From dca5983884a9e36134575c1832cde03571d3efa8 Mon Sep 17 00:00:00 2001
From: Zdenek Pytela <zpytela@redhat.com>
Date: Mon, 7 Oct 2024 16:44:24 +0200
Subject: [PATCH] Remove the linuxptp module sources

The package now maintains its own selinux policy module.
---
 dist/targeted/modules.conf         |   7 -
 policy/modules/contrib/linuxptp.fc |  11 --
 policy/modules/contrib/linuxptp.if | 140 +++++++++++---------
 policy/modules/contrib/linuxptp.te | 199 -----------------------------
 4 files changed, 79 insertions(+), 278 deletions(-)
 delete mode 100644 policy/modules/contrib/linuxptp.fc
 delete mode 100644 policy/modules/contrib/linuxptp.te

diff --git a/dist/targeted/modules.conf b/dist/targeted/modules.conf
index 43bd4a2176..bd92e2ff12 100644
--- a/dist/targeted/modules.conf
+++ b/dist/targeted/modules.conf
@@ -2742,13 +2742,6 @@ mon_statd = module
 #
 cinder = module
 
-# Layer: contrib
-# Module: linuxptp
-#
-# linuxptp policy
-#
-linuxptp = module
-
 # Layer: contrib
 # Module: targetd
 #
diff --git a/policy/modules/contrib/linuxptp.fc b/policy/modules/contrib/linuxptp.fc
deleted file mode 100644
index 85eb1475e1..0000000000
--- a/policy/modules/contrib/linuxptp.fc
+++ /dev/null
@@ -1,11 +0,0 @@
-/usr/lib/systemd/system/phc2sys.*		--	gen_context(system_u:object_r:phc2sys_unit_file_t,s0)
-
-/usr/lib/systemd/system/ptp4l.*			--	gen_context(system_u:object_r:ptp4l_unit_file_t,s0)
-
-/usr/lib/systemd/system/timemaster.*		--	gen_context(system_u:object_r:timemaster_unit_file_t,s0)
-
-/usr/bin/ptp4l					--	gen_context(system_u:object_r:ptp4l_exec_t,s0)
-/usr/bin/phc2sys				--	gen_context(system_u:object_r:phc2sys_exec_t,s0)
-/usr/bin/timemaster				--	gen_context(system_u:object_r:timemaster_exec_t,s0)
-
-/run/timemaster(/.*)?				gen_context(system_u:object_r:timemaster_var_run_t,s0)
diff --git a/policy/modules/contrib/linuxptp.if b/policy/modules/contrib/linuxptp.if
index ab8cda53ae..2175ac4712 100644
--- a/policy/modules/contrib/linuxptp.if
+++ b/policy/modules/contrib/linuxptp.if
@@ -10,13 +10,15 @@
 ## </summary>
 ## </param>
 #
-interface(`linuxptp_domtrans_phc2sys',`
-	gen_require(`
-		type phc2sys_t, phc2sys_exec_t;
+ifndef(`linuxptp_domtrans_phc2sys',`
+	interface(`linuxptp_domtrans_phc2sys',`
+		gen_require(`
+			type phc2sys_t, phc2sys_exec_t;
+		')
+
+		corecmd_search_bin($1)
+		domtrans_pattern($1, phc2sys_exec_t, phc2sys_t)
 	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, phc2sys_exec_t, phc2sys_t)
 ')
 
 ########################################
@@ -29,13 +31,15 @@ interface(`linuxptp_domtrans_phc2sys',`
 ## </summary>
 ## </param>
 #
-interface(`linuxptp_domtrans_ptp4l',`
-	gen_require(`
-		type ptp4l_t, ptp4l_exec_t;
+ifndef(`linuxptp_domtrans_ptp4l',`
+	interface(`linuxptp_domtrans_ptp4l',`
+		gen_require(`
+			type ptp4l_t, ptp4l_exec_t;
+		')
+
+		corecmd_search_bin($1)
+		domtrans_pattern($1, ptp4l_exec_t, ptp4l_t)
 	')
-
-	corecmd_search_bin($1)
-	domtrans_pattern($1, ptp4l_exec_t, ptp4l_t)
 ')
 ######################################
 ## <summary>
@@ -48,13 +52,15 @@ interface(`linuxptp_domtrans_ptp4l',`
 ##  </summary>
 ## </param>
 #
-interface(`timemaster_stream_connect',`
-	gen_require(`
-        	type timemaster_t, timemaster_var_run_t;
-        ')
-
-        files_search_pids($1)
-        stream_connect_pattern($1, timemaster_var_run_t, timemaster_var_run_t, timemaster_t)
+ifndef(`timemaster_stream_connect',`
+	interface(`timemaster_stream_connect',`
+		gen_require(`
+	        	type timemaster_t, timemaster_var_run_t;
+	        ')
+
+	        files_search_pids($1)
+	        stream_connect_pattern($1, timemaster_var_run_t, timemaster_var_run_t, timemaster_t)
+	')
 ')
 
