From 2925c1cc7f24d382d838bb18a8d95157fff71a8d Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Thu, 4 Aug 2016 11:37:10 -0700
Subject: [PATCH] te_macros: drop unused macros

boolean and setenforce macros are not used in base policy
and cannot be used in any policy, since they violate
neverallow rules.

Remove these from the policy.

Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 te_macros | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/te_macros b/te_macros
index 9600b5273..ec97b3fdf 100644
--- a/te_macros
+++ b/te_macros
@@ -232,22 +232,6 @@ allow $1 selinuxfs:file rw_file_perms;
 allow $1 kernel:security check_context;
 ')
 
-#####################################
-# selinux_setenforce(domain)
-# Allow domain to set SELinux to enforcing.
-define(`selinux_setenforce', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setenforce;
-')
-
-#####################################
-# selinux_setbool(domain)
-# Allow domain to set SELinux booleans.
-define(`selinux_setbool', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setbool;
-')
-
 #####################################
 # create_pty(domain)
 # Allow domain to create and use a pty, isolated from any other domain ptys.
-- 
GitLab