diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/patches/uid-interfaces.diff b/recipes-security/refpolicy/refpolicy-mcs-2.%/patches/uid-interfaces.diff
deleted file mode 100644
index 33cef3007f..0000000000
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/patches/uid-interfaces.diff
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/policy/modules/services/networkmanager.te
-+++ b/policy/modules/services/networkmanager.te
-@@ -392,6 +392,10 @@ optional_policy(`
- ')
-
- optional_policy(`
-+ uid_dbus_send(NetworkManager_t)
-+')
-+
-+optional_policy(`
- vpn_domtrans(NetworkManager_t)
- vpn_kill(NetworkManager_t)
- vpn_signal(NetworkManager_t)
---- a/policy/modules/system/xen.te
-+++ b/policy/modules/system/xen.te
-@@ -281,6 +281,7 @@ tapdisk_filetrans_control_dir(xend_t)
-
- dbd_dbus_chat(xend_t)
- surfman_dbus_chat(xend_t)
-+uid_dbus_chat(xend_t)
-
- kernel_read_kernel_sysctls(xend_t)
- kernel_read_system_state(xend_t)
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/patches/vusb-interfaces.diff b/recipes-security/refpolicy/refpolicy-mcs-2.%/patches/vusb-interfaces.diff
index 956e28e5f5..c8cde238c7 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/patches/vusb-interfaces.diff
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/patches/vusb-interfaces.diff
@@ -10,4 +10,3 @@
+
dbd_dbus_chat(xend_t)
surfman_dbus_chat(xend_t)
- uid_dbus_chat(xend_t)
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules-openxt.conf b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules-openxt.conf
index 8c270228ea..9f31ebf16e 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules-openxt.conf
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules-openxt.conf
@@ -88,6 +88,13 @@ language-sync = module
#
network-daemon = module
+# Layer: services
+# Module: quark
+#
+# quark daemon
+#
+quark = module
+
# Layer: services
# Module: surfman
#
@@ -116,13 +123,6 @@ tpmsetup = module
#
tpmutil = module
-# Layer: services
-# Module: uid
-#
-# uid daemon
-#
-uid = module
-
# Layer: services
# Module: updatemgr
#
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.fc b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.fc
similarity index 88%
rename from recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.fc
rename to recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.fc
index bda87f5d18..e52e63a8c3 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.fc
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.fc
@@ -18,5 +18,4 @@
#
#############################################################################
-/usr/bin/uid -- gen_context(system_u:object_r:uid_exec_t,s0)
-/etc/uid\.conf -- gen_context(system_u:object_r:uid_etc_t,s0)
+/usr/bin/quark -- gen_context(system_u:object_r:quark_exec_t,s0)
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.if b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.if
similarity index 74%
rename from recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.if
rename to recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.if
index 06a2da80fc..aa8a996e18 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.if
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.if
@@ -18,44 +18,44 @@
#
#############################################################################
-## uid daemon
+## quark daemon
#######################################
##
-## Send messages to uid over dbus.
+## Send messages to quark over dbus.
##
##
##
-## The type of the process sending messages to uid over dbus.
+## The type of the process sending messages to quark over dbus.
##
##
#
-interface(`uid_dbus_send',`
+interface(`quark_dbus_send',`
gen_require(`
- type uid_t;
+ type quark_t;
class dbus send_msg;
')
- allow $1 uid_t:dbus send_msg;
+ allow $1 quark_t:dbus send_msg;
')
#######################################
##
-## Exchange messages with uid over dbus.
+## Exchange messages with quark over dbus.
##
##
##
-## The type of the process chatting with uid over dbus.
+## The type of the process chatting with quark over dbus.
##
##
#
-interface(`uid_dbus_chat',`
+interface(`quark_dbus_chat',`
gen_require(`
- type uid_t;
+ type quark_t;
class dbus send_msg;
')
- allow $1 uid_t:dbus send_msg;
- allow uid_t $1:dbus send_msg;
+ allow $1 quark_t:dbus send_msg;
+ allow quark_t $1:dbus send_msg;
')
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.te b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.te
similarity index 56%
rename from recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.te
rename to recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.te
index 2e668449c5..0e5800b77a 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/uid.te
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/quark.te
@@ -18,39 +18,23 @@
#
#############################################################################
-policy_module(uid, 0.1)
+policy_module(quark, 0.1)
-type uid_t;
-type uid_exec_t;
+type quark_t;
+type quark_exec_t;
-init_daemon_domain(uid_t, uid_exec_t);
+init_daemon_domain(quark_t, quark_exec_t);
-type uid_tmp_t;
-files_tmp_file(uid_tmp_t)
-files_tmp_filetrans(uid_t, uid_tmp_t, file)
+xc_files_rw_v4v_chr(quark_t)
+logging_send_syslog_msg(quark_t)
-type uid_etc_t;
-files_config_file(uid_etc_t)
+# quark spawns a new child process for each file it
+# serves. allow it to configure these processes.
