OXT-1696: refpolicy: General cleaning of the recipe and patches.

recipes-security/refpolicy/refpolicy-mcs-2.%/patches/blktap-interfaces.diff

@@ -1,7 +1,5 @@
-Index: refpolicy/policy/modules/contrib/qemu.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/qemu.te
-+++ refpolicy/policy/modules/contrib/qemu.te
+--- a/policy/modules/contrib/qemu.te
++++ b/policy/modules/contrib/qemu.te
 @@ -119,6 +119,11 @@ optional_policy(`
  # Unconfined local policy
  #
@@ -14,11 +12,9 @@ Index: refpolicy/policy/modules/contrib/qemu.te
  optional_policy(`
  	type unconfined_qemu_t;
  	typealias unconfined_qemu_t alias qemu_unconfined_t;
-Index: refpolicy/policy/modules/contrib/xen.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/xen.te
-+++ refpolicy/policy/modules/contrib/xen.te
-@@ -257,6 +257,15 @@ qemu_signull(xend_t)
+--- a/policy/modules/contrib/xen.te
++++ b/policy/modules/contrib/xen.te
+@@ -258,6 +258,15 @@ qemu_signull(xend_t)
  # transition to dmidecode
  dmidecode_domtrans(xend_t)
 
@@ -34,10 +30,8 @@ Index: refpolicy/policy/modules/contrib/xen.te
  kernel_read_kernel_sysctls(xend_t)
  kernel_read_system_state(xend_t)
  kernel_write_xen_state(xend_t)
-Index: refpolicy/policy/modules/roles/sysadm.te
-===================================================================
---- refpolicy.orig/policy/modules/roles/sysadm.te
-+++ refpolicy/policy/modules/roles/sysadm.te
+--- a/policy/modules/roles/sysadm.te
++++ b/policy/modules/roles/sysadm.te
 @@ -1084,6 +1084,10 @@ optional_policy(`
  ')
 
@@ -49,10 +43,8 @@ Index: refpolicy/policy/modules/roles/sysadm.te
  	thunderbird_role(sysadm_r, sysadm_t)
  ')
 
-Index: refpolicy/policy/modules/system/lvm.te
-===================================================================
---- refpolicy.orig/policy/modules/system/lvm.te
-+++ refpolicy/policy/modules/system/lvm.te
+--- a/policy/modules/system/lvm.te
++++ b/policy/modules/system/lvm.te
 @@ -346,6 +346,10 @@ ifdef(`distro_redhat',`
  ')
 

recipes-security/refpolicy/refpolicy-mcs-2.%/patches/busybox-mmap-read-execute-checks-from-new-domain.patch

@@ -1,7 +1,5 @@
-Index: refpolicy/policy/modules/system/hostname.te
-===================================================================
---- refpolicy.orig/policy/modules/system/hostname.te
-+++ refpolicy/policy/modules/system/hostname.te
+--- a/policy/modules/system/hostname.te
++++ b/policy/modules/system/hostname.te
 @@ -56,6 +56,12 @@ sysnet_dontaudit_rw_dhcpc_unix_stream_so
  sysnet_read_config(hostname_t)
  sysnet_dns_name_resolve(hostname_t)
@@ -15,11 +13,9 @@ Index: refpolicy/policy/modules/system/hostname.te
  ifdef(`distro_debian',`
  	term_dontaudit_use_unallocated_ttys(hostname_t)
  ')
-Index: refpolicy/policy/modules/system/sysnetwork.te
-===================================================================
---- refpolicy.orig/policy/modules/system/sysnetwork.te
-+++ refpolicy/policy/modules/system/sysnetwork.te
-@@ -356,6 +356,12 @@ sysnet_dontaudit_rw_dhcpc_udp_sockets(if
+--- a/policy/modules/system/sysnetwork.te
++++ b/policy/modules/system/sysnetwork.te
+@@ -357,6 +357,12 @@ sysnet_dontaudit_rw_dhcpc_udp_sockets(if
  userdom_use_user_terminals(ifconfig_t)
  userdom_use_all_users_fds(ifconfig_t)
 

