From 6c5928d65a340fe423b9b163dfe1b312a1c5fd5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Thu, 13 May 2021 17:18:07 +0200
Subject: [PATCH] Use correct interface or template declaration
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Following the guideline of interfaces not allowed to declare anything
and not use prefix parameters, declare interfaces doing so as templates.

Also declare templates not using those features and not calling
templates themselves as interfaces.

These changes originate from the discussion in
https://github.com/TresysTechnology/selint/issues/205 and are found by
new proposed SELint checks at
https://github.com/TresysTechnology/selint/pull/206.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 policy/modules/admin/kismet.if      | 2 +-
 policy/modules/apps/gnome.if        | 4 ++--
 policy/modules/apps/qemu.if         | 2 +-
 policy/modules/apps/wm.if           | 4 ++--
 policy/modules/services/dbus.if     | 8 ++++----
 policy/modules/services/git.if      | 2 +-
 policy/modules/services/rlogin.if   | 2 +-
 policy/modules/system/userdomain.if | 2 +-
 8 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/policy/modules/admin/kismet.if b/policy/modules/admin/kismet.if
index 8471ba5a6c..89a2d2348d 100644
--- a/policy/modules/admin/kismet.if
+++ b/policy/modules/admin/kismet.if
@@ -15,7 +15,7 @@
 ##	</summary>
 ## </param>
 #
-template(`kismet_role',`
+interface(`kismet_role',`
 	gen_require(`
 		type kismet_home_t, kismet_tmp_t, kismet_tmpfs_t;
 		type kismet_t;
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index f1e23402e7..c99eaea58c 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -670,7 +670,7 @@ interface(`gnome_dbus_chat_gconfd',`
 ##	</summary>
 ## </param>
 #
-interface(`gnome_dbus_chat_gkeyringd',`
+template(`gnome_dbus_chat_gkeyringd',`
 	gen_require(`
 		type $1_gkeyringd_t;
 		class dbus send_msg;
@@ -738,7 +738,7 @@ interface(`gnome_spec_domtrans_all_gkeyringd',`
 ##	</summary>
 ## </param>
 #
-interface(`gnome_stream_connect_gkeyringd',`
+template(`gnome_stream_connect_gkeyringd',`
 	gen_require(`
 		type $1_gkeyringd_t, gnome_keyring_tmp_t;
 	')
diff --git a/policy/modules/apps/qemu.if b/policy/modules/apps/qemu.if
index 34871b9bca..a8570a252d 100644
--- a/policy/modules/apps/qemu.if
+++ b/policy/modules/apps/qemu.if
@@ -109,7 +109,7 @@ template(`qemu_domain_template',`
 ##	</summary>
 ## </param>
 #
-template(`qemu_role',`
+interface(`qemu_role',`
 	gen_require(`
 		type qemu_t;
 	')
diff --git a/policy/modules/apps/wm.if b/policy/modules/apps/wm.if
index 538d6968fa..e0b7ec1286 100644
--- a/policy/modules/apps/wm.if
+++ b/policy/modules/apps/wm.if
@@ -139,7 +139,7 @@ interface(`wm_exec',`
 ##	</summary>
 ## </param>
 #
-interface(`wm_dbus_chat',`
+template(`wm_dbus_chat',`
 	gen_require(`
 		type $1_wm_t;
 		class dbus send_msg;
@@ -247,7 +247,7 @@ interface(`wm_application_domain',`
 ##	</summary>
 ## </param>
 #
-interface(`wm_write_pipes',`
+template(`wm_write_pipes',`
 	gen_require(`
 		type $1_wm_t;
 	')
diff --git a/policy/modules/services/dbus.if b/policy/modules/services/dbus.if
index 2ed53f2b08..a0da2bf2d1 100644
--- a/policy/modules/services/dbus.if
+++ b/policy/modules/services/dbus.if
@@ -190,7 +190,7 @@ interface(`dbus_connect_all_session_bus',`
 ##	</summary>
 ## </param>
 #
-interface(`dbus_connect_spec_session_bus',`
+template(`dbus_connect_spec_session_bus',`
 	gen_require(`
 		type $1_dbusd_t;
 		class dbus acquire_svc;
@@ -242,7 +242,7 @@ interface(`dbus_all_session_bus_client',`
 ##	</summary>
 ## </param>
 #
-interface(`dbus_spec_session_bus_client',`
+template(`dbus_spec_session_bus_client',`
 	gen_require(`
 		attribute dbusd_session_bus_client;
 		type $1_dbusd_t;
@@ -295,7 +295,7 @@ interface(`dbus_send_all_session_bus',`
 ##	</summary>
 ## </param>
 #
-interface(`dbus_send_spec_session_bus',`
+template(`dbus_send_spec_session_bus',`
 	gen_require(`
 		type $1_dbusd_t;
 		class dbus send_msg;
@@ -433,7 +433,7 @@ interface(`dbus_all_session_domain',`
 ##	</summary>
 ## </param>
 #
-interface(`dbus_spec_session_domain',`
+template(`dbus_spec_session_domain',`
 	gen_require(`
 		type $1_dbusd_t;
 	')
diff --git a/policy/modules/services/git.if b/policy/modules/services/git.if
index 1e29af1968..1f29cff336 100644
--- a/policy/modules/services/git.if
+++ b/policy/modules/services/git.if
@@ -15,7 +15,7 @@
 ##	</summary>
 ## </param>
 #
-template(`git_role',`
+interface(`git_role',`
 	gen_require(`
 		attribute_role git_session_roles;
 		type git_session_t, gitd_exec_t, git_user_content_t;
diff --git a/policy/modules/services/rlogin.if b/policy/modules/services/rlogin.if
index 050479dea0..0e1b364fb4 100644
--- a/policy/modules/services/rlogin.if
+++ b/policy/modules/services/rlogin.if
@@ -29,7 +29,7 @@ interface(`rlogin_domtrans',`
 ##	</summary>
 ## </param>
 #
-template(`rlogin_read_home_content',`
+interface(`rlogin_read_home_content',`
 	gen_require(`
 		type rlogind_home_t;
 	')
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index 978c1b875a..f9f8a5b28e 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1428,7 +1428,7 @@ template(`userdom_admin_user_template',`
 ##	</summary>
 ## </param>
 #
-template(`userdom_security_admin_template',`
+interface(`userdom_security_admin_template',`
 	allow $1 self:capability { dac_override dac_read_search };
 
 	corecmd_exec_shell($1)