[selinux-policy: 1776/3172] trunk: add application module
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:38:30 UTC 2010
commit d46cfe45cd12c73980f74ef2ad61ce5b840c93e4
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jul 19 18:57:48 2007 +0000
trunk: add application module
Changelog | 2 +
policy/modules/admin/alsa.te | 5 +-
policy/modules/admin/amanda.te | 5 +-
policy/modules/admin/bootloader.te | 8 +--
policy/modules/admin/certwatch.te | 3 +-
policy/modules/admin/consoletype.te | 3 +-
policy/modules/admin/ddcprobe.te | 5 +-
policy/modules/admin/dmidecode.te | 8 +--
policy/modules/admin/logwatch.te | 5 +-
policy/modules/admin/portage.te | 17 ++----
policy/modules/admin/readahead.te | 3 +-
policy/modules/admin/sudo.if | 3 +-
policy/modules/admin/sudo.te | 4 +-
policy/modules/admin/sxid.te | 5 +-
policy/modules/admin/tmpreaper.te | 8 +--
policy/modules/admin/tripwire.te | 14 ++---
policy/modules/admin/tzdata.te | 3 +-
policy/modules/admin/usermanage.te | 23 +++------
policy/modules/admin/vpn.te | 6 +--
policy/modules/apps/ada.te | 5 +-
policy/modules/apps/authbind.te | 5 +-
policy/modules/apps/cdrecord.if | 3 +-
policy/modules/apps/cdrecord.te | 4 +-
policy/modules/apps/ethereal.if | 3 +-
policy/modules/apps/ethereal.te | 7 +--
policy/modules/apps/evolution.if | 15 ++----
policy/modules/apps/evolution.te | 12 ++--
policy/modules/apps/games.if | 3 +-
policy/modules/apps/games.te | 2 +-
policy/modules/apps/gift.if | 6 +--
policy/modules/apps/gift.te | 6 +-
policy/modules/apps/gnome.if | 3 +-
policy/modules/apps/gnome.te | 4 +-
policy/modules/apps/gpg.if | 12 ++---
policy/modules/apps/gpg.te | 10 ++--
policy/modules/apps/irc.if | 5 +-
policy/modules/apps/irc.te | 4 +-
policy/modules/apps/java.if | 3 +-
policy/modules/apps/java.te | 2 +-
policy/modules/apps/lockdev.if | 3 +-
policy/modules/apps/lockdev.te | 4 +-
policy/modules/apps/mozilla.if | 3 +-
policy/modules/apps/mozilla.te | 4 +-
policy/modules/apps/mplayer.if | 6 +--
policy/modules/apps/mplayer.te | 6 +-
policy/modules/apps/rssh.if | 3 +-
policy/modules/apps/rssh.te | 4 +-
policy/modules/apps/screen.if | 3 +-
policy/modules/apps/screen.te | 4 +-
policy/modules/apps/thunderbird.if | 3 +-
policy/modules/apps/thunderbird.te | 4 +-
policy/modules/apps/tvtime.if | 3 +-
policy/modules/apps/tvtime.te | 4 +-
policy/modules/apps/uml.if | 6 +--
policy/modules/apps/uml.te | 4 +-
policy/modules/apps/userhelper.if | 3 +-
policy/modules/apps/userhelper.te | 4 +-
policy/modules/apps/usernetctl.te | 5 +-
policy/modules/apps/webalizer.te | 5 +-
policy/modules/apps/wine.te | 6 +--
policy/modules/apps/yam.te | 5 +-
policy/modules/services/aide.te | 5 +-
policy/modules/services/apm.te | 7 +--
policy/modules/services/clockspeed.te | 5 +-
policy/modules/services/cron.if | 3 +-
policy/modules/services/cron.te | 6 +-
policy/modules/services/dcc.te | 11 ++---
policy/modules/services/lpd.if | 3 +-
policy/modules/services/lpd.te | 4 +-
policy/modules/services/mta.if | 3 +-
policy/modules/services/mta.te | 4 +-
policy/modules/services/ntop.te | 3 +-
policy/modules/services/oav.te | 5 +-
policy/modules/services/postfix.te | 7 +--
policy/modules/services/procmail.te | 5 +-
policy/modules/services/publicfile.te | 5 +-
policy/modules/services/pyzor.te | 5 +-
policy/modules/services/qmail.te | 5 +-
policy/modules/services/spamassassin.if | 6 +--
