[selinux-policy: 1720/3172] Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomai

[Daniel J Walsh]

commit b4dfdc7d300594c8fc39a9503804ec0090c96c01
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Apr 19 14:30:57 2007 +0000

    Move program admin template usage out of userdom_admin_user_template() to sysadm policy in userdomain.te to fix usage of the template for third parties.

 Changelog                           |    3 +++
 policy/modules/system/userdomain.if |   16 ----------------
 policy/modules/system/userdomain.te |   12 +++++++++++-
 3 files changed, 14 insertions(+), 17 deletions(-)
---
diff --git a/Changelog b/Changelog
index 511b6e4..4eb72ee 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,6 @@
+- Move program admin template usage out of userdom_admin_user_template() to
+  sysadm policy in userdomain.te to fix usage of the template for third
+  parties.
 - Fix clockspeed_run_cli() declaration, it was incorrectly defined as a
   template instead of an interface.
 
diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index b4c73bf..d600bd2 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1225,22 +1225,6 @@ template(`userdom_admin_user_template',`
 	')
 
 	optional_policy(`
-		cron_admin_template($1,$1_t,$1_r)
-	')
-
-	optional_policy(`
-		ethereal_admin_template($1,$1_t,$1_r)
-	')
-
-	optional_policy(`
-		lpr_admin_template($1,$1_t,$1_r)
-	')
-
-	optional_policy(`
-		mta_admin_template($1,$1_t,$1_r)
-	')
-
-	optional_policy(`
 		userhelper_exec($1_t)
 	')
 ')
diff --git a/policy/modules/system/userdomain.te b/policy/modules/system/userdomain.te
index 49caabb..1b42df9 100644
--- a/policy/modules/system/userdomain.te
+++ b/policy/modules/system/userdomain.te
@@ -1,5 +1,5 @@
 
-policy_module(userdomain,2.2.0)
+policy_module(userdomain,2.2.1)
 
 gen_require(`
 	role sysadm_r, staff_r, user_r;
@@ -294,6 +294,10 @@ ifdef(`strict_policy',`
 	')
 
 	optional_policy(`
+		cron_admin_template(sysadm,sysadm_t,sysadm_r)
+	')
+
+	optional_policy(`
 		dcc_run_cdcc(sysadm_t,sysadm_r,admin_terminal)
 		dcc_run_client(sysadm_t,sysadm_r,admin_terminal)
 		dcc_run_dbclean(sysadm_t,sysadm_r,admin_terminal)
@@ -321,6 +325,7 @@ ifdef(`strict_policy',`
 
 	optional_policy(`
 		ethereal_run_tethereal(sysadm_t,sysadm_r,admin_terminal)
+		ethereal_admin_template(sysadm,sysadm_t,sysadm_r)
 	')
 
 	optional_policy(`
@@ -363,6 +368,7 @@ ifdef(`strict_policy',`
 
 	optional_policy(`
 		lpd_run_checkpc(sysadm_t,sysadm_r,admin_terminal)
+		lpr_admin_template(sysadm,sysadm_t,sysadm_r)
 	')
 
 	optional_policy(`
@@ -380,6 +386,10 @@ ifdef(`strict_policy',`
 	')
 
 	optional_policy(`
+		mta_admin_template(sysadm,sysadm_t,sysadm_r)
+	')
+
+	optional_policy(`
 		mysql_stream_connect(sysadm_t)
 	')