This is good to have for pretty much all domains, so remove the
individual calls and move it to test_general.te.
Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
policy/test_atsecure.te | 3 ---
policy/test_binder.te | 1 -
policy/test_binder_bpf.te | 1 -
policy/test_bpf.te | 1 -
policy/test_capable_file.te | 1 -
policy/test_dyntrace.te | 1 -
policy/test_dyntrans.te | 1 -
policy/test_entrypoint.te | 1 -
policy/test_execshare.te | 1 -
policy/test_exectrace.te | 1 -
policy/test_execute_no_trans.te | 1 -
policy/test_extended_socket_class.te | 1 -
policy/test_fdreceive.te | 1 -
policy/test_fdreceive_bpf.te | 1 -
policy/test_file.te | 1 -
policy/test_filesystem.te | 1 -
policy/test_global.te | 3 +++
policy/test_ibendport.te | 1 -
policy/test_ibpkey.te | 1 -
policy/test_inet_socket.te | 1 -
policy/test_inherit.te | 1 -
policy/test_ioctl.te | 1 -
policy/test_ipc.te | 1 -
policy/test_key_socket.te | 1 -
policy/test_keys.te | 1 -
policy/test_mac_admin.te | 1 -
policy/test_module_load.te | 1 -
policy/test_mqueue.te | 1 -
policy/test_netlink_socket.te | 1 -
policy/test_notify.te | 1 -
policy/test_open.te | 1 -
policy/test_perf_event.te | 1 -
policy/test_prlimit.te | 1 -
policy/test_ptrace.te | 1 -
policy/test_sctp.te | 1 -
policy/test_sigkill.te | 1 -
policy/test_task_create.te | 1 -
policy/test_task_getpgid.te | 1 -
policy/test_task_getsched.te | 1 -
policy/test_task_getsid.te | 1 -
policy/test_task_setpgid.te | 1 -
policy/test_task_setsched.te | 1 -
policy/test_transition.te | 3 ---
policy/test_tun_tap.te | 1 -
policy/test_unix_socket.te | 1 -
policy/test_userfaultfd.te | 1 -
policy/test_vsock_socket.te | 1 -
policy/test_watchkey.te | 1 -
48 files changed, 3 insertions(+), 51 deletions(-)
diff --git a/policy/test_atsecure.te b/policy/test_atsecure.te
index f7ab29a..90e58f1 100644
--- a/policy/test_atsecure.te
+++ b/policy/test_atsecure.te
@@ -35,6 +35,3 @@ allow_map(atsecuredomain, test_file_t, file)
# Only allow the allowed domain noatsecure permission to the
# new domain.
allow test_atsecure_allowed_t test_atsecure_newdomain_t:process noatsecure;
-
-# Allow all of these domains to be entered from the sysadm domain.
-userdom_sysadm_entry_spec_domtrans_to(atsecuredomain)
diff --git a/policy/test_binder.te b/policy/test_binder.te
index e74a2fc..096c467 100644
--- a/policy/test_binder.te
+++ b/policy/test_binder.te
@@ -99,4 +99,3 @@ allow_map(test_binder_client_no_transfer_t, device_t, chr_file)
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(binderdomain)
-userdom_sysadm_entry_spec_domtrans_to(binderdomain)
diff --git a/policy/test_binder_bpf.te b/policy/test_binder_bpf.te
index 8c04d19..2d91af2 100644
--- a/policy/test_binder_bpf.te
+++ b/policy/test_binder_bpf.te
@@ -62,4 +62,3 @@ allow_map(test_binder_client_no_bpf_perm_t, device_t, chr_file)
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(binderbpfdomain)
-userdom_sysadm_entry_spec_domtrans_to(binderbpfdomain)
diff --git a/policy/test_bpf.te b/policy/test_bpf.te
index 58daebd..fb21c29 100644
--- a/policy/test_bpf.te
+++ b/policy/test_bpf.te
@@ -62,4 +62,3 @@ allow test_bpf_deny_prog_run_t self:bpf { map_create map_read map_write prog_loa
############ Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(bpfdomain)
-userdom_sysadm_entry_spec_domtrans_to(bpfdomain)
diff --git a/policy/test_capable_file.te b/policy/test_capable_file.te
index 73ad856..9ce9487 100644
--- a/policy/test_capable_file.te
+++ b/policy/test_capable_file.te
@@ -40,7 +40,6 @@ libs_exec_lib_files(capabledomain)
# Allow test_file_t and bin_t to be entered from sysadm role
miscfiles_domain_entry_test_files(capabledomain)
-userdom_sysadm_entry_spec_domtrans_to(capabledomain)
corecmd_bin_entry_type(capabledomain)
sysadm_bin_spec_domtrans_to(capabledomain)
diff --git a/policy/test_dyntrace.te b/policy/test_dyntrace.te
index 28836b8..0a598a4 100644
--- a/policy/test_dyntrace.te
+++ b/policy/test_dyntrace.te
@@ -26,7 +26,6 @@ typeattribute test_dyntrace_notchild_t dyntracedomain;
# Allow test_files_t to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(dyntracedomain)
-userdom_sysadm_entry_spec_domtrans_to(dyntracedomain)
miscfiles_exec_test_files(dyntracedomain)
