James Morris wrote:
Could you also please add tests for this (at least one which should fail
and one which should succeed) to the Linux Test Project?
- James
Policies stored in ltp/testcases/kernel/security/selinux-testsuite/refpolicy/
invokes massive deprecated interfaces on selinux-policy-3.5.4.
This patch fixes them according to the warning messages which encourage to
replace older ones.
BTW, I'm not happy with the test_policy.pp does not allow to invoke test
scripts from unconfined_t domain. Is it to be fixed?
Thanks,
--
OSS Platform Development Division, NEC
KaiGai Kohei <kaigai@xxxxxxxxxxxxx>
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ipc.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ipc.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ipc.te (revision 2)
@@ -72,12 +72,12 @@
# Allow all of these domains to be entered from user domains.
# via a shell script in the test directory or by another program.
miscfiles_domain_entry_test_files(ipcdomain)
-userdom_sysadm_entry_spec_domtrans_to(ipcdomain)
+sysadm_entry_spec_domtrans(ipcdomain)
corecmd_bin_entry_type(ipcdomain)
-userdom_sysadm_bin_spec_domtrans_to(ipcdomain)
+sysadm_bin_spec_domtrans_to(ipcdomain)
allow test_ipc_base_t self:sem create_sem_perms;
allow test_ipc_base_t self:shm create_sem_perms;
allow test_ipc_base_t self:shm lock;
# ipcrm needs this...
-userdom_search_generic_user_home_dirs(test_ipc_base_t)
+unprivuser_search_home_dirs(test_ipc_base_t)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_file.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_file.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_file.te (revision 2)
@@ -43,7 +43,6 @@
# Allow execution of helper programs.
corecmd_exec_bin(fileopdomain)
-corecmd_exec_sbin(fileopdomain)
domain_exec_all_entry_files(fileopdomain)
libs_use_ld_so(fileopdomain)
libs_use_shared_libs(fileopdomain)
@@ -52,13 +51,13 @@
# Allow all of these domains to be entered from sysadm domain
miscfiles_domain_entry_test_files(fileopdomain)
-userdom_sysadm_entry_spec_domtrans_to(fileopdomain)
+sysadm_entry_spec_domtrans(fileopdomain)
corecmd_bin_entry_type(fileopdomain)
-userdom_sysadm_bin_spec_domtrans_to(fileopdomain)
+sysadm_bin_spec_domtrans_to(fileopdomain)
-corecmd_sbin_entry_type(fileopdomain)
-userdom_sysadm_sbin_spec_domtrans_to(fileopdomain)
+corecmd_bin_entry_type(fileopdomain)
+sysadm_bin_spec_domtrans_to(fileopdomain)
allow fileop_t fileop_exec_t:file entrypoint;
domain_auto_trans(test_fileop_t, fileop_exec_t, fileop_t)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_sysctl.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_sysctl.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_sysctl.te (revision 2)
@@ -19,8 +19,8 @@
# Allow all of these domains to be entered from sysadm domain
# via /sbin/sysctl.
-corecmd_sbin_entry_type(sysctldomain)
-userdom_sysadm_sbin_spec_domtrans_to(sysctldomain)
+corecmd_bin_entry_type(sysctldomain)
+sysadm_bin_spec_domtrans_to(sysctldomain)
# Allow the first domain to perform sysctl operations.
kernel_rw_all_sysctls(test_sysctl_t)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_create.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_create.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_create.te (revision 2)
@@ -24,10 +24,10 @@
typeattribute test_create_no_t test_create_d;
allow test_create_no_t self:process ~fork;
-allow test_create_no_t proc_t:dir r_dir_perms;
+allow test_create_no_t proc_t:dir list_dir_perms;
allow test_create_no_t proc_t:lnk_file read;
-allow test_create_no_t self:dir r_dir_perms;
-allow test_create_no_t self:notdevfile_class_set r_file_perms;
+allow test_create_no_t self:dir list_dir_perms;
+allow test_create_no_t self:notdevfile_class_set read_file_perms;
libs_use_ld_so(test_create_no_t)
libs_use_shared_libs(test_create_no_t)
@@ -35,14 +35,14 @@
allow test_create_no_t self:process setexec;
selinux_get_fs_mount(test_create_no_t)
-allow test_create_no_t { root_t bin_t sbin_t lib_t locale_t usr_t devpts_t home_root_t }:dir r_dir_perms;
-allow test_create_no_t lib_t:lnk_file r_file_perms;
+allow test_create_no_t { root_t bin_t sbin_t lib_t locale_t usr_t devpts_t home_root_t }:dir list_dir_perms;
+allow test_create_no_t lib_t:lnk_file read_file_perms;
allow test_create_no_t { devtty_t null_device_t zero_device_t }:chr_file rw_file_perms;
-allow test_create_no_t locale_t:dir r_dir_perms;
-allow test_create_no_t locale_t:{ file lnk_file } r_file_perms;
+allow test_create_no_t locale_t:dir list_dir_perms;
+allow test_create_no_t locale_t:{ file lnk_file } read_file_perms;
allow test_create_no_t privfd:fd use;
-userdom_use_sysadm_ptys(test_create_no_t)
-userdom_use_sysadm_ttys(test_create_no_t)
+sysadm_use_ptys(test_create_no_t)
+sysadm_use_ttys(test_create_no_t)
# General rules for the test_create_d
@@ -50,4 +50,4 @@
role sysadm_r types test_create_d;
role system_r types test_create_d;
miscfiles_domain_entry_test_files(test_create_d)
-userdom_sysadm_entry_spec_domtrans_to(test_create_d)
+sysadm_entry_spec_domtrans(test_create_d)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_capable_file.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_capable_file.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_capable_file.te (revision 2)