policy/modules/services/spamassassin.te | 6 +-
policy/modules/services/ssh.if | 9 +--
policy/modules/services/ssh.te | 6 +-
policy/modules/services/timidity.te | 3 +-
policy/modules/services/uucp.te | 5 +-
policy/modules/services/xserver.te | 6 +-
policy/modules/system/application.fc | 1 +
policy/modules/system/application.if | 83 +++++++++++++++++++++++++++++++
policy/modules/system/application.te | 14 +++++
policy/modules/system/authlogin.if | 3 +-
policy/modules/system/authlogin.te | 10 ++--
policy/modules/system/daemontools.te | 8 +--
policy/modules/system/init.if | 3 +-
policy/modules/system/init.te | 7 ++-
policy/modules/system/locallogin.if | 18 +++++++
policy/modules/system/locallogin.te | 3 +-
policy/modules/system/modutils.te | 5 +-
policy/modules/system/mount.te | 5 +-
policy/modules/system/netlabel.te | 5 +-
policy/modules/system/pcmcia.te | 4 +-
policy/modules/system/selinuxutil.te | 26 ++++------
policy/modules/system/xen.te | 4 +-
101 files changed, 343 insertions(+), 319 deletions(-)
---
diff --git a/Changelog b/Changelog
index 82e6e13..ccb10c5 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,6 @@
- Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
+- Added modules:
+ application
* Fri Jun 29 2007 Chris PeBenito <selinux at tresys.com> - 20070629
- Fix incorrectly named files_lib_filetrans_shared_lib() interface in the
diff --git a/policy/modules/admin/alsa.te b/policy/modules/admin/alsa.te
index d4f222c..90b170c 100644
--- a/policy/modules/admin/alsa.te
+++ b/policy/modules/admin/alsa.te
@@ -1,5 +1,5 @@
-policy_module(alsa,1.1.0)
+policy_module(alsa,1.1.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(alsa,1.1.0)
type alsa_t;
type alsa_exec_t;
-domain_type(alsa_t)
-domain_entry_file(alsa_t, alsa_exec_t)
+application_domain(alsa_t, alsa_exec_t)
role system_r types alsa_t;
type alsa_etc_rw_t;
diff --git a/policy/modules/admin/amanda.te b/policy/modules/admin/amanda.te
index ed3d523..19da8df 100644
--- a/policy/modules/admin/amanda.te
+++ b/policy/modules/admin/amanda.te
@@ -1,5 +1,5 @@
-policy_module(amanda,1.6.0)
+policy_module(amanda,1.6.1)
#######################################
#
@@ -51,8 +51,7 @@ files_type(amanda_data_t)
# type for amrecover
type amanda_recover_t;
type amanda_recover_exec_t;
-domain_type(amanda_recover_t)
-domain_entry_file(amanda_recover_t,amanda_recover_exec_t)
+application_domain(amanda_recover_t,amanda_recover_exec_t)
role system_r types amanda_recover_t;
# type for recover files ( restored data )
diff --git a/policy/modules/admin/bootloader.te b/policy/modules/admin/bootloader.te
index 11b7b19..11d26ed 100644
--- a/policy/modules/admin/bootloader.te
+++ b/policy/modules/admin/bootloader.te
@@ -1,5 +1,5 @@
-policy_module(bootloader,1.5.0)
+policy_module(bootloader,1.5.1)
########################################
#
@@ -15,11 +15,9 @@ type boot_runtime_t;
files_type(boot_runtime_t)
type bootloader_t;
-domain_type(bootloader_t)
-role system_r types bootloader_t;
-
type bootloader_exec_t;
-domain_entry_file(bootloader_t,bootloader_exec_t)
+application_domain(bootloader_t,bootloader_exec_t)
+role system_r types bootloader_t;
#
# bootloader_etc_t is the configuration file,
diff --git a/policy/modules/admin/certwatch.te b/policy/modules/admin/certwatch.te
index daca9e1..24ffe6c 100644
--- a/policy/modules/admin/certwatch.te