# Grant the necessary permissions for the child domain.
diff --git a/policy/test_dyntrans.te b/policy/test_dyntrans.te
index c749340..e4110c5 100644
--- a/policy/test_dyntrans.te
+++ b/policy/test_dyntrans.te
@@ -26,5 +26,4 @@ allow test_dyntrans_fromdomain_t test_dyntrans_todomain_t:process dyntransition;
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(dyntransdomain)
-userdom_sysadm_entry_spec_domtrans_to(dyntransdomain)
diff --git a/policy/test_entrypoint.te b/policy/test_entrypoint.te
index 28f4705..1fcbf0c 100644
--- a/policy/test_entrypoint.te
+++ b/policy/test_entrypoint.te
@@ -16,5 +16,4 @@ corecmd_exec_bin(test_entrypoint_t)
# Allow this domain to be entered via its entrypoint type.
domain_entry_file(test_entrypoint_t, test_entrypoint_execute_t)
-userdom_sysadm_entry_spec_domtrans_to(test_entrypoint_t)
diff --git a/policy/test_execshare.te b/policy/test_execshare.te
index 6d8b12e..22ed09f 100644
--- a/policy/test_execshare.te
+++ b/policy/test_execshare.te
@@ -22,7 +22,6 @@ typeattribute test_execshare_notchild_t execsharedomain;
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(execsharedomain)
-userdom_sysadm_entry_spec_domtrans_to(execsharedomain)
# Grant the necessary permissions for the child domain.
domain_entry_file_spec_domtrans(test_execshare_parent_t, test_execshare_child_t)
diff --git a/policy/test_exectrace.te b/policy/test_exectrace.te
index a4a8b96..302ba80 100644
--- a/policy/test_exectrace.te
+++ b/policy/test_exectrace.te
@@ -25,7 +25,6 @@ typeattribute test_exectrace_notchild_t exectracedomain;
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(exectracedomain)
-userdom_sysadm_entry_spec_domtrans_to(exectracedomain)
# Grant the necessary permissions for the child domain.
domain_entry_file_spec_domtrans(test_exectrace_parent_t, test_exectrace_child_t)
diff --git a/policy/test_execute_no_trans.te b/policy/test_execute_no_trans.te
index d0a46bc..e310353 100644
--- a/policy/test_execute_no_trans.te
+++ b/policy/test_execute_no_trans.te
@@ -18,7 +18,6 @@ testsuite_domain_type(test_execute_notrans_t);
# Allow this domain to be entered via the shell.
corecmd_shell_entry_type(test_execute_notrans_t)
-userdom_sysadm_entry_spec_domtrans_to(test_execute_notrans_t)
#Allow test_execute_notrans permissions to the allowed type
can_exec(test_execute_notrans_t,test_execute_notrans_allowed_t)
diff --git a/policy/test_extended_socket_class.te b/policy/test_extended_socket_class.te
index 75636ec..681a71d 100644
--- a/policy/test_extended_socket_class.te
+++ b/policy/test_extended_socket_class.te
@@ -57,4 +57,3 @@ kernel_request_load_module(extsocktestdomain)
# Entry into the test domains via the test program.
miscfiles_domain_entry_test_files(extsocktestdomain)
-userdom_sysadm_entry_spec_domtrans_to(extsocktestdomain)
diff --git a/policy/test_fdreceive.te b/policy/test_fdreceive.te
index e060ffd..9987503 100644
--- a/policy/test_fdreceive.te
+++ b/policy/test_fdreceive.te
@@ -32,7 +32,6 @@ typeattribute test_fdreceive_server_t fdreceivedomain;
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(fdreceivedomain)
-userdom_sysadm_entry_spec_domtrans_to(fdreceivedomain)