@@ -35,7 +35,6 @@
# Allow execution of helper programs.
corecmd_exec_bin(capabledomain)
-corecmd_exec_sbin(capabledomain)
domain_exec_all_entry_files(capabledomain)
files_exec_etc_files(capabledomain)
libs_use_ld_so(capabledomain)
@@ -45,9 +44,9 @@
# Allow test_file_t and bin_t to be entered from sysadm role
miscfiles_domain_entry_test_files(capabledomain)
-userdom_sysadm_entry_spec_domtrans_to(capabledomain)
+sysadm_entry_spec_domtrans(capabledomain)
corecmd_bin_entry_type(capabledomain)
-userdom_sysadm_bin_spec_domtrans_to(capabledomain)
+sysadm_bin_spec_domtrans_to(capabledomain)
# Allow these domains to create a temporay file.
allow capabledomain test_file_t:file { setattr rw_file_perms };
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_setnice.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_setnice.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_setnice.te (revision 2)
@@ -25,7 +25,6 @@
# Allow execution of helper programs.
corecmd_exec_bin(setnicedomain)
-corecmd_exec_sbin(setnicedomain)
domain_exec_all_entry_files(setnicedomain)
files_exec_etc_files(setnicedomain)
libs_use_ld_so(setnicedomain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_fdreceive.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_fdreceive.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_fdreceive.te (revision 2)
@@ -35,7 +35,7 @@
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(fdreceivedomain)
-userdom_sysadm_entry_spec_domtrans_to(fdreceivedomain)
+sysadm_entry_spec_domtrans(fdreceivedomain)
# Grant the necessary permissions for the server domain.
## Create the Unix domain socket file.
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_link.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_link.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_link.te (revision 2)
@@ -69,5 +69,5 @@
# Allow all of these domains to be entered from sysadm domain
corecmd_bin_entry_type(test_link_domain)
-userdom_sysadm_bin_spec_domtrans_to(test_link_domain)
+sysadm_bin_spec_domtrans_to(test_link_domain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_sigkill.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_sigkill.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_sigkill.te (revision 2)
@@ -43,7 +43,7 @@
# Allow all of these domains to be entered from the sysadm domains,
# via kill or a program in the test directory.
miscfiles_domain_entry_test_files(killdomain)
-userdom_sysadm_entry_spec_domtrans_to(killdomain)
+sysadm_entry_spec_domtrans(killdomain)
corecmd_bin_entry_type(killdomain)
-userdom_sysadm_bin_spec_domtrans_to(killdomain)
+sysadm_bin_spec_domtrans_to(killdomain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_global.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_global.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_global.te (revision 2)
@@ -13,7 +13,7 @@
# Allow the test domains to access the sysadm terminal.
# This allows read and write sysadm ttys and ptys.
-userdom_use_sysadm_terms(testdomain)
+sysadm_use_terms(testdomain)