+allow quark_t self:process { rlimitinh setpgid setrlimit siginh };
-allow uid_t uid_etc_t:file read_file_perms;
+# the files are served from the dir provided on the cmdline.
+# quark chroots to that dir to handle relative pathnames.
+allow quark_t self:capability sys_chroot;
-dbus_connect_system_bus(uid_t)
-dbus_system_bus_client(uid_t)
-vusbd_dbus_chat(uid_t)
-surfman_dbus_chat(uid_t)
-xen_dbus_chat(uid_t)
-optional_policy('
- hal_dbus_chat(uid_t)
-')
-input_server_dbus_chat(uid_t)
-rpcproxy_websockets_dbus_chat(uid_t)
-
-xc_files_rw_argo_chr(uid_t)
-# consider DONTAUDIT
-xc_getattr_service_disk_dir(uid_t)
-xc_search_storage(uid_t)
-
-xen_stream_connect_xenstore(uid_t)
-logging_send_syslog_msg(uid_t)
-
-corecmd_search_bin(uid_t)
+# allow to signal itself (on shutdown)
+allow quark_t self:process signal;
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/rpcproxy.te b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/rpcproxy.te
index 58f1db4546..dbdf81327f 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/rpcproxy.te
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/rpcproxy.te
@@ -133,8 +133,8 @@ xen_dbus_chat(rpcproxy_websockets_t)
network_daemon_dbus_chat(rpcproxy_websockets_t)
xenpmd_dbus_chat(rpcproxy_websockets_t)
# Note: rpcproxy_websockets_t is also allowed to chat
-# with statusreport_t and uid_t via rpcproxy_websockets_dbus_chat() calls
-# in statusreport.te and uid.te.
+# with statusreport_t via rpcproxy_websockets_dbus_chat() calls
+# in statusreport.te.
# Execute openssl via a WebSocket.
# TODO: Assign openssl its own type so that we can limit what other binaries
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/updatemgr.te b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/updatemgr.te
index d8a9a969f5..4fd504207f 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/updatemgr.te
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/updatemgr.te
@@ -62,7 +62,6 @@ kernel_read_vm_overcommit_sysctl(updatemgr_t)
logging_send_syslog_msg(updatemgr_t)
dbd_dbus_chat(updatemgr_t)
-uid_dbus_chat(updatemgr_t)
xc_installer_delete(updatemgr_t)
xc_installer_domtrans(updatemgr_t)
xc_read_etc_files(updatemgr_t)
diff --git a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/xenpmd.te b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/xenpmd.te
index ba216217da..5dc0fb316e 100644
--- a/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/xenpmd.te
+++ b/recipes-security/refpolicy/refpolicy-mcs-2.%/policy/modules/services/xenpmd.te
@@ -48,7 +48,6 @@ files_config_file(xenpmd_etc_t)
dbus_system_bus_client(xenpmd_t)
dbus_connect_system_bus(xenpmd_t)
dbus_send_system_bus(xenpmd_t)
-uid_dbus_chat(xenpmd_t)
surfman_dbus_chat(xenpmd_t)
rpcproxy_websockets_dbus_chat(xenpmd_t)
dbd_dbus_chat(xenpmd_t)
diff --git a/recipes-security/refpolicy/refpolicy-mcs_2.%.bbappend b/recipes-security/refpolicy/refpolicy-mcs_2.%.bbappend
index 6958fe6e06..5ffe757397 100644
--- a/recipes-security/refpolicy/refpolicy-mcs_2.%.bbappend
+++ b/recipes-security/refpolicy/refpolicy-mcs_2.%.bbappend
@@ -55,15 +55,15 @@ SRC_URI += " \
file://policy/modules/services/network-daemon.fc \
file://policy/modules/services/network-daemon.if \
file://policy/modules/services/network-daemon.te \
+ file://policy/modules/services/quark.fc \
+ file://policy/modules/services/quark.if \
+ file://policy/modules/services/quark.te \
file://policy/modules/services/rpcproxy.fc \
file://policy/modules/services/rpcproxy.if \
file://policy/modules/services/rpcproxy.te \
file://policy/modules/services/surfman.fc \
file://policy/modules/services/surfman.if \
file://policy/modules/services/surfman.te \
- file://policy/modules/services/uid.fc \
- file://policy/modules/services/uid.if \
- file://policy/modules/services/uid.te \
file://policy/modules/services/updatemgr.fc \
file://policy/modules/services/updatemgr.if \
file://policy/modules/services/updatemgr.te \
@@ -145,7 +145,6 @@ SRC_URI += " \
file://patches/sysutils-interfaces.diff \
file://patches/tcs-interfaces.diff \
file://patches/tpmsetup-interfaces.diff \
- file://patches/uid-interfaces.diff \
file://patches/updatemgr-interfaces.diff \
file://patches/vhdutils-interfaces.diff \
file://patches/xc-files-interfaces.patch \