# Grant the necessary permissions for the server domain.
## Create the Unix domain socket file.
diff --git a/policy/test_fdreceive_bpf.te b/policy/test_fdreceive_bpf.te
index 5a23931..264a703 100644
--- a/policy/test_fdreceive_bpf.te
+++ b/policy/test_fdreceive_bpf.te
@@ -51,4 +51,3 @@ allow test_fdreceive_server_t test_fdreceive_bpf_client3_t:bpf { map_write };
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(fdreceivebpfdomain)
-userdom_sysadm_entry_spec_domtrans_to(fdreceivebpfdomain)
diff --git a/policy/test_file.te b/policy/test_file.te
index e20ae3e..9acc211 100644
--- a/policy/test_file.te
+++ b/policy/test_file.te
@@ -55,7 +55,6 @@ libs_exec_lib_files(fileopdomain)
# Allow all of these domains to be entered from sysadm domain
miscfiles_domain_entry_test_files(fileopdomain)
-userdom_sysadm_entry_spec_domtrans_to(fileopdomain)
corecmd_bin_entry_type(fileopdomain)
sysadm_bin_spec_domtrans_to(fileopdomain)
diff --git a/policy/test_filesystem.te b/policy/test_filesystem.te
index 71075fb..fd06d5d 100644
--- a/policy/test_filesystem.te
+++ b/policy/test_filesystem.te
@@ -413,4 +413,3 @@ allow test_move_mount_no_mounton_t dosfs_t:filesystem { associate };
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(filesystemdomain)
-userdom_sysadm_entry_spec_domtrans_to(filesystemdomain)
diff --git a/policy/test_global.te b/policy/test_global.te
index 03acc19..5ef3b02 100644
--- a/policy/test_global.te
+++ b/policy/test_global.te
@@ -40,6 +40,9 @@ term_use_all_terms(testsuite_domain)
allow testsuite_domain init_t:fd use;
allow testsuite_domain initrc_t:fd use;
+# Allow the test domain to be entered from sysadm_t
+userdom_sysadm_entry_spec_domtrans_to(testsuite_domain)
+
# Allow the test domains to access the test directory and files
# even if they are not root owned.
allow testsuite_domain self:capability { dac_override dac_read_search };
diff --git a/policy/test_ibendport.te b/policy/test_ibendport.te
index 674293f..a403be0 100644
--- a/policy/test_ibendport.te
+++ b/policy/test_ibendport.te
@@ -32,4 +32,3 @@ allow test_ibendport_manage_subnet_t test_ibendport_t:infiniband_endport manage_
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(ibendportdomain)
-userdom_sysadm_entry_spec_domtrans_to(ibendportdomain)
diff --git a/policy/test_ibpkey.te b/policy/test_ibpkey.te
index e65895f..de0f5e1 100644
--- a/policy/test_ibpkey.te
+++ b/policy/test_ibpkey.te
@@ -25,4 +25,3 @@ corenet_ib_access_unlabeled_pkeys(test_ibpkey_access_t)
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(ibpkeydomain)
-userdom_sysadm_entry_spec_domtrans_to(ibpkeydomain)
diff --git a/policy/test_inet_socket.te b/policy/test_inet_socket.te
index da507d1..dd0e83c 100644
--- a/policy/test_inet_socket.te
+++ b/policy/test_inet_socket.te
@@ -161,4 +161,3 @@ kernel_recvfrom_unlabeled_peer(inetsocketdomain)
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(inetsocketdomain)
-userdom_sysadm_entry_spec_domtrans_to(inetsocketdomain)
diff --git a/policy/test_inherit.te b/policy/test_inherit.te
index 31d719e..15ab8fc 100644
--- a/policy/test_inherit.te
+++ b/policy/test_inherit.te
@@ -33,7 +33,6 @@ typeattribute test_inherit_nowrite_t inheritdomain;
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(inheritdomain)
-userdom_sysadm_entry_spec_domtrans_to(inheritdomain)
# Grant the necessary permissions for the parent domain.
allow test_inherit_parent_t test_inherit_file_t:file rw_file_perms;
diff --git a/policy/test_ioctl.te b/policy/test_ioctl.te
index 24cff32..955695d 100644
--- a/policy/test_ioctl.te
+++ b/policy/test_ioctl.te
@@ -31,7 +31,6 @@ libs_exec_lib_files(ioctldomain)
# Allow all of these domains to be entered from sysadm domain
# via a shell script in the test directory or by....
miscfiles_domain_entry_test_files(ioctldomain)
-userdom_sysadm_entry_spec_domtrans_to(ioctldomain)
corecmd_bin_entry_type(ioctldomain)
sysadm_bin_spec_domtrans_to(ioctldomain)
diff --git a/policy/test_ipc.te b/policy/test_ipc.te
index 07f8b4a..f68d35c 100644
--- a/policy/test_ipc.te
+++ b/policy/test_ipc.te
@@ -68,7 +68,6 @@ fs_rw_tmpfs_files(ipcdomain)
