From 9108d1aed59503c3447ca64632e31426632753e7 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Thu, 4 Aug 2016 11:37:10 -0700
Subject: [PATCH] te_macros: drop unused macros

(cherry picked from commit 2925c1cc7f24d382d838bb18a8d95157fff71a8d)

boolean and setenforce macros are not used in base policy
and cannot be used in any policy, since they violate
neverallow rules.

Remove these from the policy.

Change-Id: Icc0780eaf06e95af36306031e1f615b05cb79869
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 te_macros | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/te_macros b/te_macros
index 110ec6709..f22e00951 100644
--- a/te_macros
+++ b/te_macros
@@ -249,22 +249,6 @@ allow $1 selinuxfs:file w_file_perms;
 allow $1 kernel:security check_context;
 ')
 
-#####################################
-# selinux_setenforce(domain)
-# Allow domain to set SELinux to enforcing.
-define(`selinux_setenforce', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setenforce;
-')
-
-#####################################
-# selinux_setbool(domain)
-# Allow domain to set SELinux booleans.
-define(`selinux_setbool', `
-allow $1 selinuxfs:file rw_file_perms;
-allow $1 kernel:security setbool;
-')
-
 #####################################
 # create_pty(domain)
 # Allow domain to create and use a pty, isolated from any other domain ptys.
-- 
GitLab