 ########################################
@@ -67,12 +73,14 @@ interface(`timemaster_stream_connect',`
 ## </summary>
 ## </param>
 #
-interface(`timemaster_read_pid_files',`
-	gen_require(`
-		type timemaster_var_run_t;
-	')
+ifndef(`timemaster_read_pid_files',`
+	interface(`timemaster_read_pid_files',`
+		gen_require(`
+			type timemaster_var_run_t;
+		')
 
-    read_files_pattern($1, timemaster_var_run_t, timemaster_var_run_t)
+	    read_files_pattern($1, timemaster_var_run_t, timemaster_var_run_t)
+	')
 ')
 
 ########################################
@@ -85,12 +93,14 @@ interface(`timemaster_read_pid_files',`
 ##	</summary>
 ## </param>
 #
-interface(`timemaster_manage_pid_sock_files',`
-	gen_require(`
-		type timemaster_var_run_t;
-	')
+ifndef(`timemaster_manage_pid_sock_files',`
+	interface(`timemaster_manage_pid_sock_files',`
+		gen_require(`
+			type timemaster_var_run_t;
+		')
 
-	manage_sock_files_pattern($1, timemaster_var_run_t, timemaster_var_run_t)
+		manage_sock_files_pattern($1, timemaster_var_run_t, timemaster_var_run_t)
+	')
 ')
 
 ########################################
@@ -103,16 +113,18 @@ interface(`timemaster_manage_pid_sock_files',`
 ## </summary>
 ## </param>
 #
-interface(`timemaster_rw_shm',`
-	gen_require(`
-		type timemaster_t, timemaster_tmpfs_t;
+ifndef(`timemaster_rw_shm',`
+	interface(`timemaster_rw_shm',`
+		gen_require(`
+			type timemaster_t, timemaster_tmpfs_t;
+		')
+
+		allow $1 timemaster_t:shm rw_shm_perms;
+		list_dirs_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		rw_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		fs_search_tmpfs($1)
 	')
-
-	allow $1 timemaster_t:shm rw_shm_perms;
-	list_dirs_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	rw_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -125,16 +137,18 @@ interface(`timemaster_rw_shm',`
 ## </summary>
 ## </param>
 #
-interface(`ptp4l_rw_shm',`
-	gen_require(`
-		type ptp4l_t, timemaster_tmpfs_t;
+ifndef(`ptp4l_rw_shm',`
+	interface(`ptp4l_rw_shm',`
+		gen_require(`
+			type ptp4l_t, timemaster_tmpfs_t;
+		')
+
+		allow $1 ptp4l_t:shm rw_shm_perms;
+		list_dirs_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		rw_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		fs_search_tmpfs($1)
 	')
-
-	allow $1 ptp4l_t:shm rw_shm_perms;
-	list_dirs_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	rw_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	fs_search_tmpfs($1)
 ')
 
 ########################################
@@ -147,16 +161,18 @@ interface(`ptp4l_rw_shm',`
 ## </summary>
 ## </param>
 #
-interface(`phc2sys_rw_shm',`
-	gen_require(`
-		type phc2sys_t, timemaster_tmpfs_t;
+ifndef(`phc2sys_rw_shm',`
+	interface(`phc2sys_rw_shm',`
+		gen_require(`
+			type phc2sys_t, timemaster_tmpfs_t;
+		')
+
+		allow $1 phc2sys_t:shm rw_shm_perms;
+		list_dirs_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		rw_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
+		fs_search_tmpfs($1)
 	')
-
-	allow $1 phc2sys_t:shm rw_shm_perms;
-	list_dirs_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	rw_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	read_lnk_files_pattern($1, timemaster_tmpfs_t, timemaster_tmpfs_t)
-	fs_search_tmpfs($1)
 ')
 