# Allow all of these domains to be entered from user domains.
# via a shell script in the test directory or by another program.
miscfiles_domain_entry_test_files(ipcdomain)
-userdom_sysadm_entry_spec_domtrans_to(ipcdomain)
corecmd_bin_entry_type(ipcdomain)
sysadm_bin_spec_domtrans_to(ipcdomain)
diff --git a/policy/test_key_socket.te b/policy/test_key_socket.te
index fad5dfd..2763472 100644
--- a/policy/test_key_socket.te
+++ b/policy/test_key_socket.te
@@ -52,7 +52,6 @@ allow test_key_sock_no_read_t self:key_socket { create write setopt };
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(keysockdomain)
-userdom_sysadm_entry_spec_domtrans_to(keysockdomain)
# For CONFIG_NET_KEY=m
kernel_request_load_module(keysockdomain)
diff --git a/policy/test_keys.te b/policy/test_keys.te
index 142a70c..de1b46c 100644
--- a/policy/test_keys.te
+++ b/policy/test_keys.te
@@ -169,4 +169,3 @@ allow test_request_keys_no_link_t test_keyring_service_t:key { read write search
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(keydomain)
-userdom_sysadm_entry_spec_domtrans_to(keydomain)
diff --git a/policy/test_mac_admin.te b/policy/test_mac_admin.te
index e816b03..d63dc80 100644
--- a/policy/test_mac_admin.te
+++ b/policy/test_mac_admin.te
@@ -47,4 +47,3 @@ allow mac_admintestdomain unlabeled_t:dir { getattr create };
# Entry into the test domains via the test program.
corecmd_bin_entry_type(mac_admintestdomain)
-userdom_sysadm_entry_spec_domtrans_to(mac_admintestdomain)
diff --git a/policy/test_module_load.te b/policy/test_module_load.te
index bbb805a..770b2dd 100644
--- a/policy/test_module_load.te
+++ b/policy/test_module_load.te
@@ -46,4 +46,3 @@ neverallow test_kmodule_deny_module_request_t kernel_t:system { module_request }
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(kmoduledomain)
-userdom_sysadm_entry_spec_domtrans_to(kmoduledomain)
diff --git a/policy/test_mqueue.te b/policy/test_mqueue.te
index b9e84e7..ea3fa68 100644
--- a/policy/test_mqueue.te
+++ b/policy/test_mqueue.te
@@ -57,7 +57,6 @@ files_type(mqop_mqrw_t)
# basic permision for all mqopdomains
miscfiles_domain_entry_test_files(mqopdomain)
-userdom_sysadm_entry_spec_domtrans_to(mqopdomain)
corecmd_bin_entry_type(mqopdomain)
sysadm_bin_spec_domtrans_to(mqopdomain)
diff --git a/policy/test_netlink_socket.te b/policy/test_netlink_socket.te
index 0d6fc5e..589e372 100644
--- a/policy/test_netlink_socket.te
+++ b/policy/test_netlink_socket.te
@@ -43,7 +43,6 @@ netlink_socket_test(netlink_crypto_socket)
# Entry into the test domains via the test program.
miscfiles_domain_entry_test_files(netlinksocktestdomain)
-userdom_sysadm_entry_spec_domtrans_to(netlinksocktestdomain)
