From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-951984-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 91C1C139695
	for <garchives@archives.gentoo.org>; Thu, 25 May 2017 17:08:48 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id CD8FA21C1FD;
	Thu, 25 May 2017 17:08:42 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 9985321C1FD
	for <gentoo-commits@lists.gentoo.org>; Thu, 25 May 2017 17:08:42 +0000 (UTC)
Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id C7E0A3416AB
	for <gentoo-commits@lists.gentoo.org>; Thu, 25 May 2017 17:08:36 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 5533B746B
	for <gentoo-commits@lists.gentoo.org>; Thu, 25 May 2017 17:08:34 +0000 (UTC)
From: "Jason Zaman" <perfinion@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" <perfinion@gentoo.org>
Message-ID: <1495731817.8327ce0c3856f07497d5df5d9b77fa820e915cfb.perfinion@gentoo>
Subject: [gentoo-commits] proj/hardened-refpolicy:next commit in: policy/modules/contrib/
X-VCS-Repository: proj/hardened-refpolicy
X-VCS-Files: policy/modules/contrib/consolekit.fc policy/modules/contrib/consolekit.te
X-VCS-Directories: policy/modules/contrib/
X-VCS-Committer: perfinion
X-VCS-Committer-Name: Jason Zaman
X-VCS-Revision: 8327ce0c3856f07497d5df5d9b77fa820e915cfb
X-VCS-Branch: next
Date: Thu, 25 May 2017 17:08:34 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 325b8008-d334-4702-a55b-7e46f0e849ca
X-Archives-Hash: 2b4843dd30a16d41daddc8a3a1f4543b
Message-ID: <20170525170834.ejikzT5ty6k7W4WCyvDBl65JFxMwIa5QRiPwpWuVDLY@z>

commit:     8327ce0c3856f07497d5df5d9b77fa820e915cfb
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Thu May 25 17:03:37 2017 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Thu May 25 17:03:37 2017 +0000
URL:        https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=8327ce0c

consolekit: remove gentoo blocks now that its upstreamed

 policy/modules/contrib/consolekit.fc |  5 -----
 policy/modules/contrib/consolekit.te | 31 +++++++++++--------------------
 2 files changed, 11 insertions(+), 25 deletions(-)

diff --git a/policy/modules/contrib/consolekit.fc b/policy/modules/contrib/consolekit.fc
index 8b440c56..d4623586 100644
--- a/policy/modules/contrib/consolekit.fc
+++ b/policy/modules/contrib/consolekit.fc
@@ -9,8 +9,3 @@
 /run/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_var_run_t,s0)
 /run/consolekit\.pid	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
 /run/console-kit-daemon\.pid	--	gen_context(system_u:object_r:consolekit_var_run_t,s0)
-
-ifdef(`distro_gentoo',`
-# Bug 497986
-/usr/lib/ConsoleKit/.*	--	gen_context(system_u:object_r:bin_t,s0)
-')

diff --git a/policy/modules/contrib/consolekit.te b/policy/modules/contrib/consolekit.te
index 19d4d1b4..d51634ea 100644
--- a/policy/modules/contrib/consolekit.te
+++ b/policy/modules/contrib/consolekit.te
@@ -54,7 +54,8 @@ corecmd_exec_bin(consolekit_t)
 corecmd_exec_shell(consolekit_t)
 
 dev_read_urand(consolekit_t)
-dev_read_sysfs(consolekit_t)
+dev_rw_sysfs(consolekit_t)
+dev_setattr_all_chr_files(consolekit_t)
 
 domain_read_all_domains_state(consolekit_t)
 domain_use_interactive_fds(consolekit_t)
@@ -105,6 +106,10 @@ tunable_policy(`use_samba_home_dirs',`
 ')
 
 optional_policy(`
+	cgmanager_stream_connect(consolekit_t)
+')
+
+optional_policy(`
 	dbus_read_lib_files(consolekit_t)
 	dbus_system_domain(consolekit_t, consolekit_exec_t)
 
@@ -126,6 +131,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	devicekit_manage_log_files(consolekit_t)
+')
+
+optional_policy(`
 	hal_ptrace(consolekit_t)
 ')
 
@@ -157,28 +166,10 @@ optional_policy(`
 optional_policy(`
 	udev_domtrans(consolekit_t)
 	udev_read_db(consolekit_t)
+	udev_read_pid_files(consolekit_t)
 	udev_signal(consolekit_t)
 ')
 
 optional_policy(`
 	unconfined_stream_connect(consolekit_t)
 ')
-
-ifdef(`distro_gentoo',`
-	# consolekit needs to be able to chown /dev nodes when logging in
-	dev_setattr_all_chr_files(consolekit_t)
-
-	optional_policy(`
-		udev_read_pid_files(consolekit_t)
-	')
-
-	# needs to write to sys for suspend
-	dev_rw_sysfs(consolekit_t)
-	optional_policy(`
-		devicekit_manage_log_files(consolekit_t)
-	')
-
-	optional_policy(`
-		cgmanager_stream_connect(consolekit_t)
-	')
-')