[selinux-policy: 2406/3172] Portage fixes for installing SELinux-aware programs.

[Daniel J Walsh]

commit 05bd2f983700be4736e90fd728ac6eb1a1431e1b
Author: Chris PeBenito <pebenito at gentoo.org>
Date:   Wed Feb 17 20:23:41 2010 -0500

    Portage fixes for installing SELinux-aware programs.

 policy/modules/admin/portage.if |    8 ++++++++
 1 files changed, 8 insertions(+), 0 deletions(-)
---
diff --git a/policy/modules/admin/portage.if b/policy/modules/admin/portage.if
index 83a36fc..798acbe 100644
--- a/policy/modules/admin/portage.if
+++ b/policy/modules/admin/portage.if
@@ -114,6 +114,8 @@ interface(`portage_compile_domain',`
 	manage_fifo_files_pattern($1, portage_tmp_t, portage_tmp_t)
 	manage_sock_files_pattern($1, portage_tmp_t, portage_tmp_t)
 	files_tmp_filetrans($1, portage_tmp_t, { dir file lnk_file sock_file fifo_file })
+	# SELinux-enabled programs running in the sandbox
+	allow $1 portage_tmp_t:file relabel_file_perms;
 
 	manage_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
 	manage_lnk_files_pattern($1, portage_tmpfs_t, portage_tmpfs_t)
@@ -152,6 +154,8 @@ interface(`portage_compile_domain',`
 
 	domain_use_interactive_fds($1)
 	domain_dontaudit_read_all_domains_state($1)
+	# SELinux-aware installs doing relabels in the sandbox
+	domain_obj_id_change_exemption($1)
 
 	files_exec_etc_files($1)
 	files_exec_usr_src_files($1)
@@ -162,6 +166,7 @@ interface(`portage_compile_domain',`
 	fs_read_noxattr_fs_symlinks($1)
 	fs_search_auto_mountpoints($1)
 
+	selinux_validate_context($1)
 	# needed for merging dbus:
 	selinux_compute_access_vector($1)
 
@@ -180,6 +185,9 @@ interface(`portage_compile_domain',`
 
 	userdom_use_user_terminals($1)
 
+	# SELinux-enabled programs running in the sandbox
+	seutil_libselinux_linked($1)
+
 	ifdef(`TODO',`
 	# some gui ebuilds want to interact with X server, like xawtv
 	optional_policy(`