diff options
author | 2019-02-10 14:09:02 +0800 | |
---|---|---|
committer | 2019-02-10 14:09:02 +0800 | |
commit | b1b6e9dfd6982086f38e0e4e008d31777ee94255 (patch) | |
tree | f28b79fab0c7d39ae9acbf02b5a9ac8765c3e518 | |
parent | remove gentoo chromium policy that has been upstreamed (diff) | |
download | hardened-refpolicy-b1b6e9dfd6982086f38e0e4e008d31777ee94255.tar.gz hardened-refpolicy-b1b6e9dfd6982086f38e0e4e008d31777ee94255.tar.bz2 hardened-refpolicy-b1b6e9dfd6982086f38e0e4e008d31777ee94255.zip |
remove duplicated dev_dontaudit_read_sysfs files_dontaudit_read_etc_files
Signed-off-by: Jason Zaman <jason@perfinion.com>
-rw-r--r-- | policy/modules/kernel/devices.if | 20 | ||||
-rw-r--r-- | policy/modules/kernel/files.if | 20 |
2 files changed, 0 insertions, 40 deletions
diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if index 84b9d8fb..87fabe6f 100644 --- a/policy/modules/kernel/devices.if +++ b/policy/modules/kernel/devices.if @@ -5238,26 +5238,6 @@ interface(`dev_unconfined',` ######################################## ## <summary> -## Dont audit attempts to read hardware state information -## </summary> -## <param name="domain"> -## <summary> -## Domain for which the attempts do not need to be audited -## </summary> -## </param> -# -interface(`dev_dontaudit_read_sysfs',` - gen_require(` - type sysfs_t; - ') - - dontaudit $1 sysfs_t:file read_file_perms; - dontaudit $1 sysfs_t:dir list_dir_perms; - dontaudit $1 sysfs_t:lnk_file read_lnk_file_perms; -') - -######################################## -## <summary> ## Relabel cpu online hardware state information. ## </summary> ## <param name="domain"> diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if index 0ace4966..b4db9c89 100644 --- a/policy/modules/kernel/files.if +++ b/policy/modules/kernel/files.if @@ -7111,26 +7111,6 @@ interface(`files_dontaudit_read_etc_runtime',` dontaudit $1 etc_runtime_t:file read_file_perms; ') -######################################## -## <summary> -## Do not audit attempts to read files -## in /etc -## </summary> -## <param name="domain"> -## <summary> -## Domain to not audit. -## </summary> -## </param> -# -interface(`files_dontaudit_read_etc_files',` - gen_require(` - type etc_t; - ') - - dontaudit $1 etc_t:file { getattr read }; -') - - ######################################### ## <summary> ## List usr/src files |