diff options
| author |   Chris PeBenito <chpebeni@linux.microsoft.com> | 2024-02-29 11:04:56 -0500 |
|---|---|---|
| committer |   Kenton Groombridge <concord@gentoo.org> | 2024-05-14 13:40:56 -0400 |
| commit | c102156f10d9ab9ab6a5ebf2ef21d9a36305c759 (patch) | |
| tree | c1f652536b362453bc42a086b5252915b2e51758 /policy/modules/services/cups.if | |
| parent | xen: Revoke kernel module loading permissions. (diff) | |
| download | hardened-refpolicy-c102156f10d9ab9ab6a5ebf2ef21d9a36305c759.tar.gz hardened-refpolicy-c102156f10d9ab9ab6a5ebf2ef21d9a36305c759.tar.bz2 hardened-refpolicy-c102156f10d9ab9ab6a5ebf2ef21d9a36305c759.zip | |
cups: Remove PTAL.
This is part of the HPOJ, which was superseded by HPLIP in 2006.
Signed-off-by: Chris PeBenito <chpebeni@linux.microsoft.com>
Signed-off-by: Kenton Groombridge <concord@gentoo.org>
Diffstat (limited to 'policy/modules/services/cups.if')
| -rw-r--r-- | policy/modules/services/cups.if | 34 |
1 files changed, 7 insertions, 27 deletions
diff --git a/policy/modules/services/cups.if b/policy/modules/services/cups.if index 852db3d6..a6b3f754 100644 --- a/policy/modules/services/cups.if +++ b/policy/modules/services/cups.if @@ -273,26 +273,6 @@ interface(`cups_write_log',` ######################################## ## <summary> -## Connect to ptal over an unix -## domain stream socket. -## </summary> -## <param name="domain"> -## <summary> -## Domain allowed access. -## </summary> -## </param> -# -interface(`cups_stream_connect_ptal',` - gen_require(` - type ptal_t, ptal_runtime_t; - ') - - files_search_runtime($1) - stream_connect_pattern($1, ptal_runtime_t, ptal_runtime_t, ptal_t) -') - -######################################## -## <summary> ## Read the process state (/proc/pid) of cupsd. ## </summary> ## <param name="domain"> @@ -354,21 +334,21 @@ interface(`cups_admin',` type cupsd_t, cupsd_tmp_t, cupsd_lpd_tmp_t; type cupsd_etc_t, cupsd_log_t; type cupsd_config_runtime_t, cupsd_lpd_runtime_t; - type cupsd_runtime_t, ptal_etc_t, cupsd_rw_etc_t; - type ptal_runtime_t, hplip_runtime_t, cupsd_initrc_exec_t; + type cupsd_runtime_t, cupsd_rw_etc_t; + type hplip_runtime_t, cupsd_initrc_exec_t; type cupsd_config_t, cupsd_lpd_t, cups_pdf_t; - type hplip_t, ptal_t; + type hplip_t; ') allow $1 { cupsd_t cupsd_config_t cupsd_lpd_t }:process { ptrace signal_perms }; - allow $1 { cups_pdf_t hplip_t ptal_t }:process { ptrace signal_perms }; + allow $1 { cups_pdf_t hplip_t }:process { ptrace signal_perms }; ps_process_pattern($1, { cupsd_t cupsd_config_t cupsd_lpd_t }) - ps_process_pattern($1, { cups_pdf_t hplip_t ptal_t }) + ps_process_pattern($1, { cups_pdf_t hplip_t }) init_startstop_service($1, $2, cupsd_t, cupsd_initrc_exec_t) files_list_etc($1) - admin_pattern($1, { cupsd_etc_t cupsd_rw_etc_t ptal_etc_t }) + admin_pattern($1, { cupsd_etc_t cupsd_rw_etc_t }) logging_list_logs($1) admin_pattern($1, cupsd_log_t) @@ -380,5 +360,5 @@ interface(`cups_admin',` files_list_runtime($1) admin_pattern($1, { cupsd_config_runtime_t cupsd_runtime_t hplip_runtime_t }) - admin_pattern($1, { ptal_runtime_t cupsd_lpd_runtime_t }) + admin_pattern($1, cupsd_lpd_runtime_t) ') |