 #######################################
@@ -169,10 +185,12 @@ interface(`phc2sys_rw_shm',`
 ##	</summary>
 ## </param>
 #
-interface(`timemaster_service_status',`
-	gen_require(`
-		type timemaster_unit_file_t;
-	')
+ifndef(`timemaster_service_status',`
+	interface(`timemaster_service_status',`
+		gen_require(`
+			type timemaster_unit_file_t;
+		')
 
-	allow $1 timemaster_unit_file_t:service status;
+		allow $1 timemaster_unit_file_t:service status;
+	')
 ')
diff --git a/policy/modules/contrib/linuxptp.te b/policy/modules/contrib/linuxptp.te
deleted file mode 100644
index 6525fb75b1..0000000000
--- a/policy/modules/contrib/linuxptp.te
+++ /dev/null
@@ -1,199 +0,0 @@
-policy_module(linuxptp, 1.0.0)
-
-
-########################################
-#
-# Declarations
-#
-
-type timemaster_t;
-type timemaster_exec_t;
-init_daemon_domain(timemaster_t, timemaster_exec_t)
-
-type timemaster_var_run_t;
-files_pid_file(timemaster_var_run_t)
-
-type timemaster_tmpfs_t;
-files_tmpfs_file(timemaster_tmpfs_t)
-
-type timemaster_unit_file_t;
-systemd_unit_file(timemaster_unit_file_t)
-
-type phc2sys_t;
-type phc2sys_exec_t;
-init_daemon_domain(phc2sys_t, phc2sys_exec_t)
-
-type phc2sys_unit_file_t;
-systemd_unit_file(phc2sys_unit_file_t)
-
-type ptp4l_t;
-type ptp4l_exec_t;
-init_daemon_domain(ptp4l_t, ptp4l_exec_t)
-
-type ptp4l_unit_file_t;
-systemd_unit_file(ptp4l_unit_file_t)
-
-########################################
-#
-# timemaster local policy
-#
-
-allow timemaster_t self:process { signal_perms setcap};
-allow timemaster_t self:fifo_file rw_fifo_file_perms;
-allow timemaster_t self:capability { setuid sys_time kill setgid };
-allow timemaster_t self:unix_stream_socket create_stream_socket_perms;
-allow timemaster_t self:shm create_shm_perms;
-allow timemaster_t self:udp_socket create_socket_perms;
-
-allow timemaster_t ptp4l_t:process signal;
-allow timemaster_t phc2sys_t:process signal;
-
-allow timemaster_t ptp4l_t:shm rw_shm_perms;
-
-manage_dirs_pattern(timemaster_t, timemaster_var_run_t, timemaster_var_run_t)
-manage_files_pattern(timemaster_t, timemaster_var_run_t, timemaster_var_run_t)
-manage_sock_files_pattern(timemaster_t, timemaster_var_run_t, timemaster_var_run_t)
-files_pid_filetrans(timemaster_t, timemaster_var_run_t, { dir file sock_file })
-
-manage_dirs_pattern(timemaster_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
-manage_files_pattern(timemaster_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
-fs_tmpfs_filetrans(timemaster_t, timemaster_tmpfs_t, { dir file })
-
-kernel_read_network_state(timemaster_t)
-
-auth_use_nsswitch(timemaster_t)
-
-corenet_udp_bind_generic_node(timemaster_t)
-corenet_udp_bind_ntp_port(timemaster_t)
-
-dev_read_urand(timemaster_t)
-dev_list_sysfs(timemaster_t)
-dev_write_sysfs(timemaster_t)
-
-logging_send_syslog_msg(timemaster_t)
-
-sysnet_read_config(timemaster_t)
-
-optional_policy(`
-	ntp_domtrans(timemaster_t)
-    ntp_signal(timemaster_t)
-')
-
-optional_policy(`
-	chronyd_dgram_send(timemaster_t)
-	chronyd_domtrans(timemaster_t)
-	chronyd_rw_shm(timemaster_t)
-')
-
-optional_policy(`
-	gpsd_rw_shm(timemaster_t)
-')
-
-
