[selinux-policy: 1857/3172] trunk: add unconfined_run_to().

[Daniel J Walsh]

commit ccf6611bdd5e5b1805383ebf646e1a28fa759149
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Nov 16 19:50:34 2007 +0000

    trunk: add unconfined_run_to().

 policy/modules/system/unconfined.if |   40 +++++++++++++++++++++++++++++++++++
 policy/modules/system/unconfined.te |    2 +-
 2 files changed, 41 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index 1bb9f59..69a720d 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -278,6 +278,46 @@ interface(`unconfined_domtrans_to',`
 
 ########################################
 ## <summary>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.  Allow the specified domain the
+##	unconfined role and use of unconfined user terminals.
+## </summary>
+## <desc>
+##	<p>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.  Allow the specified domain the
+##	unconfined role and use of unconfined user terminals.
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+## <param name="entry_file">
+##	<summary>
+##	Domain entry point file.
+##	</summary>
+## </param>
+#
+interface(`unconfined_run_to',`
+	gen_require(`
+		type unconfined_t, unconfined_devpts_t, unconfined_tty_device_t;
+		role unconfined_r;
+	')
+
+	domtrans_pattern(unconfined_t,$2,$1)
+	role unconfined_r types $1;
+	allow $1 { unconfined_devpts_t unconfined_tty_device_t }:chr_file rw_term_perms;
+')
+
+########################################
+## <summary>
 ##	Inherit file descriptors from the unconfined domain.
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 23fdddf..b44c48e 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,5 +1,5 @@
 
-policy_module(unconfined,2.0.2)
+policy_module(unconfined,2.0.3)
 
 ########################################
 #