# Trigger kernel module auto-loading of the protocol implementations.
kernel_request_load_module(netlinksocktestdomain)
diff --git a/policy/test_notify.te b/policy/test_notify.te
index 86979a5..4ffd287 100644
--- a/policy/test_notify.te
+++ b/policy/test_notify.te
@@ -75,4 +75,3 @@ typeattribute test_rdonly_t test_notify_domain;
allow test_rdonly_t test_notify_file_t:dir { read open watch };
miscfiles_domain_entry_test_files(test_notify_domain)
-userdom_sysadm_entry_spec_domtrans_to(test_notify_domain)
diff --git a/policy/test_open.te b/policy/test_open.te
index acb31d8..0d662f0 100644
--- a/policy/test_open.te
+++ b/policy/test_open.te
@@ -31,4 +31,3 @@ allow test_append_t test_open_file_t:file append_file_perms;
# Allow all of these domains to be entered from sysadm domain
miscfiles_domain_entry_test_files(test_open_domain)
-userdom_sysadm_entry_spec_domtrans_to(test_open_domain)
diff --git a/policy/test_perf_event.te b/policy/test_perf_event.te
index 6d3828a..8a914ff 100644
--- a/policy/test_perf_event.te
+++ b/policy/test_perf_event.te
@@ -75,4 +75,3 @@ allow_lockdown_confidentiality(test_perf_no_write_t)
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(perfdomain)
-userdom_sysadm_entry_spec_domtrans_to(perfdomain)
diff --git a/policy/test_prlimit.te b/policy/test_prlimit.te
index 3f32136..4b6a5c8 100644
--- a/policy/test_prlimit.te
+++ b/policy/test_prlimit.te
@@ -43,4 +43,3 @@ prlimit_test(getrlimit)
# Entry into the test domains via the test program.
miscfiles_domain_entry_test_files(prlimittestdomain)
-userdom_sysadm_entry_spec_domtrans_to(prlimittestdomain)
diff --git a/policy/test_ptrace.te b/policy/test_ptrace.te
index 34aa636..f327cc5 100644
--- a/policy/test_ptrace.te
+++ b/policy/test_ptrace.te
@@ -36,7 +36,6 @@ allow test_ptrace_traced_t test_ptrace_tracer_t:process sigchld;
# Allow all of these domains to be entered from the sysadm domains.
# via a program in the test directory.
miscfiles_domain_entry_test_files(ptracedomain)
-userdom_sysadm_entry_spec_domtrans_to(ptracedomain)
# Allow execution of helper programs.
corecmd_exec_bin(ptracedomain)
diff --git a/policy/test_sctp.te b/policy/test_sctp.te
index 4c18c72..7b24b8c 100644
--- a/policy/test_sctp.te
+++ b/policy/test_sctp.te
@@ -234,4 +234,3 @@ allow sctpsocketdomain self:unix_dgram_socket { create ioctl };
############ Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(sctpsocketdomain)
-userdom_sysadm_entry_spec_domtrans_to(sctpsocketdomain)
diff --git a/policy/test_sigkill.te b/policy/test_sigkill.te
index a0dce3b..04bed89 100644
--- a/policy/test_sigkill.te
+++ b/policy/test_sigkill.te
@@ -41,7 +41,6 @@ allow test_kill_signal_t test_kill_server_t:process signal;
# Allow all of these domains to be entered from the sysadm domains,
# via kill or a program in the test directory.
miscfiles_domain_entry_test_files(killdomain)
-userdom_sysadm_entry_spec_domtrans_to(killdomain)
corecmd_bin_entry_type(killdomain)
sysadm_bin_spec_domtrans_to(killdomain)
diff --git a/policy/test_task_create.te b/policy/test_task_create.te
index eb51cd2..54acb50 100644
--- a/policy/test_task_create.te
+++ b/policy/test_task_create.te
@@ -25,4 +25,3 @@ typeattribute test_create_no_t test_create_d;
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_create_d)
-userdom_sysadm_entry_spec_domtrans_to(test_create_d)
diff --git a/policy/test_task_getpgid.te b/policy/test_task_getpgid.te
index 1f81f56..dad584e 100644
--- a/policy/test_task_getpgid.te
+++ b/policy/test_task_getpgid.te
@@ -26,7 +26,6 @@ typeattribute test_getpgid_no_t test_getpgid_d;
# Allow domain to be entered from the sysadm domain
miscfiles_domain_entry_test_files(test_getpgid_d)
-userdom_sysadm_entry_spec_domtrans_to(test_getpgid_d)
# Give test_getpgid_yes_t the permission needed.
allow test_getpgid_yes_t test_getpgid_target_t:process getpgid;
diff --git a/policy/test_task_getsched.te b/policy/test_task_getsched.te
index c67019b..f541d58 100644
--- a/policy/test_task_getsched.te
+++ b/policy/test_task_getsched.te
@@ -26,7 +26,6 @@ typeattribute test_getsched_no_t test_getsched_d;
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_getsched_d)
-userdom_sysadm_entry_spec_domtrans_to(test_getsched_d)