# Allow the test domains to access the test directory and files
# even if they are not root owned.
@@ -64,9 +64,9 @@
type null_device_t;
type zero_device_t;
}
-allow testdomain { root_t etc_t bin_t sbin_t lib_t usr_t devpts_t }:dir r_dir_perms;
-allow testdomain lib_t:{ file lnk_file } r_file_perms;
-allow testdomain etc_t:file r_file_perms;
+allow testdomain { root_t etc_t bin_t sbin_t lib_t usr_t devpts_t }:dir list_dir_perms;
+allow testdomain lib_t:{ file lnk_file } read_file_perms;
+allow testdomain etc_t:file read_file_perms;
allow testdomain { devtty_t null_device_t zero_device_t }:chr_file rw_file_perms;
miscfiles_read_localization(testdomain)
domain_use_interactive_fds(testdomain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_open.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_open.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_open.te (revision 2)
@@ -32,4 +32,4 @@
# Allow all of these domains to be entered from sysadm domain
miscfiles_domain_entry_test_files(test_open_domain)
-userdom_sysadm_entry_spec_domtrans_to(test_open_domain)
+sysadm_entry_spec_domtrans(test_open_domain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getsid.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getsid.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getsid.te (revision 2)
@@ -25,7 +25,7 @@
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_getsid_d)
-userdom_sysadm_entry_spec_domtrans_to(test_getsid_d)
+sysadm_entry_spec_domtrans(test_getsid_d)
# Give test_getsid_yes_t the permission needed.
allow test_getsid_yes_t test_getsid_target_t:process getsession;
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_inherit.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_inherit.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_inherit.te (revision 2)
@@ -37,7 +37,7 @@
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(inheritdomain)
-userdom_sysadm_entry_spec_domtrans_to(inheritdomain)
+sysadm_entry_spec_domtrans(inheritdomain)
# Grant the necessary permissions for the parent domain.
allow test_inherit_parent_t test_inherit_file_t:file rw_file_perms;
@@ -61,4 +61,4 @@
allow test_inherit_nowrite_t test_inherit_parent_t:fd use;
allow test_inherit_nowrite_t test_inherit_parent_t:fifo_file rw_file_perms;
allow test_inherit_nowrite_t test_inherit_parent_t:process sigchld;
-allow test_inherit_nowrite_t test_inherit_file_t:file r_file_perms;
+allow test_inherit_nowrite_t test_inherit_file_t:file read_file_perms;
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getpgid.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getpgid.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getpgid.te (revision 2)
@@ -25,7 +25,7 @@
# Allow domain to be entered from the sysadm domain
miscfiles_domain_entry_test_files(test_getpgid_d)
-userdom_sysadm_entry_spec_domtrans_to(test_getpgid_d)
+sysadm_entry_spec_domtrans(test_getpgid_d)
# Give test_getpgid_yes_t the permission needed.
allow test_getpgid_yes_t test_getpgid_target_t:process getpgid;
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_relabel.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_relabel.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_relabel.te (revision 2)
@@ -40,5 +40,5 @@
# Allow all of these domains to be entered from sysadm domain
corecmd_bin_entry_type(test_relabel_domain)
-userdom_sysadm_bin_spec_domtrans_to(test_relabel_domain)
+sysadm_bin_spec_domtrans_to(test_relabel_domain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_execshare.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_execshare.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_execshare.te (revision 2)
@@ -25,7 +25,7 @@
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(execsharedomain)
-userdom_sysadm_entry_spec_domtrans_to(execsharedomain)
+sysadm_entry_spec_domtrans(execsharedomain)
# Grant the necessary permissions for the child domain.
domain_entry_file_spec_domtrans(test_execshare_parent_t, test_execshare_child_t)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getsched.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getsched.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_getsched.te (revision 2)
@@ -25,7 +25,7 @@
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_getsched_d)
-userdom_sysadm_entry_spec_domtrans_to(test_getsched_d)
+sysadm_entry_spec_domtrans(test_getsched_d)
# Give test_getsched_yes_t the permission needed.
allow test_getsched_yes_t test_getsched_target_t:process getsched;
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_dyntrace.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_dyntrace.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_dyntrace.te (revision 2)
@@ -28,7 +28,7 @@
# Allow test_files_t to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(dyntracedomain)
-userdom_sysadm_entry_spec_domtrans_to(dyntracedomain)
+sysadm_entry_spec_domtrans(dyntracedomain)
miscfiles_exec_test_files(dyntracedomain)
