[selinux-policy: 1626/3172] fix duplicate /usr/bin/mplayer fc match for targeted

Thu Oct 7 21:25:40 UTC 2010

commit b04eccd87b9c323a9b8bddaae417bda1ad6eca57
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Oct 18 17:31:14 2006 +0000

    fix duplicate /usr/bin/mplayer fc match for targeted

 policy/modules/apps/mplayer.fc      |    5 +++--
 policy/modules/apps/mplayer.te      |   21 ++++++++++++++-------
 policy/modules/system/unconfined.fc |    2 --
 policy/modules/system/unconfined.if |   34 ++++++++++++++++++++++++++++++++++
 policy/modules/system/unconfined.te |    2 +-
 5 files changed, 52 insertions(+), 12 deletions(-)
---

diff --git a/policy/modules/apps/mplayer.fc b/policy/modules/apps/mplayer.fc
index 60db2e9..4806b64 100644
--- a/policy/modules/apps/mplayer.fc
+++ b/policy/modules/apps/mplayer.fc
@@ -6,8 +6,9 @@
 #
 # /usr
 #
-/usr/bin/mplayer	--	   	gen_context(system_u:object_r:mplayer_exec_t,s0)
-/usr/bin/mencoder	--	   	gen_context(system_u:object_r:mencoder_exec_t,s0)
+/usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
+/usr/bin/mencoder	--	gen_context(system_u:object_r:mencoder_exec_t,s0)
+/usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 
 ifdef(`strict_policy',`
 HOME_DIR/\.mplayer(/.*)?        gen_context(system_u:object_r:ROLE_mplayer_home_t,s0)
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
index adbb176..d535b7c 100644
--- a/policy/modules/apps/mplayer.te
+++ b/policy/modules/apps/mplayer.te
@@ -1,16 +1,23 @@
 
-policy_module(mplayer,1.0.2)
+policy_module(mplayer,1.0.3)
 
 ########################################
 #
 # Declarations
 #
 
-type mplayer_exec_t;
-corecmd_executable_file(mplayer_exec_t)
-
-type mencoder_exec_t;
-corecmd_executable_file(mencoder_exec_t)
-
 type mplayer_etc_t;
 files_config_file(mplayer_etc_t)
+
+ifdef(`strict_policy',`
+	type mencoder_exec_t;
+	corecmd_executable_file(mencoder_exec_t)
+
+	type mplayer_exec_t;
+	corecmd_executable_file(mplayer_exec_t)
+')
+
+ifdef(`targeted_policy',`
+	unconfined_execmem_alias_program(mencoder_exec_t)
+	unconfined_execmem_alias_program(mplayer_exec_t)
+')
diff --git a/policy/modules/system/unconfined.fc b/policy/modules/system/unconfined.fc
index cf3fa5a..471b06a 100644
--- a/policy/modules/system/unconfined.fc
+++ b/policy/modules/system/unconfined.fc
@@ -8,7 +8,5 @@ ifdef(`targeted_policy',`
 /usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/local/RealPlay/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-/usr/bin/mplayer	 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-/usr/bin/xine		 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/lib/ia32el/ia32x_loader 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 ')
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index 26df7d5..59fc8f0 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -490,6 +490,40 @@ interface(`unconfined_alias_domain',`
 
 ########################################
 ## <summary>
+##	Add an alias type to the unconfined execmem
+##	program file type.
+## </summary>
+## <desc>
+##	<p>
+##	Add an alias type to the unconfined execmem
+##	program file type.
+##	</p>
+##	<p>
+##	This is added to support targeted policy.  Its
+##	use should be limited.  It has no effect
+##	on the strict policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	New alias of the unconfined execmem program type.
+##	</summary>
+## </param>
+#
+interface(`unconfined_execmem_alias_program',`
+	ifdef(`targeted_policy',`
+		gen_require(`
+			type unconfined_execmem_exec_t;
+		')
+
+		typealias unconfined_execmem_exec_t alias $1;
+	',`
+		refpolicywarn(`$0($1) has no effect in strict policy.')
+	')
+')
+
+########################################
+## <summary>
 ##	Connect to the the unconfined DBUS
 ##	for service (acquire_svc).
 ## </summary>
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 74f6c1b..9376cca 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,5 +1,5 @@
 
-policy_module(unconfined,1.3.15)
+policy_module(unconfined,1.3.16)
 
 ########################################
 #
