix_$1_t) - libs_use_shared_libs(postfix_$1_t) - logging_send_syslog_msg(postfix_$1_t) miscfiles_read_localization(postfix_$1_t) diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te index ad008aa..d83b1b6 100644 --- a/policy/modules/services/postfix.te +++ b/policy/modules/services/postfix.te @@ -336,9 +336,6 @@ files_dontaudit_search_var(postfix_map_t) auth_use_nsswitch(postfix_map_t) -libs_use_ld_so(postfix_map_t) -libs_use_shared_libs(postfix_map_t) - logging_send_syslog_msg(postfix_map_t) miscfiles_read_localization(postfix_map_t) diff --git a/policy/modules/services/postfixpolicyd.te b/policy/modules/services/postfixpolicyd.te index 342af00..e8c9846 100644 --- a/policy/modules/services/postfixpolicyd.te +++ b/policy/modules/services/postfixpolicyd.te @@ -47,9 +47,6 @@ corenet_tcp_bind_mysqld_port(postfix_policyd_t) files_read_etc_files(postfix_policyd_t) files_read_usr_files(postfix_policyd_t) -libs_use_ld_so(postfix_policyd_t) -libs_use_shared_libs(postfix_policyd_t) - logging_send_syslog_msg(postfix_policyd_t) miscfiles_read_localization(postfix_policyd_t) diff --git a/policy/modules/services/postgresql.te b/policy/modules/services/postgresql.te index 060a601..0dc0afb 100644 --- a/policy/modules/services/postgresql.te +++ b/policy/modules/services/postgresql.te @@ -211,9 +211,6 @@ auth_use_nsswitch(postgresql_t) init_read_utmp(postgresql_t) -libs_use_ld_so(postgresql_t) -libs_use_shared_libs(postgresql_t) - logging_send_syslog_msg(postgresql_t) miscfiles_read_localization(postgresql_t) diff --git a/policy/modules/services/postgrey.te b/policy/modules/services/postgrey.te index 6ed3e53..68be03d 100644 --- a/policy/modules/services/postgrey.te +++ b/policy/modules/services/postgrey.te @@ -68,9 +68,6 @@ files_getattr_tmp_dirs(postgrey_t) fs_getattr_all_fs(postgrey_t) fs_search_auto_mountpoints(postgrey_t) -libs_use_ld_so(postgrey_t) -libs_use_shared_libs(postgrey_t) - logging_send_syslog_msg(postgrey_t) miscfiles_read_localization(postgrey_t) diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te index 229a6fe..6f8636a 100644 --- a/policy/modules/services/ppp.te +++ b/policy/modules/services/ppp.te @@ -164,9 +164,6 @@ init_dontaudit_write_utmp(pppd_t) auth_use_nsswitch(pppd_t) -libs_use_ld_so(pppd_t) -libs_use_shared_libs(pppd_t) - logging_send_syslog_msg(pppd_t) miscfiles_read_localization(pppd_t) @@ -275,9 +272,6 @@ term_use_ptmx(pptp_t) domain_use_interactive_fds(pptp_t) -libs_use_ld_so(pptp_t) -libs_use_shared_libs(pptp_t) - logging_send_syslog_msg(pptp_t) miscfiles_read_localization(pptp_t) diff --git a/policy/modules/services/prelude.te b/policy/modules/services/prelude.te index 6dc3f3d..b7e9090 100644 --- a/policy/modules/services/prelude.te +++ b/policy/modules/services/prelude.te @@ -68,9 +68,6 @@ files_read_usr_files(prelude_t) auth_use_nsswitch(prelude_t) -libs_use_ld_so(prelude_t) -libs_use_shared_libs(prelude_t) - logging_send_audit_msgs(prelude_t) logging_send_syslog_msg(prelude_t) @@ -119,9 +116,6 @@ domain_use_interactive_fds(prelude_audisp_t) files_read_etc_files(prelude_audisp_t) -libs_use_ld_so(prelude_audisp_t) -libs_use_shared_libs(prelude_audisp_t) - logging_send_syslog_msg(prelude_audisp_t) miscfiles_read_localization(prelude_audisp_t) diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te index 0270983..cf1e5a8 100644 --- a/policy/modules/services/privoxy.te +++ b/policy/modules/services/privoxy.te @@ -66,9 +66,6 @@ domain_use_interactive_fds(privoxy_t) files_read_etc_files(privoxy_t) -libs_use_ld_so(privoxy_t) -libs_use_shared_libs(privoxy_t) - logging_send_syslog_msg(privoxy_t) miscfiles_read_localization(privoxy_t) diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te index ecb6f6a..f75453b 100644 --- a/policy/modules/services/procmail.te +++ b/policy/modules/services/procmail.te @@ -65,9 +65,6 @@ files_search_pids(procmail_t) # for spamassasin files_read_usr_files(procmail_t) -libs_use_ld_so(procmail_t) -libs_use_shared_libs(procmail_t) - logging_send_syslog_msg(procmail_t) miscfiles_read_localization(procmail_t) diff --git a/policy/modules/services/publicfile.te b/policy/modules/services/publicfile.te index d309d15..49dec94 100644 --- a/policy/modules/services/publicfile.te +++ b/policy/modules/services/publicfile.te @@ -24,9 +24,6 @@ allow publicfile_t publicfile_content_t:file read_file_perms; files_search_var(publicfile_t) -libs_use_ld_so(publicfile_t) -libs_use_shared_libs(publicfile_t) - optional_policy(` daemontools_ipc_domain(publicfile_t) ') diff --git a/policy/modules/services/pxe.te b/policy/modules/services/pxe.te index 03d9c03..558a691 100644 --- a/policy/modules/services/pxe.te +++ b/policy/modules/services/pxe.te @@ -48,9 +48,6 @@ files_read_etc_files(pxe_t) fs_getattr_all_fs(pxe_t) fs_search_auto_mountpoints(pxe_t) -libs_use_ld_so(pxe_t) -libs_use_shared_libs(pxe_t) - logging_send_syslog_msg(pxe_t) miscfiles_read_localization(pxe_t) diff --git a/policy/modules/services/pyzor.te b/policy/modules/services/pyzor.te index bcafdc4..6a4ba88 100644 --- a/policy/modules/services/pyzor.te +++ b/policy/modules/services/pyzor.te @@ -63,9 +63,6 @@ files_read_etc_files(pyzor_t) auth_use_nsswitch(pyzor_t) -libs_use_ld_so(pyzor_t) -libs_use_shared_libs(pyzor_t) - miscfiles_read_localization(pyzor_t) sysadm_dontaudit_search_home_dirs(pyzor_t) @@ -120,9 +117,6 @@ files_read_etc_files(pyzord_t) auth_use_nsswitch(pyzord_t) -libs_use_ld_so(pyzord_t) -libs_use_shared_libs(pyzord_t) - locallogin_dontaudit_use_fds(pyzord_t) miscfiles_read_localization(pyzord_t) diff --git a/policy/modules/services/qmail.if b/policy/modules/services/qmail.if index 4523c1b..ed76186 100644 --- a/policy/modules/services/qmail.if +++ b/policy/modules/services/qmail.if @@ -87,9 +87,6 @@ template(`qmail_child_domain_template',` fs_getattr_xattr_fs($1_t) - libs_use_ld_so($1_t) - libs_use_shared_libs($1_t) - miscfiles_read_localization($1_t) ') diff --git a/policy/modules/services/qmail.te b/policy/modules/services/qmail.te index 8ff937b..ca0bf07 100644 --- a/policy/modules/services/qmail.te +++ b/policy/modules/services/qmail.te @@ -82,9 +82,6 @@ corecmd_search_bin(qmail_inject_t) files_search_var(qmail_inject_t) -libs_use_ld_so(qmail_inject_t) -libs_use_shared_libs(qmail_inject_t) - miscfiles_read_localization(qmail_inject_t) qmail_read_config(qmail_inject_t) @@ -289,9 +286,6 @@ corecmd_search_bin(qmail_start_t) files_search_var(qmail_start_t) -libs_use_ld_so(qmail_start_t) -libs_use_shared_libs(qmail_start_t) - qmail_read_config(qmail_start_t) optional_policy(` diff --git a/policy/modules/services/radius.te b/policy/modules/services/radius.te index 0e96bb0..d803d38 100644 --- a/policy/modules/services/radius.te +++ b/policy/modules/services/radius.te @@ -105,8 +105,6 @@ auth_use_nsswitch(radiusd_t) auth_read_shadow(radiusd_t) auth_domtrans_chk_passwd(radiusd_t) -libs_use_ld_so(radiusd_t) -libs_use_shared_libs(radiusd_t) libs_exec_lib_files(radiusd_t) logging_send_syslog_msg(radiusd_t) diff --git a/policy/modules/services/radvd.te b/policy/modules/services/radvd.te index b6f00d6..1397e40 100644 --- a/policy/modules/services/radvd.te +++ b/policy/modules/services/radvd.te @@ -63,9 +63,6 @@ domain_use_interactive_fds(radvd_t) files_read_etc_files(radvd_t) files_list_usr(radvd_t) -libs_use_ld_so(radvd_t) -libs_use_shared_libs(radvd_t) - logging_send_syslog_msg(radvd_t) miscfiles_read_localization(radvd_t) diff --git a/policy/modules/services/razor.if b/policy/modules/services/razor.if index 30d3b0e..f3480f0 100644 --- a/policy/modules/services/razor.if +++ b/policy/modules/services/razor.if @@ -87,8 +87,6 @@ template(`razor_common_domain_template',` fs_search_auto_mountpoints($1_t) - libs_use_ld_so($1_t) - libs_use_shared_libs($1_t) libs_read_lib_files($1_t) miscfiles_read_localization($1_t) diff --git a/policy/modules/services/rdisc.te b/policy/modules/services/rdisc.te index a9746b2..add9910 100644 --- a/policy/modules/services/rdisc.te +++ b/policy/modules/services/rdisc.te @@ -42,9 +42,6 @@ domain_use_interactive_fds(rdisc_t) files_read_etc_files(rdisc_t) -libs_use_ld_so(rdisc_t) -libs_use_shared_libs(rdisc_t) - logging_send_syslog_msg(rdisc_t) miscfiles_read_localization(rdisc_t) diff --git a/policy/modules/services/remotelogin.te b/policy/modules/services/remotelogin.te index 7fe8f58..7a77cc0 100644 --- a/policy/modules/services/remotelogin.te +++ b/policy/modules/services/remotelogin.te @@ -78,9 +78,6 @@ files_list_mnt(remote_login_t) # for when /var/mail is a sym-link files_read_var_symlinks(remote_login_t) -libs_use_ld_so(remote_login_t) -libs_use_shared_libs(remote_login_t) - sysnet_dns_name_resolve(remote_login_t) miscfiles_read_localization(remote_login_t) diff --git a/policy/modules/services/resmgr.te b/policy/modules/services/resmgr.te index 167918d..62f1ed2 100644 --- a/policy/modules/services/resmgr.te +++ b/policy/modules/services/resmgr.te @@ -52,9 +52,6 @@ storage_raw_read_removable_device(resmgrd_t) storage_write_scsi_generic(resmgrd_t) storage_raw_write_removable_device(resmgrd_t) -libs_use_ld_so(resmgrd_t) -libs_use_shared_libs(resmgrd_t) - logging_send_syslog_msg(resmgrd_t) miscfiles_read_localization(resmgrd_t) diff --git a/policy/modules/services/rhgb.te b/policy/modules/services/rhgb.te index d8b1c63..8b118e0 100644 --- a/policy/modules/services/rhgb.te +++ b/policy/modules/services/rhgb.te @@ -93,8 +93,6 @@ term_getattr_pty_fs(rhgb_t) init_write_initctl(rhgb_t) -libs_use_ld_so(rhgb_t) -libs_use_shared_libs(rhgb_t) # for localization libs_read_lib_files(rhgb_t) diff --git a/policy/modules/services/ricci.te b/policy/modules/services/ricci.te index 78fe27b..4cb3917 100644 --- a/policy/modules/services/ricci.te +++ b/policy/modules/services/ricci.te @@ -142,9 +142,6 @@ auth_append_login_records(ricci_t) init_dontaudit_stream_connect_script(ricci_t) -libs_use_ld_so(ricci_t) -libs_use_shared_libs(ricci_t) - locallogin_dontaudit_use_fds(ricci_t) logging_send_syslog_msg(ricci_t) @@ -215,9 +212,6 @@ files_search_usr(ricci_modcluster_t) init_exec(ricci_modcluster_t) init_domtrans_script(ricci_modcluster_t) -libs_use_ld_so(ricci_modcluster_t) -libs_use_shared_libs(ricci_modcluster_t) - logging_send_syslog_msg(ricci_modcluster_t) miscfiles_read_localization(ricci_modcluster_t) @@ -302,9 +296,6 @@ fs_getattr_xattr_fs(ricci_modclusterd_t) init_dontaudit_stream_connect_script(ricci_modclusterd_t) -libs_use_ld_so(ricci_modclusterd_t) -libs_use_shared_libs(ricci_modclusterd_t) - locallogin_dontaudit_use_fds(ricci_modclusterd_t) logging_send_syslog_msg(ricci_modclusterd_t) @@ -342,9 +333,6 @@ domain_dontaudit_read_all_domains_state(ricci_modlog_t) files_read_etc_files(ricci_modlog_t) files_search_usr(ricci_modlog_t) -libs_use_ld_so(ricci_modlog_t) -libs_use_shared_libs(ricci_modlog_t) - logging_read_generic_logs(ricci_modlog_t) miscfiles_read_localization(ricci_modlog_t) @@ -368,9 +356,6 @@ kernel_read_kernel_sysctls(ricci_modrpm_t) corecmd_exec_bin(ricci_modrpm_t) -libs_use_ld_so(ricci_modrpm_t) -libs_use_shared_libs(ricci_modrpm_t) - files_search_usr(ricci_modrpm_t) files_read_etc_files(ricci_modrpm_t) @@ -409,9 +394,6 @@ consoletype_exec(ricci_modservice_t) init_domtrans_script(ricci_modservice_t) -libs_use_ld_so(ricci_modservice_t) -libs_use_shared_libs(ricci_modservice_t) - miscfiles_read_localization(ricci_modservice_t) optional_policy(` @@ -464,9 +446,6 @@ term_dontaudit_use_console(ricci_modstorage_t) fstools_domtrans(ricci_modstorage_t) -libs_use_ld_so(ricci_modstorage_t) -libs_use_shared_libs(ricci_modstorage_t) - logging_send_syslog_msg(ricci_modstorage_t) miscfiles_read_localization(ricci_modstorage_t) diff --git a/policy/modules/services/rlogin.te b/policy/modules/services/rlogin.te index 4f7b6ee..3286a3c 100644 --- a/policy/modules/services/rlogin.te +++ b/policy/modules/services/rlogin.te @@ -77,9 +77,6 @@ files_search_default(rlogind_t) init_rw_utmp(rlogind_t) -libs_use_ld_so(rlogind_t) -libs_use_shared_libs(rlogind_t) - logging_send_syslog_msg(rlogind_t) miscfiles_read_localization(rlogind_t) diff --git a/policy/modules/services/roundup.te b/policy/modules/services/roundup.te index 4992c5b..395044f 100644 --- a/policy/modules/services/roundup.te +++ b/policy/modules/services/roundup.te @@ -71,9 +71,6 @@ files_read_etc_files(roundup_t) fs_getattr_all_fs(roundup_t) fs_search_auto_mountpoints(roundup_t) -libs_use_ld_so(roundup_t) -libs_use_shared_libs(roundup_t) - logging_send_syslog_msg(roundup_t) miscfiles_read_localization(roundup_t) diff --git a/policy/modules/services/rpc.if b/policy/modules/services/rpc.if index 961bb7b..96d25ad 100644 --- a/policy/modules/services/rpc.if +++ b/policy/modules/services/rpc.if @@ -101,9 +101,6 @@ template(`rpc_domain_template', ` auth_use_nsswitch($1_t) - libs_use_ld_so($1_t) - libs_use_shared_libs($1_t) - logging_send_syslog_msg($1_t) miscfiles_read_localization($1_t) diff --git a/policy/modules/services/rpcbind.te b/policy/modules/services/rpcbind.te index 2baf504..f24332f 100644 --- a/policy/modules/services/rpcbind.te +++ b/policy/modules/services/rpcbind.te @@ -61,9 +61,6 @@ domain_use_interactive_fds(rpcbind_t) files_read_etc_files(rpcbind_t) -libs_use_ld_so(rpcbind_t) -libs_use_shared_libs(rpcbind_t) - logging_send_syslog_msg(rpcbind_t) miscfiles_read_localization(rpcbind_t) diff --git a/policy/modules/services/rshd.te b/policy/modules/services/rshd.te index 9e0ca3b..ea4a7c5 100644 --- a/policy/modules/services/rshd.te +++ b/policy/modules/services/rshd.te @@ -54,9 +54,6 @@ files_search_tmp(rshd_t) auth_use_nsswitch(rshd_t) -libs_use_ld_so(rshd_t) -libs_use_shared_libs(rshd_t) - logging_send_syslog_msg(rshd_t) miscfiles_read_localization(rshd_t) diff --git a/policy/modules/services/rsync.te b/policy/modules/services/rsync.te index b9b6423..dcd0d1e 100644 --- a/policy/modules/services/rsync.te +++ b/policy/modules/services/rsync.te @@ -96,9 +96,6 @@ files_search_home(rsync_t) auth_use_nsswitch(rsync_t) -libs_use_ld_so(rsync_t) -libs_use_shared_libs(rsync_t) - logging_send_syslog_msg(rsync_t) miscfiles_read_localization(rsync_t) diff --git a/policy/modules/services/rwho.te b/policy/modules/services/rwho.te index ef330cc..4f5770e 100644 --- a/policy/modules/services/rwho.te +++ b/policy/modules/services/rwho.te @@ -56,9 +56,6 @@ files_read_etc_files(rwho_t) init_read_utmp(rwho_t) init_dontaudit_write_utmp(rwho_t) -libs_use_ld_so(rwho_t) -libs_use_shared_libs(rwho_t) - miscfiles_read_localization(rwho_t) sysnet_dns_name_resolve(rwho_t) diff --git a/policy/modules/services/samba.te b/policy/modules/services/samba.te index 6d4b61d..2b52ef9 100644 --- a/policy/modules/services/samba.te +++ b/policy/modules/services/samba.te @@ -193,9 +193,6 @@ files_read_etc_files(samba_net_t) auth_use_nsswitch(samba_net_t) -libs_use_ld_so(samba_net_t) -libs_use_shared_libs(samba_net_t) - logging_send_syslog_msg(samba_net_t) miscfiles_read_localization(samba_net_t) @@ -314,9 +311,6 @@ files_list_mnt(smbd_t) init_rw_utmp(smbd_t) -libs_use_ld_so(smbd_t) -libs_use_shared_libs(smbd_t) - logging_search_logs(smbd_t) logging_send_syslog_msg(smbd_t) @@ -462,9 +456,6 @@ files_list_var_lib(nmbd_t) auth_use_nsswitch(nmbd_t) -libs_use_ld_so(nmbd_t) -libs_use_shared_libs(nmbd_t) - logging_search_logs(nmbd_t) logging_send_syslog_msg(nmbd_t) @@ -551,9 +542,6 @@ miscfiles_read_localization(smbmount_t) mount_use_fds(smbmount_t) -libs_use_ld_so(smbmount_t) -libs_use_shared_libs(smbmount_t) - locallogin_use_fds(smbmount_t) logging_search_logs(smbmount_t) @@ -624,9 +612,6 @@ fs_getattr_xattr_fs(swat_t) auth_domtrans_chk_passwd(swat_t) auth_use_nsswitch(swat_t) -libs_use_ld_so(swat_t) -libs_use_shared_libs(swat_t) - logging_send_syslog_msg(swat_t) logging_search_logs(swat_t) @@ -724,9 +709,6 @@ domain_use_interactive_fds(winbind_t) files_read_etc_files(winbind_t) -libs_use_ld_so(winbind_t) -libs_use_shared_libs(winbind_t) - logging_send_syslog_msg(winbind_t) miscfiles_read_localization(winbind_t) @@ -771,9 +753,6 @@ domain_use_interactive_fds(winbind_helper_t) auth_use_nsswitch(winbind_helper_t) -libs_use_ld_so(winbind_helper_t) -libs_use_shared_libs(winbind_helper_t) - logging_send_syslog_msg(winbind_helper_t) miscfiles_read_localization(winbind_helper_t) diff --git a/policy/modules/services/sasl.te b/policy/modules/services/sasl.te index bc0c13a..cad7efb 100644 --- a/policy/modules/services/sasl.te +++ b/policy/modules/services/sasl.te @@ -79,9 +79,6 @@ files_dontaudit_getattr_tmp_dirs(saslauthd_t) init_dontaudit_stream_connect_script(saslauthd_t) -libs_use_ld_so(saslauthd_t) -libs_use_shared_libs(saslauthd_t) - logging_send_syslog_msg(saslauthd_t) miscfiles_read_localization(saslauthd_t) diff --git a/policy/modules/services/sendmail.te b/policy/modules/services/sendmail.te index 851d252..1e63079 100644 --- a/policy/modules/services/sendmail.te +++ b/policy/modules/services/sendmail.te @@ -85,8 +85,6 @@ init_dontaudit_write_utmp(sendmail_t) auth_use_nsswitch(sendmail_t) -libs_use_ld_so(sendmail_t) -libs_use_shared_libs(sendmail_t) # Read /usr/lib/sasl2/.* libs_read_lib_files(sendmail_t) diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te index 341884d..709b7a6 100644 --- a/policy/modules/services/setroubleshoot.te +++ b/policy/modules/services/setroubleshoot.te @@ -90,9 +90,6 @@ auth_use_nsswitch(setroubleshootd_t) init_read_utmp(setroubleshootd_t) init_dontaudit_write_utmp(setroubleshootd_t) -libs_use_ld_so(setroubleshootd_t) -libs_use_shared_libs(setroubleshootd_t) - miscfiles_read_localization(setroubleshootd_t) locallogin_dontaudit_use_fds(setroubleshootd_t) diff --git a/policy/modules/services/slrnpull.te b/policy/modules/services/slrnpull.te index 15f809c..dd722d6 100644 --- a/policy/modules/services/slrnpull.te +++ b/policy/modules/services/slrnpull.te @@ -51,9 +51,6 @@ files_read_etc_files(slrnpull_t) fs_getattr_all_fs(slrnpull_t) fs_search_auto_mountpoints(slrnpull_t) -libs_use_ld_so(slrnpull_t) -libs_use_shared_libs(slrnpull_t) - logging_send_syslog_msg(slrnpull_t) miscfiles_read_localization(slrnpull_t) diff --git a/policy/modules/services/smartmon.te b/policy/modules/services/smartmon.te index e266465..5e015ea 100644 --- a/policy/modules/services/smartmon.te +++ b/policy/modules/services/smartmon.te @@ -73,8 +73,6 @@ storage_raw_read_removable_device(fsdaemon_t) term_dontaudit_search_ptys(fsdaemon_t) -libs_use_ld_so(fsdaemon_t) -libs_use_shared_libs(fsdaemon_t) libs_exec_ld_so(fsdaemon_t) libs_exec_lib_files(fsdaemon_t) diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te index 4389ad9..afefddc 100644 --- a/policy/modules/services/snmp.te +++ b/policy/modules/services/snmp.te @@ -94,9 +94,6 @@ storage_dontaudit_read_removable_device(snmpd_t) init_read_utmp(snmpd_t) init_dontaudit_write_utmp(snmpd_t) -libs_use_ld_so(snmpd_t) -libs_use_shared_libs(snmpd_t) - logging_send_syslog_msg(snmpd_t) miscfiles_read_localization(snmpd_t) diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te index c7ecb95..64f2f5e 100644 --- a/policy/modules/services/snort.te +++ b/policy/modules/services/snort.te @@ -85,9 +85,6 @@ fs_search_auto_mountpoints(snort_t) init_read_utmp(snort_t) -libs_use_ld_so(snort_t) -libs_use_shared_libs(snort_t) - logging_send_syslog_msg(snort_t) miscfiles_read_localization(snort_t) diff --git