[selinux-policy: 1440/3172] fix sendmail_exec_t encapsulation breakage

[Daniel J Walsh]

commit 88bc7af316b4442772c375d60e295046801b47be
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed May 10 18:42:22 2006 +0000

    fix sendmail_exec_t encapsulation breakage

 refpolicy/policy/modules/services/mta.if      |   38 ++++++++++++++++++++++++-
 refpolicy/policy/modules/services/sendmail.if |    6 +--
 2 files changed, 39 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 70f6fdf..46037c0 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -476,6 +476,41 @@ interface(`mta_send_mail',`
 
 ########################################
 ## <summary>
+##	Execute send mail in a specified domain.
+## </summary>
+## <desc>
+##      <p>
+##	Execute send mail in a specified domain.
+##      </p>
+##      <p>
+##      No interprocess communication (signals, pipes,
+##      etc.) is provided by this interface since
+##      the domains are not owned by this module.
+##      </p>
+## </desc>
+## <param name="source_domain">
+##	<summary>
+##	Domain to transition from.
+##	</summary>
+## </param>
+## <param name="target_domain">
+##	<summary>
+##	Domain to transition to.
+##	</summary>
+## </param>
+#
+interface(`mta_sendmail_domtrans',`
+	gen_require(`
+		type sendmail_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_read_sbin_symlinks($1)
+	domain_auto_trans($1,sendmail_exec_t,$2)
+')
+
+########################################
+## <summary>
 ##	Execute sendmail in the caller domain.
 ## </summary>
 ## <param name="domain">
@@ -484,12 +519,13 @@ interface(`mta_send_mail',`
 ##	</summary>
 ## </param>
 #
-interface(`mta_exec',`
+interface(`mta_sendmail_exec',`
 	gen_require(`
 		type sendmail_exec_t;
 	')
 
 	can_exec($1, sendmail_exec_t)
+	errprint(`bah $1'__endline__)
 ')
 
 ########################################
diff --git a/refpolicy/policy/modules/services/sendmail.if b/refpolicy/policy/modules/services/sendmail.if
index 6af71b9..28a0ca6 100644
--- a/refpolicy/policy/modules/services/sendmail.if
+++ b/refpolicy/policy/modules/services/sendmail.if
@@ -28,12 +28,10 @@ interface(`sendmail_stub',`
 #
 interface(`sendmail_domtrans',`
 	gen_require(`
-		type sendmail_exec_t, sendmail_t;
+		type sendmail_t;
 	')
 
-	files_search_usr($1)
-	corecmd_search_sbin($1)
-	domain_auto_trans($1,sendmail_exec_t,sendmail_t)
+	mta_sendmail_domtrans($1,sendmail_t)
 
 	allow $1 sendmail_t:fd use;
 	allow sendmail_t $1:fd use;