+++ b/policy/modules/admin/certwatch.te
@@ -8,8 +8,7 @@ policy_module(certwatch,1.0)
type certwatch_t;
type certwatch_exec_t;
-domain_type(certwatch_t)
-domain_entry_file(certwatch_t,certwatch_exec_t)
+application_domain(certwatch_t,certwatch_exec_t)
role system_r types certwatch_t;
########################################
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
index b3cf7a8..bc5172d 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -1,5 +1,5 @@
-policy_module(consoletype,1.3.0)
+policy_module(consoletype,1.3.1)
########################################
#
@@ -8,6 +8,7 @@ policy_module(consoletype,1.3.0)
type consoletype_t;
type consoletype_exec_t;
+application_executable_file(consoletype_exec_t)
init_domain(consoletype_t,consoletype_exec_t)
mls_file_read_up(consoletype_t)
mls_file_write_down(consoletype_t)
diff --git a/policy/modules/admin/ddcprobe.te b/policy/modules/admin/ddcprobe.te
index 4b22c6b..01da41d 100644
--- a/policy/modules/admin/ddcprobe.te
+++ b/policy/modules/admin/ddcprobe.te
@@ -1,5 +1,5 @@
-policy_module(ddcprobe,1.0.0)
+policy_module(ddcprobe,1.0.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(ddcprobe,1.0.0)
type ddcprobe_t;
type ddcprobe_exec_t;
-domain_type(ddcprobe_t)
-domain_entry_file(ddcprobe_t,ddcprobe_exec_t)
+application_domain(ddcprobe_t,ddcprobe_exec_t)
role system_r types ddcprobe_t;
########################################
diff --git a/policy/modules/admin/dmidecode.te b/policy/modules/admin/dmidecode.te
index 4e16706..ffbca64 100644
--- a/policy/modules/admin/dmidecode.te
+++ b/policy/modules/admin/dmidecode.te
@@ -1,5 +1,5 @@
-policy_module(dmidecode,1.1.0)
+policy_module(dmidecode,1.1.1)
########################################
#
@@ -7,11 +7,9 @@ policy_module(dmidecode,1.1.0)
#
type dmidecode_t;
-domain_type(dmidecode_t)
-role system_r types dmidecode_t;
-
type dmidecode_exec_t;
-domain_entry_file(dmidecode_t,dmidecode_exec_t)
+application_domain(dmidecode_t,dmidecode_exec_t)
+role system_r types dmidecode_t;
########################################
#
diff --git a/policy/modules/admin/logwatch.te b/policy/modules/admin/logwatch.te
index 0053ce3..4f56927 100644
--- a/policy/modules/admin/logwatch.te
+++ b/policy/modules/admin/logwatch.te
@@ -1,5 +1,5 @@
-policy_module(logwatch,1.5.0)
+policy_module(logwatch,1.5.1)
#################################
#
@@ -8,8 +8,7 @@ policy_module(logwatch,1.5.0)
type logwatch_t;
type logwatch_exec_t;
-domain_type(logwatch_t)
-domain_entry_file(logwatch_t,logwatch_exec_t)
+application_domain(logwatch_t,logwatch_exec_t)
role system_r types logwatch_t;
type logwatch_cache_t;
diff --git a/policy/modules/admin/portage.te b/policy/modules/admin/portage.te
index 5726640..25bec9a 100644
--- a/policy/modules/admin/portage.te
+++ b/policy/modules/admin/portage.te
@@ -1,5 +1,5 @@
-policy_module(portage,1.3.0)
+policy_module(portage,1.3.1)
########################################
#
@@ -8,35 +8,30 @@ policy_module(portage,1.3.0)
type gcc_config_t;
type gcc_config_exec_t;
-domain_type(gcc_config_t)
-domain_entry_file(gcc_config_t,gcc_config_exec_t)
+application_domain(gcc_config_t,gcc_config_exec_t)
# constraining type
type portage_t;
type portage_exec_t;
-domain_type(portage_t)
-domain_entry_file(portage_t,portage_exec_t)
+application_domain(portage_t,portage_exec_t)
rsync_entry_type(portage_t)
corecmd_shell_entry_type(portage_t)
