diff options
Diffstat (limited to 'policy/modules/services/cups.te')
| -rw-r--r-- | policy/modules/services/cups.te | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/policy/modules/services/cups.te b/policy/modules/services/cups.te index dacf53b5..136953ed 100644 --- a/policy/modules/services/cups.te +++ b/policy/modules/services/cups.te @@ -86,16 +86,6 @@ files_tmp_file(hplip_tmp_t) type hplip_var_lib_t; files_type(hplip_var_lib_t) -type ptal_t; -type ptal_exec_t; -init_daemon_domain(ptal_t, ptal_exec_t) - -type ptal_etc_t; -files_config_file(ptal_etc_t) - -type ptal_runtime_t alias ptal_var_run_t; -files_runtime_file(ptal_runtime_t) - ifdef(`enable_mls',` init_ranged_daemon_domain(cupsd_t, cupsd_exec_t, mls_systemhigh) ') @@ -161,9 +151,6 @@ allow cupsd_t hplip_runtime_t:file read_file_perms; read_files_pattern(cupsd_t, hplip_var_lib_t, hplip_var_lib_t) read_lnk_files_pattern(cupsd_t, hplip_var_lib_t, hplip_var_lib_t) -stream_connect_pattern(cupsd_t, ptal_runtime_t, ptal_runtime_t, ptal_t) -allow cupsd_t ptal_runtime_t:sock_file setattr_sock_file_perms; - can_exec(cupsd_t, { cupsd_exec_t cupsd_interface_t }) kernel_read_system_state(cupsd_t) @@ -695,63 +682,3 @@ optional_policy(` optional_policy(` udev_read_runtime_files(hplip_t) ') - -######################################## -# -# PTAL local policy -# - -allow ptal_t self:capability { chown sys_rawio }; -dontaudit ptal_t self:capability sys_tty_config; -allow ptal_t self:fifo_file rw_fifo_file_perms; -allow ptal_t self:unix_stream_socket { accept listen }; -allow ptal_t self:tcp_socket create_stream_socket_perms; - -allow ptal_t ptal_etc_t:dir list_dir_perms; -read_files_pattern(ptal_t, ptal_etc_t, ptal_etc_t) -read_lnk_files_pattern(ptal_t, ptal_etc_t, ptal_etc_t) - -manage_dirs_pattern(ptal_t, ptal_runtime_t, ptal_runtime_t) -manage_files_pattern(ptal_t, ptal_runtime_t, ptal_runtime_t) -manage_lnk_files_pattern(ptal_t, ptal_runtime_t, ptal_runtime_t) -manage_fifo_files_pattern(ptal_t, ptal_runtime_t, ptal_runtime_t) -manage_sock_files_pattern(ptal_t, ptal_runtime_t, ptal_runtime_t) -files_runtime_filetrans(ptal_t, ptal_runtime_t, { dir file lnk_file sock_file fifo_file }) - -kernel_read_kernel_sysctls(ptal_t) -kernel_list_proc(ptal_t) -kernel_read_proc_symlinks(ptal_t) - -corenet_all_recvfrom_netlabel(ptal_t) -corenet_tcp_sendrecv_generic_if(ptal_t) -corenet_tcp_sendrecv_generic_node(ptal_t) -corenet_tcp_bind_generic_node(ptal_t) - -corenet_sendrecv_ptal_server_packets(ptal_t) -corenet_tcp_bind_ptal_port(ptal_t) - -dev_read_sysfs(ptal_t) -dev_read_usbfs(ptal_t) -dev_rw_printer(ptal_t) - -domain_use_interactive_fds(ptal_t) - -files_read_etc_files(ptal_t) -files_read_etc_runtime_files(ptal_t) - -fs_getattr_all_fs(ptal_t) -fs_search_auto_mountpoints(ptal_t) - -logging_send_syslog_msg(ptal_t) - -miscfiles_read_localization(ptal_t) - -sysnet_read_config(ptal_t) - -userdom_dontaudit_use_unpriv_user_fds(ptal_t) -userdom_dontaudit_search_user_home_content(ptal_t) - -optional_policy(` - seutil_sigchld_newrole(ptal_t) -') - |