a/policy/modules/services/soundserver.te b/policy/modules/services/soundserver.te index babea24..3536fd3 100644 --- a/policy/modules/services/soundserver.te +++ b/policy/modules/services/soundserver.te @@ -93,9 +93,6 @@ files_read_etc_runtime_files(soundd_t) fs_getattr_all_fs(soundd_t) fs_search_auto_mountpoints(soundd_t) -libs_use_ld_so(soundd_t) -libs_use_shared_libs(soundd_t) - logging_send_syslog_msg(soundd_t) miscfiles_read_localization(soundd_t) diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if index f583eb2..6881e57 100644 --- a/policy/modules/services/spamassassin.if +++ b/policy/modules/services/spamassassin.if @@ -123,9 +123,6 @@ template(`spamassassin_per_role_template',` # cjp: this may be removable: files_list_home($1_spamc_t) - libs_use_ld_so($1_spamc_t) - libs_use_shared_libs($1_spamc_t) - logging_send_syslog_msg($1_spamc_t) miscfiles_read_localization($1_spamc_t) @@ -233,9 +230,6 @@ template(`spamassassin_per_role_template',` files_read_usr_files($1_spamassassin_t) files_dontaudit_search_var($1_spamassassin_t) - libs_use_ld_so($1_spamassassin_t) - libs_use_shared_libs($1_spamassassin_t) - logging_send_syslog_msg($1_spamassassin_t) miscfiles_read_localization($1_spamassassin_t) diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te index 0f64e02..98c7009 100644 --- a/policy/modules/services/spamassassin.te +++ b/policy/modules/services/spamassassin.te @@ -134,9 +134,6 @@ files_read_var_lib_files(spamd_t) init_dontaudit_rw_utmp(spamd_t) -libs_use_ld_so(spamd_t) -libs_use_shared_libs(spamd_t) - logging_send_syslog_msg(spamd_t) miscfiles_read_localization(spamd_t) diff --git a/policy/modules/services/speedtouch.te b/policy/modules/services/speedtouch.te index 73dae07..45f3070 100644 --- a/policy/modules/services/speedtouch.te +++ b/policy/modules/services/speedtouch.te @@ -46,9 +46,6 @@ files_read_usr_files(speedmgmt_t) fs_getattr_all_fs(speedmgmt_t) fs_search_auto_mountpoints(speedmgmt_t) -libs_use_ld_so(speedmgmt_t) -libs_use_shared_libs(speedmgmt_t) - logging_send_syslog_msg(speedmgmt_t) miscfiles_read_localization(speedmgmt_t) diff --git a/policy/modules/services/squid.te b/policy/modules/services/squid.te index 6dc3b95..9b7187a 100644 --- a/policy/modules/services/squid.te +++ b/policy/modules/services/squid.te @@ -139,8 +139,6 @@ files_getattr_home_dir(squid_t) auth_use_nsswitch(squid_t) auth_domtrans_chk_passwd(squid_t) -libs_use_ld_so(squid_t) -libs_use_shared_libs(squid_t) # to allow running programs from /usr/lib/squid (IE unlinkd) libs_exec_lib_files(squid_t) diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if index 679cea2..d567479 100644 --- a/policy/modules/services/ssh.if +++ b/policy/modules/services/ssh.if @@ -133,9 +133,6 @@ template(`ssh_basic_client_template',` files_read_etc_files($1_ssh_t) files_read_var_files($1_ssh_t) - libs_use_ld_so($1_ssh_t) - libs_use_shared_libs($1_ssh_t) - logging_send_syslog_msg($1_ssh_t) logging_read_generic_logs($1_ssh_t) @@ -342,8 +339,6 @@ template(`ssh_per_role_template',` files_search_home($1_ssh_agent_t) libs_read_lib_files($1_ssh_agent_t) - libs_use_ld_so($1_ssh_agent_t) - libs_use_shared_libs($1_ssh_agent_t) logging_send_syslog_msg($1_ssh_agent_t) @@ -401,9 +396,6 @@ template(`ssh_per_role_template',` dev_read_urand($1_ssh_keysign_t) files_read_etc_files($1_ssh_keysign_t) - - libs_use_ld_so($1_ssh_keysign_t) - libs_use_shared_libs($1_ssh_keysign_t) ') optional_policy(` @@ -495,9 +487,6 @@ template(`ssh_server_template', ` files_read_etc_files($1_t) files_read_etc_runtime_files($1_t) - libs_use_ld_so($1_t) - libs_use_shared_libs($1_t) - logging_search_logs($1_t) miscfiles_read_localization($1_t) diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te index 80e3f98..fcc0a95 100644 --- a/policy/modules/services/ssh.te +++ b/policy/modules/services/ssh.te @@ -176,9 +176,6 @@ files_read_etc_files(ssh_keygen_t) init_use_fds(ssh_keygen_t) init_use_script_ptys(ssh_keygen_t) -libs_use_ld_so(ssh_keygen_t) -libs_use_shared_libs(ssh_keygen_t) - logging_send_syslog_msg(ssh_keygen_t) userdom_dontaudit_use_unpriv_user_fds(ssh_keygen_t) diff --git a/policy/modules/services/stunnel.te b/policy/modules/services/stunnel.te index e433bbb..4d32293 100644 --- a/policy/modules/services/stunnel.te +++ b/policy/modules/services/stunnel.te @@ -69,9 +69,6 @@ fs_getattr_all_fs(stunnel_t) auth_use_nsswitch(stunnel_t) -libs_use_ld_so(stunnel_t) -libs_use_shared_libs(stunnel_t) - logging_send_syslog_msg(stunnel_t) miscfiles_read_localization(stunnel_t) diff --git a/policy/modules/services/sysstat.te b/policy/modules/services/sysstat.te index cf8b2fc..6cc56c8 100644 --- a/policy/modules/services/sysstat.te +++ b/policy/modules/services/sysstat.te @@ -53,9 +53,6 @@ term_use_all_terms(sysstat_t) init_use_fds(sysstat_t) -libs_use_ld_so(sysstat_t) -libs_use_shared_libs(sysstat_t) - locallogin_use_fds(sysstat_t) miscfiles_read_localization(sysstat_t) diff --git a/policy/modules/services/tcpd.te b/policy/modules/services/tcpd.te index 30ed666..3868017 100644 --- a/policy/modules/services/tcpd.te +++ b/policy/modules/services/tcpd.te @@ -38,9 +38,6 @@ files_read_etc_files(tcpd_t) # no good reason for files_dontaudit_search_var, probably nscd files_dontaudit_search_var(tcpd_t) -libs_use_ld_so(tcpd_t) -libs_use_shared_libs(tcpd_t) - logging_send_syslog_msg(tcpd_t) miscfiles_read_localization(tcpd_t) diff --git a/policy/modules/services/telnet.te b/policy/modules/services/telnet.te index 6a702e5..12c6a7b 100644 --- a/policy/modules/services/telnet.te +++ b/policy/modules/services/telnet.te @@ -76,9 +76,6 @@ files_search_home(telnetd_t) init_rw_utmp(telnetd_t) -libs_use_ld_so(telnetd_t) -libs_use_shared_libs(telnetd_t) - logging_send_syslog_msg(telnetd_t) miscfiles_read_localization(telnetd_t) diff --git a/policy/modules/services/tftp.te b/policy/modules/services/tftp.te index 0635932..154671d 100644 --- a/policy/modules/services/tftp.te +++ b/policy/modules/services/tftp.te @@ -81,9 +81,6 @@ files_search_var(tftpd_t) auth_use_nsswitch(tftpd_t) -libs_use_ld_so(tftpd_t) -libs_use_shared_libs(tftpd_t) - logging_send_syslog_msg(tftpd_t) miscfiles_read_localization(tftpd_t) diff --git a/policy/modules/services/timidity.te b/policy/modules/services/timidity.te index 23adcb9..344422a 100644 --- a/policy/modules/services/timidity.te +++ b/policy/modules/services/timidity.te @@ -63,8 +63,6 @@ files_read_usr_files(timidity_t) # read /etc/esd.conf files_read_etc_files(timidity_t) -libs_use_ld_so(timidity_t) -libs_use_shared_libs(timidity_t) # read libartscbackend.la libs_read_lib_files(timidity_t) diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te index 51e0500..b569025 100644 --- a/policy/modules/services/tor.te +++ b/policy/modules/services/tor.te @@ -92,9 +92,6 @@ files_read_etc_runtime_files(tor_t) auth_use_nsswitch(tor_t) -libs_use_ld_so(tor_t) -libs_use_shared_libs(tor_t) - miscfiles_read_localization(tor_t) optional_policy(` diff --git a/policy/modules/services/transproxy.te b/policy/modules/services/transproxy.te index d18f957..fa408a9 100644 --- a/policy/modules/services/transproxy.te +++ b/policy/modules/services/transproxy.te @@ -48,9 +48,6 @@ files_read_etc_files(transproxy_t) fs_getattr_all_fs(transproxy_t) fs_search_auto_mountpoints(transproxy_t) -libs_use_ld_so(transproxy_t) -libs_use_shared_libs(transproxy_t) - logging_send_syslog_msg(transproxy_t) miscfiles_read_localization(transproxy_t) diff --git a/policy/modules/services/ucspitcp.te b/policy/modules/services/ucspitcp.te index 8afcd4c..c99ff2d 100644 --- a/policy/modules/services/ucspitcp.te +++ b/policy/modules/services/ucspitcp.te @@ -39,9 +39,6 @@ corenet_udp_bind_generic_port(rblsmtpd_t) files_read_etc_files(rblsmtpd_t) files_search_var(rblsmtpd_t) -libs_use_ld_so(rblsmtpd_t) -libs_use_shared_libs(rblsmtpd_t) - optional_policy(` daemontools_ipc_domain(rblsmtpd_t) ') @@ -89,9 +86,6 @@ corenet_sendrecv_generic_server_packets(ucspitcp_t) files_search_var(ucspitcp_t) files_read_etc_files(ucspitcp_t) -libs_use_ld_so(ucspitcp_t) -libs_use_shared_libs(ucspitcp_t) - sysnet_read_config(ucspitcp_t) optional_policy(` diff --git a/policy/modules/services/uptime.te b/policy/modules/services/uptime.te index 8932b66..97a478c 100644 --- a/policy/modules/services/uptime.te +++ b/policy/modules/services/uptime.te @@ -54,9 +54,6 @@ files_read_etc_runtime_files(uptimed_t) fs_getattr_all_fs(uptimed_t) fs_search_auto_mountpoints(uptimed_t) -libs_use_ld_so(uptimed_t) -libs_use_shared_libs(uptimed_t) - logging_send_syslog_msg(uptimed_t) miscfiles_read_localization(uptimed_t) diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te index b7f8f7a..5bce20a 100644 --- a/policy/modules/services/uucp.te +++ b/policy/modules/services/uucp.te @@ -90,9 +90,6 @@ files_search_spool(uucpd_t) auth_use_nsswitch(uucpd_t) -libs_use_ld_so(uucpd_t) -libs_use_shared_libs(uucpd_t) - logging_send_syslog_msg(uucpd_t) miscfiles_read_localization(uucpd_t) @@ -118,9 +115,6 @@ files_read_etc_files(uux_t) fs_rw_anon_inodefs_files(uux_t) -libs_use_ld_so(uux_t) -libs_use_shared_libs(uux_t) - logging_send_syslog_msg(uux_t) miscfiles_read_localization(uux_t) diff --git a/policy/modules/services/uwimap.te b/policy/modules/services/uwimap.te index 1664601..234cf68 100644 --- a/policy/modules/services/uwimap.te +++ b/policy/modules/services/uwimap.te @@ -65,9 +65,6 @@ fs_search_auto_mountpoints(imapd_t) auth_domtrans_chk_passwd(imapd_t) -libs_use_ld_so(imapd_t) -libs_use_shared_libs(imapd_t) - logging_send_syslog_msg(imapd_t) miscfiles_read_localization(imapd_t) diff --git a/policy/modules/services/virt.te b/policy/modules/services/virt.te index 1754a3a..7c1c1b8 100644 --- a/policy/modules/services/virt.te +++ b/policy/modules/services/virt.te @@ -120,9 +120,6 @@ term_use_ptmx(virtd_t) auth_use_nsswitch(virtd_t) -libs_use_ld_so(virtd_t) -libs_use_shared_libs(virtd_t) - miscfiles_read_localization(virtd_t) miscfiles_read_certs(virtd_t) diff --git a/policy/modules/services/watchdog.te b/policy/modules/services/watchdog.te index 2d885ba..11c4d04 100644 --- a/policy/modules/services/watchdog.te +++ b/policy/modules/services/watchdog.te @@ -80,9 +80,6 @@ fs_search_auto_mountpoints(watchdog_t) # record the fact that we are going down auth_append_login_records(watchdog_t) -libs_use_ld_so(watchdog_t) -libs_use_shared_libs(watchdog_t) - logging_send_syslog_msg(watchdog_t) miscfiles_read_localization(watchdog_t) diff --git a/policy/modules/services/xfs.te b/policy/modules/services/xfs.te index 2a2939c..0b49a20 100644 --- a/policy/modules/services/xfs.te +++ b/policy/modules/services/xfs.te @@ -64,9 +64,6 @@ files_read_usr_files(xfs_t) auth_use_nsswitch(xfs_t) -libs_use_ld_so(xfs_t) -libs_use_shared_libs(xfs_t) - logging_send_syslog_msg(xfs_t) miscfiles_read_localization(xfs_t) diff --git a/policy/modules/services/xprint.te b/policy/modules/services/xprint.te index 9026f57..7e39ac9 100644 --- a/policy/modules/services/xprint.te +++ b/policy/modules/services/xprint.te @@ -56,9 +56,6 @@ files_search_tmp(xprint_t) fs_getattr_all_fs(xprint_t) fs_search_auto_mountpoints(xprint_t) -libs_use_ld_so(xprint_t) -libs_use_shared_libs(xprint_t) - logging_send_syslog_msg(xprint_t) miscfiles_read_fonts(xprint_t) diff --git a/policy/modules/services/xserver.if b/policy/modules/services/xserver.if index 4f8acef..5b7e8f4 100644 --- a/policy/modules/services/xserver.if +++ b/policy/modules/services/xserver.if @@ -172,9 +172,6 @@ template(`xserver_common_domain_template',` term_setattr_unallocated_ttys($1_xserver_t) term_use_unallocated_ttys($1_xserver_t) - libs_use_ld_so($1_xserver_t) - libs_use_shared_libs($1_xserver_t) - logging_send_syslog_msg($1_xserver_t) logging_send_audit_msgs($1_xserver_t) @@ -414,9 +411,6 @@ template(`xserver_per_role_template',` auth_use_nsswitch($1_xauth_t) - libs_use_ld_so($1_xauth_t) - libs_use_shared_libs($1_xauth_t) - userdom_use_user_terminals($1, $1_xauth_t) userdom_read_user_tmp_files($1, $1_xauth_t) @@ -454,9 +448,6 @@ template(`xserver_per_role_template',` fs_search_auto_mountpoints($1_iceauth_t) - libs_use_ld_so($1_iceauth_t) - libs_use_shared_libs($1_iceauth_t) - userdom_use_user_terminals($1, $1_iceauth_t) tunable_policy(`use_nfs_home_dirs',` diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te index ce109e9..5fae59a 100644 --- a/policy/modules/services/xserver.te +++ b/policy/modules/services/xserver.te @@ -296,8 +296,6 @@ auth_write_login_records(xdm_t) # Run telinit->init to shutdown. init_telinit(xdm_t) -libs_use_ld_so(xdm_t) -libs_use_shared_libs(xdm_t) libs_exec_lib_files(xdm_t) logging_read_generic_logs(xdm_t) diff --git a/policy/modules/services/zabbix.te b/policy/modules/services/zabbix.te index 4eb745b..fafe73c 100644 --- a/policy/modules/services/zabbix.te +++ b/policy/modules/services/zabbix.te @@ -41,9 +41,6 @@ files_pid_filetrans(zabbix_t, zabbix_var_run_t, file) files_read_etc_files(zabbix_t) -libs_use_ld_so(zabbix_t) -libs_use_shared_libs(zabbix_t) - miscfiles_read_localization(zabbix_t) optional_policy(` diff --git a/policy/modules/services/zebra.te b/policy/modules/services/zebra.te index 1000a57..15458df 100644 --- a/policy/modules/services/zebra.te +++ b/policy/modules/services/zebra.te @@ -106,9 +106,6 @@ files_search_etc(zebra_t) files_read_etc_files(zebra_t) files_read_etc_runtime_files(zebra_t) -libs_use_ld_so(zebra_t) -libs_use_shared_libs(zebra_t) - logging_send_syslog_msg(zebra_t) miscfiles_read_localization(zebra_t) diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if index 7b170e5..deb5755 100644 --- a/policy/modules/system/authlogin.if +++ b/policy/modules/system/authlogin.if @@ -47,9 +47,6 @@ template(`authlogin_common_auth_domain_template',` auth_use_nsswitch($1_chkpwd_t) - libs_use_ld_so($1_chkpwd_t) - libs_use_shared_libs($1_chkpwd_t) - logging_send_audit_msgs($1_chkpwd_t) logging_send_syslog_msg($1_chkpwd_t) diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te index 7246fd8..6191731 100644 --- a/policy/modules/system/authlogin.te +++ b/policy/modules/system/authlogin.te @@ -115,9 +115,6 @@ init_dontaudit_rw_utmp(pam_t) files_read_etc_files(pam_t) -libs_use_ld_so(pam_t) -libs_use_shared_libs(pam_t) - logging_send_syslog_msg(pam_t) userdom_use_unpriv_users_fds(pam_t) @@ -217,9 +214,6 @@ fs_getattr_all_fs(pam_console_t) init_use_fds(pam_console_t) init_use_script_ptys(pam_console_t) -libs_use_ld_so(pam_console_t) -libs_use_shared_libs(pam_console_t) - logging_send_syslog_msg(pam_console_t) miscfiles_read_localization(pam_console_t) @@ -304,9 +298,6 @@ term_dontaudit_use_unallocated_ttys(updpwd_t) auth_manage_shadow(updpwd_t) auth_use_nsswitch(updpwd_t) -libs_use_ld_so(updpwd_t) -libs_use_shared_libs(updpwd_t) - logging_send_syslog_msg(updpwd_t) miscfiles_read_localization(updpwd_t) @@ -341,9 +332,6 @@ files_read_etc_files(utempter_t) domain_use_interactive_fds(utempter_t) -libs_use_ld_so(utempter_t) -libs_use_shared_libs(utempter_t) - logging_search_logs(utempter_t) # Allow utemper to write to /tmp/.xses-* diff --git a/policy/modules/system/clock.te b/policy/modules/system/clock.te index 469f749..6f74901 100644 --- a/policy/modules/system/clock.te +++ b/policy/modules/system/clock.te @@ -55,9 +55,6 @@ files_read_etc_files(hwclock_t) # for when /usr is not mounted: files_dontaudit_search_isid_type_dirs(hwclock_t) -libs_use_ld_so(hwclock_t) -libs_use_shared_libs(hwclock_t) - logging_send_audit_msgs(hwclock_t) logging_send_syslog_msg(hwclock_t) diff --git a/policy/modules/system/daemontools.te b/policy/modules/system/daemontools.te index 3a31b1b..287b191 100644 --- a/policy/modules/system/daemontools.te +++ b/policy/modules/system/daemontools.te @@ -41,9 +41,6 @@ manage_files_pattern(svc_multilog_t,svc_svc_t,svc_svc_t) init_use_fds(svc_multilog_t) -libs_use_ld_so(svc_multilog_t) -libs_use_shared_libs(svc_multilog_t) - # writes to /var/log/*/* logging_manage_generic_logs(svc_multilog_t) @@ -79,9 +76,6 @@ files_search_var_lib(svc_run_t) init_use_script_fds(svc_run_t) init_use_fds(svc_run_t) -libs_use_ld_so(svc_run_t) -libs_use_shared_libs(svc_run_t) - daemontools_domtrans_multilog(svc_run_t) daemontools_read_svc(svc_run_t) @@ -111,8 +105,5 @@ files_read_etc_runtime_files(svc_start_t) files_search_var(svc_start_t) files_search_pids(svc_start_t) -libs_use_ld_so(svc_start_t) -libs_use_shared_libs(svc_start_t) - daemontools_domtrans_run(svc_start_t) daemontools_manage_svc(svc_start_t) diff --git a/policy/modules/system/fstools.te b/policy/modules/system/fstools.te index 5831f84..2f58907 100644 --- a/policy/modules/system/fstools.te +++ b/policy/modules/system/fstools.te @@ -142,9 +142,6 @@ init_use_fds(fsadm_t) init_use_script_ptys(fsadm_t) init_dontaudit_getattr_initctl(fsadm_t) -libs_use_ld_so(fsadm_t) -libs_use_shared_libs(fsadm_t) - logging_send_syslog_msg(fsadm_t) miscfiles_read_localization(fsadm_t) diff --git a/policy/modules/system/getty.te b/policy/modules/system/getty.te index 266803b..077e95d 100644 --- a/policy/modules/system/getty.te +++ b/policy/modules/system/getty.te @@ -92,9 +92,6 @@ init_rw_utmp(getty_t) init_use_script_ptys(getty_t) init_dontaudit_use_script_ptys(getty_t) -libs_use_ld_so(getty_t) -libs_use_shared_libs(getty_t) - locallogin_domtrans(getty_t) logging_send_syslog_msg(getty_t) diff --git a/policy/modules/system/hostname.te b/policy/modules/system/hostname.te index 865e0c1..d043c9b 100644 --- a/policy/modules/system/hostname.te +++ b/policy/modules/system/hostname.te @@ -46,9 +46,6 @@ files_dontaudit_search_var(hostname_t) # for when /usr is not mounted: files_dontaudit_search_isid_type_dirs(hostname_t) -libs_use_ld_so(hostname_t) -libs_use_shared_libs(hostname_t) - logging_send_syslog_msg(hostname_t) miscfiles_read_localization(hostname_t) diff --git a/policy/modules/system/hotplug.te b/policy/modules/system/hotplug.te index dce0b4e..a1511c4 100644 --- a/policy/modules/system/hotplug.te +++ b/policy/modules/system/hotplug.te @@ -98,8 +98,6 @@ init_dontaudit_rw_initctl(hotplug_t) logging_send_syslog_msg(hotplug_t) logging_search_logs(hotplug_t) -libs_use_ld_so(hotplug_t) -libs_use_shared_libs(hotplug_t) # Read /usr/lib/gconv/.* libs_read_lib_files(hotplug_t) diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te index adbbec1..f0035b7 100644 --- a/policy/modules/system/init.te +++ b/policy/modules/system/init.te @@ -158,8 +158,6 @@ term_use_all_terms(init_t) # Run init scripts. init_domtrans_script(init_t) -libs_use_ld_so(init_t) -libs_use_shared_libs(init_t) libs_rw_ld_so_cache(init_t) logging_send_syslog_msg(init_t) @@ -367,8 +365,6 @@ files_mounton_default(initrc_t) auth_use_nsswitch(initrc_t) libs_rw_ld_so_cache(initrc_t) -libs_use_ld_so(initrc_t) -libs_use_shared_libs(initrc_t) libs_exec_lib_files(initrc_t) logging_send_syslog_msg(initrc_t) diff --git a/policy/modules/system/ipsec.te b/policy/modules/system/ipsec.te index b1c3e74..b7a6b0e 100644 --- a/policy/modules/system/ipsec.te +++ b/policy/modules/system/ipsec.te @@ -127,9 +127,6 @@ files_read_etc_files(ipsec_t) init_use_fds(ipsec_t) init_use_script_ptys(ipsec_t) -libs_use_ld_so(ipsec_t) -libs_use_shared_libs(ipsec_t) - logging_send_syslog_msg(ipsec_t) miscfiles_read_localization(ipsec_t) @@ -245,9 +242,6 @@ init_use_script_ptys(ipsec_mgmt_t) init_exec_script_files(ipsec_mgmt_t) init_use_fds(ipsec_mgmt_t) -libs_use_ld_so(ipsec_mgmt_t) -libs_use_shared_libs(ipsec_mgmt_t) - miscfiles_read_localization(ipsec_mgmt_t) modutils_domtrans_insmod(ipsec_mgmt_t) @@ -319,9 +313,6 @@ selinux_compute_access_vector(racoon_t) ipsec_setcontext_default_spd(racoon_t) -libs_use_ld_so(racoon_t) -libs_use_shared_libs(racoon_t) - locallogin_use_fds(racoon_t) logging_send_syslog_msg(racoon_t) @@ -354,9 +345,6 @@ ipsec_setcontext_default_spd(setkey_t) locallogin_use_fds(setkey_t) -libs_use_ld_so(setkey_t) -libs_use_shared_libs(setkey_t) - miscfiles_read_localization(setkey_t) seutil_read_config(setkey_t) diff --git a/policy/modules/system/iptables.te b/policy/modules/system/iptables.te index 2c7c8eb..937f2db 100644 --- a/policy/modules/system/iptables.te +++ b/policy/modules/system/iptables.te @@ -67,9 +67,6 @@ init_use_script_ptys(iptables_t) init_rw_script_tmp_files(iptables_t) init_rw_script_stream_sockets(iptables_t) -libs_use_ld_so(iptables_t) -libs_use_shared_libs(iptables_t) - logging_send_syslog_msg(iptables_t) miscfiles_read_localization(iptables_t) diff --git a/policy/modules/system/iscsi.te b/policy/modules/system/iscsi.te index c8492b7..d499bef 100644 --- a/policy/modules/system/iscsi.te +++ b/policy/modules/system/iscsi.te @@ -71,9 +71,6 @@ domain_use_interactive_fds(iscsid_t) files_read_etc_files(iscsid_t) -libs_use_ld_so(iscsid_t) -libs_use_shared_libs(iscsid_t) - logging_send_syslog_msg(iscsid_t) miscfiles_read_localization(iscsid_t) diff --git a/policy/modules/system/libraries.te b/policy/modules/system/libraries.te index 10a9272..0e47455 100644 --- a/policy/modules/system/libraries.te +++ b/policy/modules/system/libraries.te @@ -81,9 +81,6 @@ files_delete_etc_files(ldconfig_t) init_use_script_ptys(ldconfig_t) -libs_use_ld_so(ldconfig_t) -libs_use_shared_libs(ldconfig_t) - miscfiles_read_localization(ldconfig_t) logging_send_syslog_msg(ldconfig_t) diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te index b2b46e0..1e31efb 100644 --- a/policy/modules/system/locallogin.te +++ b/policy/modules/system/locallogin.te @@ -127,9 +127,6 @@ files_read_var_symlinks(local_login_t) init_dontaudit_use_fds(local_login_t) -libs_use_ld_so(local_login_t) -libs_use_shared_libs(local_login_t) - miscfiles_read_localization(local_login_t) userdom_spec_domtrans_all_users(local_login_t) @@ -232,9 +229,6 @@ files_dontaudit_search_isid_type_dirs(sulogin_t) init_getpgid_script(sulogin_t) -libs_use_ld_so(sulogin_t) -libs_use_shared_libs(sulogin_t) - logging_send_syslog_msg(sulogin_t) seutil_read_config(sulogin_t) diff --git a/policy/modules/system/logging.te b/policy/modules/system/logging.te index 072759f..6ec8c70 100644 --- a/policy/modules/system/logging.te +++ b/policy/modules/system/logging.te @@ -111,9 +111,6 @@ term_use_all_terms(auditctl_t) init_dontaudit_use_fds(auditctl_t) -libs_use_ld_so(auditctl_t) -libs_use_shared_libs(auditctl_t) - locallogin_dontaudit_use_fds(auditctl_t) logging_set_audit_parameters(auditctl_t) @@ -182,9 +179,6 @@ logging_send_syslog_msg(auditd_t) logging_domtrans_dispatcher(auditd_t) logging_signal_dispatcher(auditd_t) -libs_use_ld_so(auditd_t) -libs_use_shared_libs(auditd_t) - miscfiles_read_localization(auditd_t) mls_file_read_all_levels(auditd_t) @@ -240,9 +234,6 @@ files_read_etc_files(audisp_t) mls_file_write_all_levels(audisp_t) -libs_use_ld_so(audisp_t) -libs_use_shared_libs(audisp_t) - logging_send_syslog_msg(audisp_t) miscfiles_read_localization(audisp_t) @@ -265,9 +256,6 @@ corenet_sendrecv_audit_client_packets(audisp_remote_t) files_read_etc_files(audisp_remote_t) -libs_use_ld_so(audisp_remote_t) -libs_use_shared_libs(audisp_remote_t) - logging_send_syslog_msg(audisp_remote_t) miscfiles_read_localization(audisp_remote_t) @@ -311,9 +299,6 @@ files_read_etc_runtime_files(klogd_t) # read /etc/nsswitch.conf files_read_etc_files(klogd_t) -libs_use_ld_so(klogd_t) -libs_use_shared_libs(klogd_t) - logging_send_syslog_msg(klogd_t) miscfiles_read_localization(klogd_t) @@ -449,9 +434,6 @@ auth_use_nsswitch(syslogd_t) init_use_fds(syslogd_t) -libs_use_ld_so(syslogd_t) -libs_use_shared_libs(syslogd_t) - # cjp: this doesnt make sense logging_send_syslog_msg(syslogd_t) diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te index a45a49b..29b0d9d 100644 --- a/policy/modules/system/lvm.te +++ b/policy/modules/system/lvm.te @@ -106,9 +106,6 @@ storage_raw_read_fixed_disk(clvmd_t) auth_use_nsswitch(clvmd_t) -libs_use_ld_so(clvmd_t) -libs_use_shared_libs(clvmd_t) - logging_send_syslog_msg(clvmd_t) miscfiles_read_localization(clvmd_t) @@ -261,9 +258,6 @@ init_use_fds(lvm_t) init_dontaudit_getattr_initctl(lvm_t) init_use_script_ptys(lvm_t) -libs_use_ld_so(lvm_t) -libs_use_shared_libs(lvm_t) - logging_send_syslog_msg(lvm_t) miscfiles_read_localization(lvm_t) diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te index d447ca8..53ff21b 100644 --- a/policy/modules/system/modutils.te +++ b/policy/modules/system/modutils.te @@ -102,9 +102,6 @@ init_use_fds(insmod_t) init_use_script_fds(insmod_t) init_use_script_ptys(insmod_t) -libs_use_ld_so(insmod_t) -libs_use_shared_libs(insmod_t) - logging_send_syslog_msg(insmod_t) logging_search_logs(insmod_t) @@ -203,9 +200,6 @@ files_read_etc_files(depmod_t) files_read_usr_src_files(depmod_t) files_list_usr(depmod_t) -libs_use_ld_so(depmod_t) -libs_use_shared_libs(depmod_t) - # Read System.map from home directories. files_list_home(depmod_t) staff_read_home_content_files(depmod_t) @@ -276,9 +270,6 @@ files_exec_etc_files(update_modules_t) corecmd_exec_bin(update_modules_t) corecmd_exec_shell(update_modules_t) -libs_use_ld_so(update_modules_t) -libs_use_shared_libs(update_modules_t) - logging_send_syslog_msg(update_modules_t) miscfiles_read_localization(update_modules_t) diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te index de9e9f5..0089812 100644 --- a/policy/modules/system/mount.te +++ b/policy/modules/system/mount.te @@ -103,9 +103,6 @@ init_dontaudit_getattr_initctl(mount_t) auth_use_nsswitch(mount_t) -libs_use_ld_so(mount_t) -libs_use_shared_libs(mount_t) - logging_send_syslog_msg(mount_t) miscfiles_read_localization(mount_t) diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te index 357066d..59562b0 100644 --- a/policy/modules/system/netlabel.te +++ b/policy/modules/system/netlabel.te @@ -24,7 +24,4 @@ kernel_read_network_state(netlabel_mgmt_t) files_read_etc_files(netlabel_mgmt_t) -libs_use_ld_so(netlabel_mgmt_t) -libs_use_shared_libs(netlabel_mgmt_t) - seutil_use_newrole_fds(netlabel_mgmt_t) diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te index d5b9391..77da11e 100644 --- a/policy/modules/system/pcmcia.te +++ b/policy/modules/system/pcmcia.te @@ -93,8 +93,6 @@ files_dontaudit_getattr_all_symlinks(cardmgr_t) files_dontaudit_getattr_all_pipes(cardmgr_t) files_dontaudit_getattr_all_sockets(cardmgr_t) -libs_use_ld_so(cardmgr_t) -libs_use_shared_libs(cardmgr_t) libs_exec_ld_so(cardmgr_t) libs_exec_lib_files(cardmgr_t) diff --git a/policy/modules/system/raid.te b/policy/modules/system/raid.te index e78fa38..7556f02 100644 --- a/policy/modules/system/raid.te +++ b/policy/modules/system/raid.te @@ -61,9 +61,6 @@ files_read_etc_runtime_files(mdadm_t) init_dontaudit_getattr_initctl(mdadm_t) -libs_use_ld_so(mdadm_t) -libs_use_shared_libs(mdadm_t) - logging_send_syslog_msg(mdadm_t) miscfiles_read_localization(mdadm_t) diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te index aeb194b..5c4c454 100644 --- a/policy/modules/system/selinuxutil.te +++ b/policy/modules/system/selinuxutil.te @@ -140,9 +140,6 @@ term_use_console(checkpolicy_t) init_use_fds(checkpolicy_t) init_use_script_ptys(checkpolicy_t) -libs_use_ld_so(checkpolicy_t) -libs_use_shared_libs(checkpolicy_t) - userdom_use_all_users_fds(checkpolicy_t) ifdef(`distro_ubuntu',` @@ -180,9 +177,6 @@ term_list_ptys(load_policy_t) init_use_script_fds(load_policy_t) init_use_script_ptys(load_policy_t) -libs_use_ld_so(load_policy_t) -libs_use_shared_libs(load_policy_t) - miscfiles_read_localization(load_policy_t) seutil_libselinux_linked(load_policy_t) @@ -274,9 +268,6 @@ auth_rw_faillog(newrole_t) init_rw_utmp(newrole_t) init_use_fds(newrole_t) -libs_use_ld_so(newrole_t) -libs_use_shared_libs(newrole_t) - logging_send_syslog_msg(newrole_t) miscfiles_read_localization(newrole_t) @@ -336,9 +327,6 @@ auth_relabel_all_files_except_shadow(restorecond_t ) auth_read_all_files_except_shadow(restorecond_t) auth_use_nsswitch(restorecond_t) -libs_use_ld_so(restorecond_t) -libs_use_shared_libs(restorecond_t) - locallogin_dontaudit_use_fds(restorecond_t) logging_send_syslog_msg(restorecond_t) @@ -403,9 +391,6 @@ init_spec_domtrans_script(run_init_t) # for utmp init_rw_utmp(run_init_t) -libs_use_ld_so(run_init_t) -libs_use_shared_libs(run_init_t) - logging_send_syslog_msg(run_init_t) miscfiles_read_localization(run_init_t) @@ -474,9 +459,6 @@ term_use_all_terms(semanage_t) # Running genhomedircon requires this for finding all users auth_use_nsswitch(semanage_t) -libs_use_ld_so(semanage_t) -libs_use_shared_libs(semanage_t) - locallogin_use_fds(semanage_t) logging_send_syslog_msg(semanage_t) @@ -584,9 +566,6 @@ init_use_script_fds(setfiles_t) init_use_script_ptys(setfiles_t) init_exec_script_files(setfiles_t) -libs_use_ld_so(setfiles_t) -libs_use_shared_libs(setfiles_t) - logging_send_syslog_msg(setfiles_t) miscfiles_read_localization(setfiles_t) diff --git a/policy/modules/system/setrans.te b/policy/modules/system/setrans.te index 999ced1..aa92446 100644 --- a/policy/modules/system/setrans.te +++ b/policy/modules/system/setrans.te @@ -69,9 +69,6 @@ term_dontaudit_use_unallocated_ttys(setrans_t) init_dontaudit_use_script_ptys(setrans_t) -libs_use_ld_so(setrans_t) -libs_use_shared_libs(setrans_t) - locallogin_dontaudit_use_fds(setrans_t) logging_send_syslog_msg(setrans_t) diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te index bba323b..06ef1ab 100644 --- a/policy/modules/system/sysnetwork.te +++ b/policy/modules/system/sysnetwork.te @@ -128,9 +128,6 @@ init_rw_utmp(dhcpc_t) logging_send_syslog_msg(dhcpc_t) -libs_use_ld_so(dhcpc_t) -libs_use_shared_libs(dhcpc_t) - miscfiles_read_localization(dhcpc_t) modutils_domtrans_insmod(dhcpc_t) @@ -288,8 +285,6 @@ files_dontaudit_read_root_files(ifconfig_t) init_use_fds(ifconfig_t) init_use_script_ptys(ifconfig_t) -libs_use_ld_so(ifconfig_t) -libs_use_shared_libs(ifconfig_t) libs_read_lib_files(ifconfig_t) logging_send_syslog_msg(ifconfig_t) diff --git a/policy/modules/system/udev.te b/policy/modules/system/udev.te index 9c832b6..b6506e6 100644 --- a/policy/modules/system/udev.te +++ b/policy/modules/system/udev.te @@ -137,9 +137,6 @@ init_read_utmp(udev_t) init_dontaudit_write_utmp(udev_t) init_getattr_initctl(udev_t) -libs_use_ld_so(udev_t) -libs_use_shared_libs(udev_t) - logging_search_logs(udev_t) logging_send_syslog_msg(udev_t) diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if index aa16eeb..21df880 100644 --- a/policy/modules/system/unconfined.if +++ b/policy/modules/system/unconfined.if @@ -77,12 +77,6 @@ interface(`unconfined_domain_noaudit',` ') optional_policy(` - # this is to handle execmod on shared - # libs with text relocations - libs_use_shared_libs($1) - ') - - optional_policy(` nscd_unconfined($1) ') diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if index 7d61601..ff37b35 100644 --- a/policy/modules/system/userdomain.if +++ b/policy/modules/system/userdomain.if @@ -97,8 +97,6 @@ template(`userdom_base_user_template',` files_dontaudit_getattr_non_security_pipes($1_t) files_dontaudit_getattr_non_security_sockets($1_t) - libs_use_ld_so($1_t) - libs_use_shared_libs($1_t) libs_exec_ld_so($1_t) miscfiles_read_localization($1_t) diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te index 3b04a40..9e95995 100644 --- a/policy/modules/system/xen.te +++ b/policy/modules/system/xen.te @@ -183,9 +183,6 @@ term_use_generic_ptys(xend_t) term_use_ptmx(xend_t) term_getattr_pty_fs(xend_t) -libs_use_ld_so(xend_t) -libs_use_shared_libs(xend_t) - locallogin_dontaudit_use_fds(xend_t) logging_send_syslog_msg(xend_t) @@ -249,9 +246,6 @@ term_use_console(xenconsoled_t) init_use_fds(xenconsoled_t) init_use_script_ptys(xenconsoled_t) -libs_use_ld_so(xenconsoled_t) -libs_use_shared_libs(xenconsoled_t) - miscfiles_read_localization(xenconsoled_t) xen_append_log(xenconsoled_t) @@ -298,9 +292,6 @@ term_use_console(xenconsoled_t) init_use_fds(xenstored_t) init_use_script_ptys(xenstored_t) -libs_use_ld_so(xenstored_t) -libs_use_shared_libs(xenstored_t) - logging_send_syslog_msg(xenstored_t) miscfiles_read_localization(xenstored_t) @@ -353,9 +344,6 @@ term_use_all_terms(xm_t) init_rw_script_stream_sockets(xm_t) init_use_fds(xm_t) -libs_use_ld_so(xm_t) -libs_use_shared_libs(xm_t) - miscfiles_read_localization(xm_t) sysnet_read_config(xm_t)