-domain_entry_file(portage_t,portage_exec_t)
# portage domain for merging packages to the live fs
type portage_t.merge;
-domain_type(portage_t.merge)
-domain_entry_file(portage_t.merge,portage_exec_t)
+application_domain(portage_t.merge,portage_exec_t)
domain_obj_id_change_exemption(portage_t.merge)
# portage compile sandbox domain
type portage_t.sandbox alias portage_sandbox_t;
-domain_type(portage_t.sandbox)
+application_domain(portage_t.sandbox,portage_exec_t)
# the shell is the entrypoint if regular sandbox is disabled
# portage_exec_t is the entrypoint if regular sandbox is enabled
corecmd_shell_entry_type(portage_t.sandbox)
-domain_entry_file(portage_t.sandbox,portage_exec_t)
# portage package fetching domain
type portage_t.fetch alias portage_fetch_t;
-domain_type(portage_t.fetch)
+application_type(portage_t.fetch)
corecmd_shell_entry_type(portage_t.fetch)
rsync_entry_type(portage_t.fetch)
diff --git a/policy/modules/admin/readahead.te b/policy/modules/admin/readahead.te
index 9223035..13efda9 100644
--- a/policy/modules/admin/readahead.te
+++ b/policy/modules/admin/readahead.te
@@ -1,5 +1,5 @@
-policy_module(readahead,1.3.0)
+policy_module(readahead,1.3.1)
########################################
#
@@ -9,6 +9,7 @@ policy_module(readahead,1.3.0)
type readahead_t;
type readahead_exec_t;
init_daemon_domain(readahead_t,readahead_exec_t)
+application_domain(readahead_t,readahead_exec_t)
type readahead_var_run_t;
files_pid_file(readahead_var_run_t)
diff --git a/policy/modules/admin/sudo.if b/policy/modules/admin/sudo.if
index f3dfaa4..8780a20 100644
--- a/policy/modules/admin/sudo.if
+++ b/policy/modules/admin/sudo.if
@@ -45,8 +45,7 @@ template(`sudo_per_role_template',`
#
type $1_sudo_t;
- domain_type($1_sudo_t)
- domain_entry_file($1_sudo_t,sudo_exec_t)
+ application_domain($1_sudo_t,sudo_exec_t)
domain_interactive_fd($1_sudo_t)
role $3 types $1_sudo_t;
diff --git a/policy/modules/admin/sudo.te b/policy/modules/admin/sudo.te
index d5af36f..5d497bc 100644
--- a/policy/modules/admin/sudo.te
+++ b/policy/modules/admin/sudo.te
@@ -1,11 +1,11 @@
-policy_module(sudo,1.1.0)
+policy_module(sudo,1.1.1)
########################################
#
# Declarations
type sudo_exec_t;
-corecmd_executable_file(sudo_exec_t)
+application_executable_file(sudo_exec_t)
# Remaining policy in per user domain template.
diff --git a/policy/modules/admin/sxid.te b/policy/modules/admin/sxid.te
index 017e229..4ce9f51 100644
--- a/policy/modules/admin/sxid.te
+++ b/policy/modules/admin/sxid.te
@@ -1,5 +1,5 @@
-policy_module(sxid,1.2.0)
+policy_module(sxid,1.2.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(sxid,1.2.0)
type sxid_t;
type sxid_exec_t;
-domain_type(sxid_t)
-domain_entry_file(sxid_t,sxid_exec_t)
+application_domain(sxid_t,sxid_exec_t)
type sxid_log_t;
logging_log_file(sxid_log_t)
diff --git a/policy/modules/admin/tmpreaper.te b/policy/modules/admin/tmpreaper.te
index 8809daf..5057e7a 100644
--- a/policy/modules/admin/tmpreaper.te
+++ b/policy/modules/admin/tmpreaper.te
@@ -1,5 +1,5 @@
-policy_module(tmpreaper,1.2.0)
+policy_module(tmpreaper,1.2.1)
########################################
#
@@ -7,11 +7,9 @@ policy_module(tmpreaper,1.2.0)
#
type tmpreaper_t;
-role system_r types tmpreaper_t;
-domain_type(tmpreaper_t)
-
type tmpreaper_exec_t;
-domain_entry_file(tmpreaper_t,tmpreaper_exec_t)