-optional_policy(`
-	chronyd_signal(timemaster_t)
-')
-
-
-optional_policy(`
-	linuxptp_domtrans_ptp4l(timemaster_t)
-')
-
-optional_policy(`
-	linuxptp_domtrans_phc2sys(timemaster_t)
-')
-
-########################################
-#
-# phc2sys local policy
-#
-
-allow phc2sys_t self:capability sys_time;
-allow phc2sys_t self:fifo_file rw_fifo_file_perms;
-allow phc2sys_t self:unix_stream_socket create_stream_socket_perms;
-allow phc2sys_t self:shm create_shm_perms;
-allow phc2sys_t self:udp_socket create_socket_perms;
-
-allow phc2sys_t ptp4l_t:unix_dgram_socket sendto;
-
-allow phc2sys_t timemaster_t:shm rw_shm_perms;
-
-manage_dirs_pattern(phc2sys_t, timemaster_var_run_t, timemaster_var_run_t)
-manage_files_pattern(phc2sys_t, timemaster_var_run_t, timemaster_var_run_t)
-manage_sock_files_pattern(phc2sys_t, timemaster_var_run_t, timemaster_var_run_t)
-files_pid_filetrans(phc2sys_t, timemaster_var_run_t, { dir file sock_file })
-
-manage_dirs_pattern(phc2sys_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
-manage_files_pattern(phc2sys_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
-fs_tmpfs_filetrans(phc2sys_t, timemaster_tmpfs_t, { dir file })
-
-dev_rw_realtime_clock(phc2sys_t)
-
-logging_send_syslog_msg(phc2sys_t)
-
-optional_policy(`
-	chronyd_dgram_send(phc2sys_t)
-	chronyd_rw_shm(phc2sys_t)
-')
-
-optional_policy(`
-	gpsd_rw_shm(phc2sys_t)
-')
-
-optional_policy(`
-	ntp_rw_shm(phc2sys_t)
-')
-
-optional_policy(`
-	ptp4l_rw_shm(phc2sys_t)
-')
-
-########################################
-#
-# ptp4l local policy
-#
-
-allow ptp4l_t self:fifo_file rw_fifo_file_perms;
-allow ptp4l_t self:netlink_generic_socket create_socket_perms;
-allow ptp4l_t self:packet_socket create_socket_perms;
-allow ptp4l_t self:unix_stream_socket create_stream_socket_perms;
-allow ptp4l_t self:shm create_shm_perms;
-allow ptp4l_t self:udp_socket create_socket_perms;
-allow ptp4l_t self:capability { net_admin net_raw sys_admin sys_time };
-allow ptp4l_t self:capability2 { bpf wake_alarm };
-allow ptp4l_t self:netlink_route_socket rw_netlink_socket_perms;
-
-allow ptp4l_t phc2sys_t:unix_dgram_socket sendto;
-
-manage_dirs_pattern(ptp4l_t, timemaster_var_run_t, timemaster_var_run_t)
-manage_files_pattern(ptp4l_t, timemaster_var_run_t, timemaster_var_run_t)
-manage_sock_files_pattern(ptp4l_t, timemaster_var_run_t, timemaster_var_run_t)
-files_pid_filetrans(ptp4l_t, timemaster_var_run_t, { dir file sock_file })
-
-manage_dirs_pattern(ptp4l_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
-manage_files_pattern(ptp4l_t, timemaster_tmpfs_t, timemaster_tmpfs_t)
-fs_tmpfs_filetrans(ptp4l_t, timemaster_tmpfs_t, { dir file })
-
-corenet_udp_bind_generic_node(ptp4l_t)
-corenet_udp_bind_ptp_event_port(ptp4l_t)
-corenet_udp_bind_reserved_port(ptp4l_t)
-
-kernel_read_network_state(ptp4l_t)
-kernel_request_load_module(ptp4l_t)
-
-dev_rw_realtime_clock(ptp4l_t)
-
-files_write_generic_pid_sockets(ptp4l_t)
-
-logging_send_syslog_msg(ptp4l_t)
-
-userdom_users_dgram_send(ptp4l_t)
-
-optional_policy(`
-	chronyd_dgram_send(ptp4l_t)
-	chronyd_rw_shm(ptp4l_t)
-')
-
-optional_policy(`
-	gpsd_rw_shm(ptp4l_t)
-')