[gentoo-commits] proj/hardened-refpolicy:master commit in: policy/modules/services/

[Jason Zaman]

commit:     bf4b1f16a4f6a0b415d77ea028996cdadefde3e2
Author:     Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Thu Jan 28 19:57:08 2021 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Feb  1 01:21:42 2021 +0000
URL:        
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=bf4b1f16

aptcacher: Drop broken config interfaces.

The aptcacher_etc_t type does not exist in the policy.  The block in cron
will never be enabled because of this, so drop that too.

Signed-off-by: Chris PeBenito <pebenito <AT> ieee.org>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 policy/modules/services/aptcacher.if | 40 ------------------------------------
 policy/modules/services/cron.te      |  5 -----
 2 files changed, 45 deletions(-)

diff --git a/policy/modules/services/aptcacher.if 
b/policy/modules/services/aptcacher.if
index 8c99a699..12c1335a 100644
--- a/policy/modules/services/aptcacher.if
+++ b/policy/modules/services/aptcacher.if
@@ -63,43 +63,3 @@ interface(`aptcacher_stream_connect',`
        files_search_runtime($1)
        stream_connect_pattern($1, aptcacher_runtime_t, aptcacher_runtime_t, 
aptcacher_t)
 ')
-
-######################################
-## <summary>
-##     read aptcacher config
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to read it.
-##     </summary>
-## </param>
-#
-interface(`aptcacher_read_config',`
-       gen_require(`
-               type aptcacher_etc_t;
-       ')
-
-       files_search_etc($1)
-       allow $1 aptcacher_etc_t:dir list_dir_perms;
-       allow $1 aptcacher_etc_t:file read_file_perms;
-')
-
-######################################
-## <summary>
-##     mmap and read aptcacher config
-## </summary>
-## <param name="domain">
-##     <summary>
-##     Domain allowed to read it.
-##     </summary>
-## </param>
-#
-interface(`aptcacher_mmap_read_config',`
-       gen_require(`
-               type aptcacher_etc_t;
-       ')
-
-       files_search_etc($1)
-       allow $1 aptcacher_etc_t:dir list_dir_perms;
-       allow $1 aptcacher_etc_t:file mmap_read_file_perms;
-')

diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 23e990ad..712a84dd 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -344,11 +344,6 @@ ifdef(`distro_debian',`
                dpkg_manage_db(system_cronjob_t)
        ')
 
-       optional_policy(`
-               aptcacher_mmap_read_config(system_cronjob_t)
-               corenet_tcp_connect_aptcacher_port(system_cronjob_t)
-       ')
-
        optional_policy(`
                logwatch_search_cache_dir(crond_t)
        ')