+application_domain(tmpreaper_t,tmpreaper_exec_t)
+role system_r types tmpreaper_t;
########################################
#
diff --git a/policy/modules/admin/tripwire.te b/policy/modules/admin/tripwire.te
index ba03126..0afd91c 100644
--- a/policy/modules/admin/tripwire.te
+++ b/policy/modules/admin/tripwire.te
@@ -1,5 +1,5 @@
-policy_module(tripwire,1.0.0)
+policy_module(tripwire,1.0.1)
########################################
#
@@ -8,13 +8,11 @@ policy_module(tripwire,1.0.0)
type siggen_t;
type siggen_exec_t;
-domain_type(siggen_t)
-domain_entry_file(siggen_t,siggen_exec_t)
+application_domain(siggen_t,siggen_exec_t)
type tripwire_t;
type tripwire_exec_t;
-domain_type(tripwire_t)
-domain_entry_file(tripwire_t,tripwire_exec_t)
+application_domain(tripwire_t,tripwire_exec_t)
role system_r types tripwire_t;
type tripwire_etc_t;
@@ -31,13 +29,11 @@ files_type(tripwire_var_lib_t)
type twadmin_t;
type twadmin_exec_t;
-domain_type(twadmin_t)
-domain_entry_file(twadmin_t,twadmin_exec_t)
+application_domain(twadmin_t,twadmin_exec_t)
type twprint_t;
type twprint_exec_t;
-domain_type(twprint_t)
-domain_entry_file(twprint_t,twprint_exec_t)
+application_domain(twprint_t,twprint_exec_t)
########################################
#
diff --git a/policy/modules/admin/tzdata.te b/policy/modules/admin/tzdata.te
index b4c48f6..182d9d3 100644
--- a/policy/modules/admin/tzdata.te
+++ b/policy/modules/admin/tzdata.te
@@ -1,5 +1,5 @@
-policy_module(tzdata,1.0.0)
+policy_module(tzdata,1.0.1)
########################################
#
@@ -9,6 +9,7 @@ policy_module(tzdata,1.0.0)
type tzdata_t;
type tzdata_exec_t;
init_daemon_domain(tzdata_t, tzdata_exec_t)
+application_domain(tzdata_t, tzdata_exec_t)
########################################
#
diff --git a/policy/modules/admin/usermanage.te b/policy/modules/admin/usermanage.te
index 65fe70b..d03e317 100644
--- a/policy/modules/admin/usermanage.te
+++ b/policy/modules/admin/usermanage.te
@@ -1,5 +1,5 @@
-policy_module(usermanage,1.7.0)
+policy_module(usermanage,1.7.1)
########################################
#
@@ -10,19 +10,15 @@ type admin_passwd_exec_t;
files_type(admin_passwd_exec_t)
type chfn_t;
+type chfn_exec_t;
domain_obj_id_change_exemption(chfn_t)
-domain_type(chfn_t)
+application_domain(chfn_t,chfn_exec_t)
role system_r types chfn_t;
-type chfn_exec_t;
-domain_entry_file(chfn_t,chfn_exec_t)
-
type crack_t;
-domain_type(crack_t)
-role system_r types crack_t;
-
type crack_exec_t;
-domain_entry_file(crack_t,crack_exec_t)
+application_domain(crack_t,crack_exec_t)
+role system_r types crack_t;
type crack_db_t;
files_type(crack_db_t)
@@ -37,17 +33,14 @@ init_system_domain(groupadd_t,groupadd_exec_t)
role system_r types groupadd_t;
type passwd_t;
+type passwd_exec_t;
domain_obj_id_change_exemption(passwd_t)
-domain_type(passwd_t)
+application_domain(passwd_t,passwd_exec_t)
role system_r types passwd_t;
-type passwd_exec_t;
-domain_entry_file(passwd_t,passwd_exec_t)
-
type sysadm_passwd_t;
domain_obj_id_change_exemption(sysadm_passwd_t)
-domain_type(sysadm_passwd_t)
-domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
+application_domain(sysadm_passwd_t,admin_passwd_exec_t)
role system_r types sysadm_passwd_t;
type sysadm_passwd_tmp_t;
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 624cfbe..13f90b9 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -1,5 +1,5 @@