# Give test_getsched_yes_t the permission needed.
allow test_getsched_yes_t test_getsched_target_t:process getsched;
diff --git a/policy/test_task_getsid.te b/policy/test_task_getsid.te
index e5a62f8..8c21d9a 100644
--- a/policy/test_task_getsid.te
+++ b/policy/test_task_getsid.te
@@ -26,7 +26,6 @@ typeattribute test_getsid_no_t test_getsid_d;
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_getsid_d)
-userdom_sysadm_entry_spec_domtrans_to(test_getsid_d)
# Give test_getsid_yes_t the permission needed.
allow test_getsid_yes_t test_getsid_target_t:process getsession;
diff --git a/policy/test_task_setpgid.te b/policy/test_task_setpgid.te
index 8e98859..25e06d4 100644
--- a/policy/test_task_setpgid.te
+++ b/policy/test_task_setpgid.te
@@ -18,4 +18,3 @@ typeattribute test_setpgid_no_t test_setpgid_d;
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_setpgid_d)
-userdom_sysadm_entry_spec_domtrans_to(test_setpgid_d)
diff --git a/policy/test_task_setsched.te b/policy/test_task_setsched.te
index c30157e..432135e 100644
--- a/policy/test_task_setsched.te
+++ b/policy/test_task_setsched.te
@@ -28,7 +28,6 @@ typeattribute test_setsched_no_t test_setsched_d;
# Allow domain to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(test_setsched_d)
-userdom_sysadm_entry_spec_domtrans_to(test_setsched_d)
# Allow these domains to execute renice.
corecmd_bin_entry_type(test_setsched_d)
diff --git a/policy/test_transition.te b/policy/test_transition.te
index 8f1f4bf..4adc423 100644
--- a/policy/test_transition.te
+++ b/policy/test_transition.te
@@ -25,6 +25,3 @@ corecmd_bin_entry_type(transitiondomain)
domain_transition_pattern(test_transition_fromdomain_t,bin_t,test_transition_todomain_t)
allow test_transition_fromdomain_t test_transition_todomain_t:fd use;
allow test_transition_todomain_t test_transition_fromdomain_t:fd use;
-
-# Allow all of these domains to be entered from the sysadm domain.
-userdom_sysadm_entry_spec_domtrans_to(transitiondomain)
diff --git a/policy/test_tun_tap.te b/policy/test_tun_tap.te
index be317a2..e1aef8d 100644
--- a/policy/test_tun_tap.te
+++ b/policy/test_tun_tap.te
@@ -96,4 +96,3 @@ allow test_newcon_no_from_tun_tap_t test_tun_tap_t:process { dyntransition };
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(tuntapdomain)
-userdom_sysadm_entry_spec_domtrans_to(tuntapdomain)
diff --git a/policy/test_unix_socket.te b/policy/test_unix_socket.te
index 924475e..69720f0 100644
--- a/policy/test_unix_socket.te
+++ b/policy/test_unix_socket.te
@@ -61,4 +61,3 @@ typeattribute test_socketpair_t unixsocketdomain;
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(unixsocketdomain)
-userdom_sysadm_entry_spec_domtrans_to(unixsocketdomain)
diff --git a/policy/test_userfaultfd.te b/policy/test_userfaultfd.te
index 0ca733b..5cb7d1c 100644
--- a/policy/test_userfaultfd.te
+++ b/policy/test_userfaultfd.te
@@ -48,4 +48,3 @@ allow test_uffd_domain self:capability { sys_ptrace };
# Allow all of these domains to be executed
miscfiles_domain_entry_test_files(test_uffd_domain)
-userdom_sysadm_entry_spec_domtrans_to(test_uffd_domain)
diff --git a/policy/test_vsock_socket.te b/policy/test_vsock_socket.te
index abbcc0b..4bb989a 100644
--- a/policy/test_vsock_socket.te
+++ b/policy/test_vsock_socket.te
@@ -45,4 +45,3 @@ vsock_client(nosetopt, connect create getattr getopt read shutdown write)
# Allow all of these domains to be entered from the sysadm domain.
miscfiles_domain_entry_test_files(vsocksocketdomain)
-userdom_sysadm_entry_spec_domtrans_to(vsocksocketdomain)
diff --git a/policy/test_watchkey.te b/policy/test_watchkey.te
index 9fa5a70..101d68a 100644
--- a/policy/test_watchkey.te
+++ b/policy/test_watchkey.te
@@ -20,4 +20,3 @@ typeattribute test_watchkey_no_view_t watchkeydomain;
########### Allow these domains to be entered from sysadm domain ############
#
miscfiles_domain_entry_test_files(watchkeydomain)
-userdom_sysadm_entry_spec_domtrans_to(watchkeydomain)
--
2.37.1