recipes-security/refpolicy/refpolicy-mcs-2.%/patches/db-cmd-interfaces.diff

@@ -1,7 +1,5 @@
-Index: refpolicy/policy/modules/contrib/dnsmasq.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/dnsmasq.te
-+++ refpolicy/policy/modules/contrib/dnsmasq.te
+--- a/policy/modules/contrib/dnsmasq.te
++++ b/policy/modules/contrib/dnsmasq.te
 @@ -113,6 +113,8 @@ miscfiles_read_localization(dnsmasq_t)
  userdom_dontaudit_use_unpriv_user_fds(dnsmasq_t)
  userdom_dontaudit_search_user_home_dirs(dnsmasq_t)
@@ -11,10 +9,8 @@ Index: refpolicy/policy/modules/contrib/dnsmasq.te
  optional_policy(`
  	cobbler_read_lib_files(dnsmasq_t)
  ')
-Index: refpolicy/policy/modules/contrib/networkmanager.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/networkmanager.te
-+++ refpolicy/policy/modules/contrib/networkmanager.te
+--- a/policy/modules/contrib/networkmanager.te
++++ b/policy/modules/contrib/networkmanager.te
 @@ -229,6 +229,10 @@ optional_policy(`
  ')
 
@@ -26,10 +22,8 @@ Index: refpolicy/policy/modules/contrib/networkmanager.te
  	dbus_system_domain(NetworkManager_t, NetworkManager_exec_t)
 
  	optional_policy(`
-Index: refpolicy/policy/modules/roles/sysadm.te
-===================================================================
---- refpolicy.orig/policy/modules/roles/sysadm.te
-+++ refpolicy/policy/modules/roles/sysadm.te
+--- a/policy/modules/roles/sysadm.te
++++ b/policy/modules/roles/sysadm.te
 @@ -1260,6 +1260,10 @@ ifndef(`distro_redhat',`
  	')
 

recipes-security/refpolicy/refpolicy-mcs-2.%/patches/dbd-interfaces.diff

@@ -1,8 +1,6 @@
-Index: refpolicy/policy/modules/contrib/xen.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/xen.te
-+++ refpolicy/policy/modules/contrib/xen.te
-@@ -266,6 +266,8 @@ blktap_read_blk_file(xend_t)
+--- a/policy/modules/contrib/xen.te
++++ b/policy/modules/contrib/xen.te
+@@ -267,6 +267,8 @@ blktap_read_blk_file(xend_t)
  tapdisk_domtrans(xend_t)
  tapctl_domtrans(xend_t)
 
@@ -11,11 +9,9 @@ Index: refpolicy/policy/modules/contrib/xen.te
  kernel_read_kernel_sysctls(xend_t)
  kernel_read_system_state(xend_t)
  kernel_write_xen_state(xend_t)
-Index: refpolicy/policy/modules/system/init.te
-===================================================================
---- refpolicy.orig/policy/modules/system/init.te
-+++ refpolicy/policy/modules/system/init.te
-@@ -886,6 +886,10 @@ optional_policy(`
+--- a/policy/modules/system/init.te
++++ b/policy/modules/system/init.te
+@@ -888,6 +888,10 @@ optional_policy(`
  ')
 
  optional_policy(`
@@ -26,10 +22,8 @@ Index: refpolicy/policy/modules/system/init.te
  	dbus_connect_system_bus(initrc_t)
  	dbus_system_bus_client(initrc_t)
  	dbus_read_config(initrc_t)
-Index: refpolicy/policy/modules/system/unconfined.te
-===================================================================
---- refpolicy.orig/policy/modules/system/unconfined.te
-+++ refpolicy/policy/modules/system/unconfined.te
+--- a/policy/modules/system/unconfined.te
++++ b/policy/modules/system/unconfined.te
 @@ -84,6 +84,10 @@ optional_policy(`
  ')
 

recipes-security/refpolicy/refpolicy-mcs-2.%/patches/dev-xen-privcmd.patch

@@ -1,10 +1,8 @@
 # Xen 4.8 prefers use of /dev/xen/privcmd instead of /proc/xen/privcmd
 # so label it correctly and allow 'xl' access to it.
 # Other Xen device node labels (blktap-2, xenbus_backend) are also corrected.
-Index: refpolicy/policy/modules/kernel/devices.fc
-===================================================================
---- refpolicy.orig/policy/modules/kernel/devices.fc
-+++ refpolicy/policy/modules/kernel/devices.fc
+--- a/policy/modules/kernel/devices.fc
++++ b/policy/modules/kernel/devices.fc
 @@ -186,6 +186,9 @@ ifdef(`distro_suse', `
  /dev/xen/gntdev		-c	gen_context(system_u:object_r:xen_device_t,s0)
  /dev/xen/gntalloc	-c	gen_context(system_u:object_r:xen_device_t,s0)
@@ -15,11 +13,9 @@ Index: refpolicy/policy/modules/kernel/devices.fc
 
