Remove unused userspace security classes.
These are all userspace security class definitions that are
unused in Android; they are only meaningful in Linux distributions.
Change-Id: I99738752da996d9a1c7793eea049d937ffe4255b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/access_vectors b/access_vectors
index c280f08..5b5b6ad 100644
--- a/access_vectors
+++ b/access_vectors
@@ -80,47 +80,6 @@
}
#
-# Define a common prefix for userspace database object access vectors.
-#
-
-common database
-{
- create
- drop
- getattr
- setattr
- relabelfrom
- relabelto
-}
-
-#
-# Define a common prefix for pointer and keyboard access vectors.
-#
-
-common x_device
-{
- getattr
- setattr
- use
- read
- write
- getfocus
- setfocus
- bell
- force_cursor
- freeze
- grab
- manage
- list_property
- get_property
- set_property
- add
- remove
- create
- destroy
-}
-
-#
# Define the access vectors.
#
# class class_name [ inherits common_name ] { permission_name ... }
@@ -450,165 +409,6 @@
}
#
-# Define the access vector interpretation for controlling
-# changes to passwd information.
-#
-class passwd
-{
- passwd # change another user passwd
- chfn # change another user finger info
- chsh # change another user shell
- rootok # pam_rootok check (skip auth)
- crontab # crontab on another user
-}
-
-#
-# SE-X Windows stuff
-#
-class x_drawable
-{
- create
- destroy
- read
- write
- blend
- getattr
- setattr
- list_child
- add_child
- remove_child
- list_property
- get_property
- set_property
- manage
- override
- show
- hide
- send
- receive
-}
-
-class x_screen
-{
- getattr
- setattr
- hide_cursor
- show_cursor
- saver_getattr
- saver_setattr
- saver_hide
- saver_show
-}
-
-class x_gc
-{
- create
- destroy
- getattr
- setattr
- use
-}
-
-class x_font
-{
- create
- destroy
- getattr
- add_glyph
- remove_glyph
- use
-}
-
-class x_colormap
-{
- create
- destroy
- read
- write
- getattr
- add_color
- remove_color
- install
- uninstall
- use
-}
-
-class x_property
-{
- create
- destroy
- read
- write
- append
- getattr
- setattr
-}
-
-class x_selection
-{
- read
- write
- getattr
- setattr
-}
-
-class x_cursor
-{
- create
- destroy
- read
- write
- getattr
- setattr
- use
-}
-
-class x_client
-{
- destroy
- getattr
- setattr
- manage
-}
-
-class x_device
-inherits x_device
-
-class x_server
-{
- getattr
- setattr
- record
- debug
- grab
- manage
-}
-
-class x_extension
-{
- query
- use
-}
-
-class x_resource
-{
- read
- write
-}
-
-class x_event
-{
- send
- receive
-}
-
-class x_synthetic_event
-{
- send
- receive
-}
-
-#
# Extended Netlink classes
#
class netlink_route_socket
@@ -666,33 +466,6 @@
inherits socket
# Define the access vector interpretation for controlling
-# access and communication through the D-BUS messaging
-# system.
-#
-class dbus
-{
- acquire_svc
- send_msg
-}
-
-# Define the access vector interpretation for controlling
-# access through the name service cache daemon (nscd).
-#
-class nscd
-{
- getpwd
- getgrp
- gethost
- getstat
- admin
- shmempwd
- shmemgrp
- shmemhost
- getserv
- shmemserv
-}
-
-# Define the access vector interpretation for controlling
# access to IPSec network data by association
#
class association
@@ -732,12 +505,6 @@
create
}
-class context
-{
- translate
- contains
-}
-
class dccp_socket
inherits socket
{
@@ -750,77 +517,12 @@
mmap_zero
}
-class db_database
-inherits database
-{
- access
- install_module
- load_module
- get_param # deprecated
- set_param # deprecated
-}
-
-class db_table
-inherits database
-{
- use # deprecated
- select
- update
- insert
- delete
- lock
-}
-
-class db_procedure
-inherits database
-{
- execute
- entrypoint
- install
-}
-
-class db_column
-inherits database
-{
- use # deprecated
- select
- update
- insert
-}
-
-class db_tuple
-{
- relabelfrom
- relabelto
- use # deprecated
- select
- update
- insert
- delete
-}
-
-class db_blob
-inherits database
-{
- read
- write
- import
- export
-}
-
# network peer labels
class peer
{
recv
}
-class x_application_data
-{
- paste
- paste_after_confirm
- copy
-}
-
class kernel_service
{
use_as_override
@@ -833,41 +535,6 @@
attach_queue
}
-class x_pointer
-inherits x_device
-
-class x_keyboard
-inherits x_device
-
-class db_schema
-inherits database
-{
- search
- add_name
- remove_name
-}
-
-class db_view
-inherits database
-{
- expand
-}
-
-class db_sequence
-inherits database
-{
- get_value
- next_value
- set_value
-}
-
-class db_language
-inherits database
-{
- implement
- execute
-}
-
class binder
{
impersonate
diff --git a/security_classes b/security_classes
index c0c9659..7ea3a38 100644
--- a/security_classes
+++ b/security_classes
@@ -43,27 +43,6 @@
class shm
class ipc
-#
-# userspace object manager classes
-#
-
-# passwd/chfn/chsh
-class passwd # userspace
-
-# SE-X Windows stuff (more classes below)
-class x_drawable # userspace
-class x_screen # userspace
-class x_gc # userspace
-class x_font # userspace
-class x_colormap # userspace
-class x_property # userspace
-class x_selection # userspace
-class x_cursor # userspace
-class x_client # userspace
-class x_device # userspace
-class x_server # userspace
-class x_extension # userspace
-
# extended netlink sockets
class netlink_route_socket
class netlink_firewall_socket
@@ -75,9 +54,6 @@
class netlink_ip6fw_socket
class netlink_dnrt_socket
-class dbus # userspace
-class nscd # userspace
-
# IPSec association
class association
@@ -91,46 +67,21 @@
# Kernel access key retention
class key
-class context # userspace
-
class dccp_socket
class memprotect
-class db_database # userspace
-class db_table # userspace
-class db_procedure # userspace
-class db_column # userspace
-class db_tuple # userspace
-class db_blob # userspace
-
# network peer labels
class peer
# Capabilities >= 32
class capability2
-# More SE-X Windows stuff
-class x_resource # userspace
-class x_event # userspace
-class x_synthetic_event # userspace
-class x_application_data # userspace
-
# kernel services that need to override task security, e.g. cachefiles
class kernel_service
class tun_socket
-# Still More SE-X Windows stuff
-class x_pointer # userspace
-class x_keyboard # userspace
-
-# More Database stuff
-class db_schema # userspace
-class db_view # userspace
-class db_sequence # userspace
-class db_language # userspace
-
class binder
# Property service