# Grant the necessary permissions for the child domain.
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ioctl.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ioctl.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ioctl.te (revision 2)
@@ -23,7 +23,6 @@
# Allow execution of helper programs.
corecmd_exec_bin(ioctldomain)
-corecmd_exec_sbin(ioctldomain)
domain_exec_all_entry_files(ioctldomain)
files_exec_etc_files(ioctldomain)
libs_use_ld_so(ioctldomain)
@@ -34,9 +33,9 @@
# Allow all of these domains to be entered from sysadm domain
# via a shell script in the test directory or by....
miscfiles_domain_entry_test_files(ioctldomain)
-userdom_sysadm_entry_spec_domtrans_to(ioctldomain)
+sysadm_entry_spec_domtrans(ioctldomain)
corecmd_bin_entry_type(ioctldomain)
-userdom_sysadm_bin_spec_domtrans_to(ioctldomain)
+sysadm_bin_spec_domtrans_to(ioctldomain)
# Allow the test domains some access to the temp file
allow test_ioctl_t test_ioctl_file_t:file { read getattr setattr ioctl };
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_entrypoint.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_entrypoint.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_entrypoint.te (revision 2)
@@ -17,5 +17,4 @@
# Allow this domain to be entered via its entrypoint type.
domain_entry_file(test_entrypoint_t, test_entrypoint_execute_t)
-userdom_sysadm_entry_spec_domtrans_to(test_entrypoint_t)
-
+sysadm_entry_spec_domtrans(test_entrypoint_t)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ptrace.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ptrace.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_ptrace.te (revision 2)
@@ -27,7 +27,7 @@
# Allow the tracer domain to trace the traced domain.
allow test_ptrace_tracer_t test_ptrace_traced_t:process ptrace;
-userdom_search_generic_user_home_dirs(test_ptrace_traced_t)
+unprivuser_search_home_dirs(test_ptrace_traced_t)
# Let the tracer wait on the traced domain.
allow test_ptrace_traced_t test_ptrace_tracer_t:process sigchld;
@@ -35,4 +35,4 @@
# Allow all of these domains to be entered from the sysadm domains.
# via a program in the test directory.
miscfiles_domain_entry_test_files(ptracedomain)
-userdom_sysadm_entry_spec_domtrans_to(ptracedomain)
+sysadm_entry_spec_domtrans(ptracedomain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_setpgid.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_setpgid.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_setpgid.te (revision 2)
@@ -18,27 +18,28 @@
typeattribute test_setpgid_no_t test_setpgid_d;
allow test_setpgid_no_t self:process ~{ setpgid setcurrent };
-allow test_setpgid_no_t proc_t:dir r_dir_perms;
+allow test_setpgid_no_t proc_t:dir list_dir_perms;
allow test_setpgid_no_t proc_t:lnk_file read;
-allow test_setpgid_no_t self:dir r_dir_perms;
-allow test_setpgid_no_t self:notdevfile_class_set r_file_perms;
+allow test_setpgid_no_t self:dir list_dir_perms;
+allow test_setpgid_no_t self:notdevfile_class_set read_file_perms;
libs_use_ld_so(test_setpgid_no_t)
libs_use_shared_libs(test_setpgid_no_t)
allow test_setpgid_no_t self:process setexec;
selinux_get_fs_mount(test_setpgid_no_t)
-allow test_setpgid_no_t { root_t bin_t sbin_t lib_t locale_t usr_t devpts_t home_root_t }:dir r_dir_perms;
-allow test_setpgid_no_t lib_t:lnk_file r_file_perms;
+allow test_setpgid_no_t { root_t bin_t sbin_t lib_t locale_t usr_t devpts_t home_root_t }:dir list_dir_perms;
+allow test_setpgid_no_t lib_t:lnk_file read_file_perms;
allow test_setpgid_no_t { devtty_t null_device_t zero_device_t }:chr_file rw_file_perms;
-allow test_setpgid_no_t locale_t:dir r_dir_perms;
-allow test_setpgid_no_t locale_t:{ file lnk_file } r_file_perms;
+allow test_setpgid_no_t locale_t:dir list_dir_perms;
+allow test_setpgid_no_t locale_t:{ file lnk_file } read_file_perms;
allow test_setpgid_no_t privfd:fd use;
-userdom_use_sysadm_ptys(test_setpgid_no_t)
-userdom_use_sysadm_ttys(test_setpgid_no_t)
+sysadm_use_ptys(test_setpgid_no_t)
+sysadm_use_ttys(test_setpgid_no_t)
# Allow domain to be entered from the sysadm domain.
role sysadm_r types test_setpgid_d;
role system_r types test_setpgid_d;
miscfiles_domain_entry_test_files(test_setpgid_d)
-userdom_sysadm_entry_spec_domtrans_to(test_setpgid_d)
+sysadm_entry_spec_domtrans(test_setpgid_d)
+userdom_entry_spec_domtrans_unpriv_users(test_setpgid_d)
\ No newline at end of file
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_setsched.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_setsched.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_task_setsched.te (revision 2)
@@ -26,7 +26,7 @@
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_setsched_d)
-userdom_sysadm_entry_spec_domtrans_to(test_setsched_d)
+sysadm_entry_spec_domtrans(test_setsched_d)