-policy_module(vpn,1.5.0)
+policy_module(vpn,1.5.1)
########################################
#
@@ -7,10 +7,8 @@ policy_module(vpn,1.5.0)
#
type vpnc_t;
-domain_type(vpnc_t)
-
type vpnc_exec_t;
-domain_entry_file(vpnc_t,vpnc_exec_t)
+application_domain(vpnc_t,vpnc_exec_t)
role system_r types vpnc_t;
type vpnc_tmp_t;
diff --git a/policy/modules/apps/ada.te b/policy/modules/apps/ada.te
index f8167b8..7e0b9e6 100644
--- a/policy/modules/apps/ada.te
+++ b/policy/modules/apps/ada.te
@@ -1,5 +1,5 @@
-policy_module(ada,1.0.0)
+policy_module(ada,1.0.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(ada,1.0.0)
type ada_t;
type ada_exec_t;
-domain_type(ada_t)
-domain_entry_file(ada_t,ada_exec_t)
+application_domain(ada_t,ada_exec_t)
########################################
#
diff --git a/policy/modules/apps/authbind.te b/policy/modules/apps/authbind.te
index 2fd4f95..3fa4fb5 100644
--- a/policy/modules/apps/authbind.te
+++ b/policy/modules/apps/authbind.te
@@ -1,5 +1,5 @@
-policy_module(authbind,1.0.0)
+policy_module(authbind,1.0.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(authbind,1.0.0)
type authbind_t;
type authbind_exec_t;
-domain_type(authbind_t)
-domain_entry_file(authbind_t,authbind_exec_t)
+application_domain(authbind_t,authbind_exec_t)
role system_r types authbind_t;
type authbind_etc_t;
diff --git a/policy/modules/apps/cdrecord.if b/policy/modules/apps/cdrecord.if
index 09ea3c9..5d07b9e 100644
--- a/policy/modules/apps/cdrecord.if
+++ b/policy/modules/apps/cdrecord.if
@@ -44,8 +44,7 @@ template(`cdrecord_per_role_template', `
#
type $1_cdrecord_t;
- domain_type($1_cdrecord_t)
- domain_entry_file($1_cdrecord_t,cdrecord_exec_t)
+ application_domain($1_cdrecord_t,cdrecord_exec_t)
role $3 types $1_cdrecord_t;
########################################
diff --git a/policy/modules/apps/cdrecord.te b/policy/modules/apps/cdrecord.te
index cc6ae89..5e2f2f3 100644
--- a/policy/modules/apps/cdrecord.te
+++ b/policy/modules/apps/cdrecord.te
@@ -1,5 +1,5 @@
-policy_module(cdrecord,1.2.0)
+policy_module(cdrecord,1.2.1)
########################################
#
@@ -18,4 +18,4 @@ gen_tunable(cdrecord_read_content,false)
')
type cdrecord_exec_t;
-corecmd_executable_file(cdrecord_exec_t)
+application_executable_file(cdrecord_exec_t)
diff --git a/policy/modules/apps/ethereal.if b/policy/modules/apps/ethereal.if
index ed8d897..c9dd4f3 100644
--- a/policy/modules/apps/ethereal.if
+++ b/policy/modules/apps/ethereal.if
@@ -45,8 +45,7 @@ template(`ethereal_per_role_template',`
# Type for program
type $1_ethereal_t;
- domain_type($1_ethereal_t)
- domain_entry_file($1_ethereal_t,ethereal_exec_t)
+ application_domain($1_ethereal_t,ethereal_exec_t)
role $3 types $1_ethereal_t;
type $1_ethereal_home_t alias $1_ethereal_rw_t;
diff --git a/policy/modules/apps/ethereal.te b/policy/modules/apps/ethereal.te
index ee7f930..6247f5a 100644
--- a/policy/modules/apps/ethereal.te
+++ b/policy/modules/apps/ethereal.te
@@ -1,5 +1,5 @@
-policy_module(ethereal,1.2.0)
+policy_module(ethereal,1.2.1)
########################################
#
@@ -7,12 +7,11 @@ policy_module(ethereal,1.2.0)
#
type ethereal_exec_t;
-corecmd_executable_file(ethereal_exec_t)
+application_executable_file(ethereal_exec_t)
type tethereal_t;
type tethereal_exec_t;
-domain_type(tethereal_t)