  ifdef(`distro_debian',`
  # this is a static /dev dir "backup mount"
-Index: refpolicy/policy/modules/contrib/xen.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/xen.te
-+++ refpolicy/policy/modules/contrib/xen.te
-@@ -687,6 +687,7 @@ corenet_tcp_sendrecv_soundd_port(xm_t)
+--- a/policy/modules/contrib/xen.te
++++ b/policy/modules/contrib/xen.te
+@@ -689,6 +689,7 @@ corenet_tcp_sendrecv_soundd_port(xm_t)
  dev_read_rand(xm_t)
  dev_read_urand(xm_t)
  dev_read_sysfs(xm_t)

recipes-security/refpolicy/refpolicy-mcs-2.%/patches/input-server-interfaces.diff

@@ -1,7 +1,5 @@
-Index: refpolicy/policy/modules/contrib/loadkeys.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/loadkeys.te
-+++ refpolicy/policy/modules/contrib/loadkeys.te
+--- a/policy/modules/contrib/loadkeys.te
++++ b/policy/modules/contrib/loadkeys.te
 @@ -49,5 +49,9 @@ optional_policy(`
  ')
 
@@ -12,10 +10,8 @@ Index: refpolicy/policy/modules/contrib/loadkeys.te
 +optional_policy(`
  	nscd_dontaudit_search_pid(loadkeys_t)
  ')
-Index: refpolicy/policy/modules/contrib/qemu.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/qemu.te
-+++ refpolicy/policy/modules/contrib/qemu.te
+--- a/policy/modules/contrib/qemu.te
++++ b/policy/modules/contrib/qemu.te
 @@ -96,6 +96,10 @@ tunable_policy(`qemu_full_network',`
  ')
 
@@ -27,11 +23,9 @@ Index: refpolicy/policy/modules/contrib/qemu.te
  	xserver_user_x_domain_template(qemu, qemu_t, qemu_tmpfs_t)
  ')
 
-Index: refpolicy/policy/modules/contrib/xen.te
-===================================================================
---- refpolicy.orig/policy/modules/contrib/xen.te
-+++ refpolicy/policy/modules/contrib/xen.te
-@@ -257,6 +257,10 @@ qemu_signull(xend_t)
+--- a/policy/modules/contrib/xen.te
++++ b/policy/modules/contrib/xen.te
+@@ -258,6 +258,10 @@ qemu_signull(xend_t)
  # transition to dmidecode
  dmidecode_domtrans(xend_t)
 
@@ -42,10 +36,8 @@ Index: refpolicy/policy/modules/contrib/xen.te
  blktap_getattr_blk_file(xend_t)
  blktap_relabel_blk_file(xend_t)
  # this may be a leaked fd or something, dontaudit?
-Index: refpolicy/policy/modules/system/fstools.te
-===================================================================
---- refpolicy.orig/policy/modules/system/fstools.te
-+++ refpolicy/policy/modules/system/fstools.te
+--- a/policy/modules/system/fstools.te
++++ b/policy/modules/system/fstools.te
 @@ -215,6 +215,10 @@ optional_policy(`
  	xen_rw_image_files(fsadm_t)
  ')
@@ -57,10 +49,8 @@ Index: refpolicy/policy/modules/system/fstools.te
  # leaked FDs from input-server
  term_dontaudit_use_unallocated_ttys(fsadm_t)
  optional_policy(`
-Index: refpolicy/policy/modules/system/lvm.te
-===================================================================
---- refpolicy.orig/policy/modules/system/lvm.te
-+++ refpolicy/policy/modules/system/lvm.te
+--- a/policy/modules/system/lvm.te
++++ b/policy/modules/system/lvm.te
 @@ -369,6 +369,11 @@ optional_policy(`
  	')
  ')
@@ -86,10 +76,8 @@ Index: refpolicy/policy/modules/system/lvm.te
  # leaked FDs from input-server
  optional_policy(`
  	kernel_dontaudit_read_xen_state(mount_t)
-Index: refpolicy/policy/modules/system/selinuxutil.te
-===================================================================
---- refpolicy.orig/policy/modules/system/selinuxutil.te
-+++ refpolicy/policy/modules/system/selinuxutil.te
+--- a/policy/modules/system/selinuxutil.te
++++ b/policy/modules/system/selinuxutil.te
 @@ -659,6 +659,11 @@ optional_policy(`
  	hotplug_use_fds(setfiles_t)
  ')