aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Zaman <jason@perfinion.com>2019-02-10 14:09:02 +0800
committerJason Zaman <jason@perfinion.com>2019-02-10 14:09:02 +0800
commitb1b6e9dfd6982086f38e0e4e008d31777ee94255 (patch)
treef28b79fab0c7d39ae9acbf02b5a9ac8765c3e518
parentremove gentoo chromium policy that has been upstreamed (diff)
downloadhardened-refpolicy-b1b6e9dfd6982086f38e0e4e008d31777ee94255.tar.gz
hardened-refpolicy-b1b6e9dfd6982086f38e0e4e008d31777ee94255.tar.bz2
hardened-refpolicy-b1b6e9dfd6982086f38e0e4e008d31777ee94255.zip
remove duplicated dev_dontaudit_read_sysfs files_dontaudit_read_etc_files
Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r--policy/modules/kernel/devices.if20
-rw-r--r--policy/modules/kernel/files.if20
2 files changed, 0 insertions, 40 deletions
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 84b9d8fb..87fabe6f 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -5238,26 +5238,6 @@ interface(`dev_unconfined',`
########################################
## <summary>
-## Dont audit attempts to read hardware state information
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain for which the attempts do not need to be audited
-## </summary>
-## </param>
-#
-interface(`dev_dontaudit_read_sysfs',`
- gen_require(`
- type sysfs_t;
- ')
-
- dontaudit $1 sysfs_t:file read_file_perms;
- dontaudit $1 sysfs_t:dir list_dir_perms;
- dontaudit $1 sysfs_t:lnk_file read_lnk_file_perms;
-')
-
-########################################
-## <summary>
## Relabel cpu online hardware state information.
## </summary>
## <param name="domain">
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index 0ace4966..b4db9c89 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -7111,26 +7111,6 @@ interface(`files_dontaudit_read_etc_runtime',`
dontaudit $1 etc_runtime_t:file read_file_perms;
')
-########################################
-## <summary>
-## Do not audit attempts to read files
-## in /etc
-## </summary>
-## <param name="domain">
-## <summary>
-## Domain to not audit.
-## </summary>
-## </param>
-#
-interface(`files_dontaudit_read_etc_files',`
- gen_require(`
- type etc_t;
- ')
-
- dontaudit $1 etc_t:file { getattr read };
-')
-
-
#########################################
## <summary>
## List usr/src files