# Allow these domains to execute renice.
corecmd_bin_entry_type(test_setsched_d)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_setattr.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_setattr.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_setattr.te (revision 2)
@@ -27,5 +27,5 @@
# Allow all of these domains to be entered from sysadm domain
corecmd_bin_entry_type(test_setattr_domain)
-userdom_sysadm_bin_spec_domtrans_to(test_setattr_domain)
+sysadm_bin_spec_domtrans_to(test_setattr_domain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_transition.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_transition.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_transition.te (revision 2)
@@ -30,4 +30,4 @@
allow test_transition_todomain_t test_transition_fromdomain_t:fd use;
# Allow all of these domains to be entered from the sysadm domain.
-userdom_sysadm_entry_spec_domtrans_to(transitiondomain)
+sysadm_entry_spec_domtrans(transitiondomain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_capable_net.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_capable_net.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_capable_net.te (revision 2)
@@ -28,7 +28,7 @@
corenet_raw_sendrecv_all_nodes(capabledomain)
corenet_tcp_sendrecv_all_ports(capabledomain)
corenet_udp_sendrecv_all_ports(capabledomain)
-corenet_non_ipsec_sendrecv(capabledomain)
+corenet_all_recvfrom_unlabeled(capabledomain)
corenet_tcp_bind_all_nodes(capabledomain)
corenet_udp_bind_all_nodes(capabledomain)
sysnet_read_config(capabledomain)
@@ -44,8 +44,8 @@
allow capabledomain hi_reserved_port_t:tcp_socket name_bind;
# Allow sbin_t to be entered from admin via certain utils.
-corecmd_sbin_entry_type(capabledomain)
-userdom_sysadm_sbin_spec_domtrans_to(capabledomain)
+corecmd_bin_entry_type(capabledomain)
+sysadm_bin_spec_domtrans_to(capabledomain)
require {
type ifconfig_exec_t;
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_dyntrans.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_dyntrans.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_dyntrans.te (revision 2)
@@ -28,5 +28,4 @@
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(dyntransdomain)
-userdom_sysadm_entry_spec_domtrans_to(dyntransdomain)
-
+sysadm_entry_spec_domtrans(dyntransdomain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_exectrace.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_exectrace.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_exectrace.te (revision 2)
@@ -28,7 +28,7 @@
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(exectracedomain)
-userdom_sysadm_entry_spec_domtrans_to(exectracedomain)
+sysadm_entry_spec_domtrans(exectracedomain)
# Grant the necessary permissions for the child domain.
domain_entry_file_spec_domtrans(test_exectrace_parent_t, test_exectrace_child_t)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_wait.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_wait.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_wait.te (revision 2)
@@ -25,7 +25,7 @@
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(waitdomain)
-userdom_sysadm_entry_spec_domtrans_to(waitdomain)
+sysadm_entry_spec_domtrans(waitdomain)
# Grant permissions for a domain transition from parent to child,
# including the ability to wait on the child.
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_execute_no_trans.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_execute_no_trans.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_execute_no_trans.te (revision 2)
@@ -19,8 +19,8 @@
# Allow this domain to be entered via the shell.
corecmd_shell_entry_type(test_execute_notrans_t)
-userdom_sysadm_entry_spec_domtrans_to(test_execute_notrans_t)
+sysadm_entry_spec_domtrans(test_execute_notrans_t)
#Allow test_execute_notrans permissions to the allowed type
can_exec(test_execute_notrans_t,test_execute_notrans_allowed_t)
-allow test_execute_notrans_t test_execute_notrans_denied_t:file rx_file_perms;
+allow test_execute_notrans_t test_execute_notrans_denied_t:file { mmap_file_perms ioctl lock };
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_mkdir.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_mkdir.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_mkdir.te (revision 2)
@@ -56,4 +56,4 @@
# Allow all of these domains to be entered from sysadm domain
corecmd_bin_entry_type(test_mkdir_domain)
-userdom_sysadm_bin_spec_domtrans_to(test_mkdir_domain)
+sysadm_bin_spec_domtrans_to(test_mkdir_domain)
Index: ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_rename.te
===================================================================
--- ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_rename.te (revision 1)
+++ ltp/testcases/kernel/security/selinux-testsuite/refpolicy/test_rename.te (revision 2)
@@ -103,5 +103,5 @@
# Allow all of these domains to be entered from sysadm domain
corecmd_bin_entry_type(test_rename_domain)
-userdom_sysadm_bin_spec_domtrans_to(test_rename_domain)
+sysadm_bin_spec_domtrans_to(test_rename_domain)