-domain_entry_file(tethereal_t,tethereal_exec_t)
+application_domain(tethereal_t,tethereal_exec_t)
type tethereal_tmp_t;
files_tmp_file(tethereal_tmp_t)
diff --git a/policy/modules/apps/evolution.if b/policy/modules/apps/evolution.if
index 0e22c03..681ea93 100644
--- a/policy/modules/apps/evolution.if
+++ b/policy/modules/apps/evolution.if
@@ -41,8 +41,7 @@ template(`evolution_per_role_template',`
#
type $1_evolution_t;
- domain_type($1_evolution_t)
- domain_entry_file($1_evolution_t,evolution_exec_t)
+ application_domain($1_evolution_t,evolution_exec_t)
role $3 types $1_evolution_t;
type $1_evolution_tmpfs_t;
@@ -56,8 +55,7 @@ template(`evolution_per_role_template',`
files_tmp_file($1_evolution_orbit_tmp_t)
type $1_evolution_alarm_t;
- domain_type($1_evolution_alarm_t)
- domain_entry_file($1_evolution_alarm_t,evolution_alarm_exec_t)
+ application_domain($1_evolution_alarm_t,evolution_alarm_exec_t)
role $3 types $1_evolution_alarm_t;
type $1_evolution_alarm_tmpfs_t;
@@ -67,8 +65,7 @@ template(`evolution_per_role_template',`
files_tmp_file($1_evolution_alarm_orbit_tmp_t)
type $1_evolution_exchange_t;
- domain_type($1_evolution_exchange_t)
- domain_entry_file($1_evolution_exchange_t,evolution_exchange_exec_t)
+ application_domain($1_evolution_exchange_t,evolution_exchange_exec_t)
role $3 types $1_evolution_exchange_t;
type $1_evolution_exchange_tmpfs_t;
@@ -81,16 +78,14 @@ template(`evolution_per_role_template',`
files_tmp_file($1_evolution_exchange_orbit_tmp_t)
type $1_evolution_server_t;
- domain_type($1_evolution_server_t)
- domain_entry_file($1_evolution_server_t,evolution_server_exec_t)
+ application_domain($1_evolution_server_t,evolution_server_exec_t)
role $3 types $1_evolution_server_t;
type $1_evolution_server_orbit_tmp_t;
files_tmp_file($1_evolution_server_orbit_tmp_t)
type $1_evolution_webcal_t;
- domain_type($1_evolution_webcal_t)
- domain_entry_file($1_evolution_webcal_t,evolution_webcal_exec_t)
+ application_domain($1_evolution_webcal_t,evolution_webcal_exec_t)
role $3 types $1_evolution_webcal_t;
type $1_evolution_webcal_tmpfs_t;
diff --git a/policy/modules/apps/evolution.te b/policy/modules/apps/evolution.te
index 7779861..70e2b49 100644
--- a/policy/modules/apps/evolution.te
+++ b/policy/modules/apps/evolution.te
@@ -1,5 +1,5 @@
-policy_module(evolution,1.3.0)
+policy_module(evolution,1.3.1)
########################################
#
@@ -7,16 +7,16 @@ policy_module(evolution,1.3.0)
#
type evolution_exec_t;
-corecmd_executable_file(evolution_exec_t)
+application_executable_file(evolution_exec_t)
type evolution_alarm_exec_t;
-corecmd_executable_file(evolution_alarm_exec_t)
+application_executable_file(evolution_alarm_exec_t)
type evolution_exchange_exec_t;
-corecmd_executable_file(evolution_exchange_exec_t)
+application_executable_file(evolution_exchange_exec_t)
type evolution_server_exec_t;
-corecmd_executable_file(evolution_server_exec_t)
+application_executable_file(evolution_server_exec_t)
type evolution_webcal_exec_t;
-corecmd_executable_file(evolution_webcal_exec_t)
+application_executable_file(evolution_webcal_exec_t)
diff --git a/policy/modules/apps/games.if b/policy/modules/apps/games.if
index ed79d9f..130c389 100644
--- a/policy/modules/apps/games.if
+++ b/policy/modules/apps/games.if
@@ -44,8 +44,7 @@ template(`games_per_role_template',`
#
type $1_games_t;
- domain_type($1_games_t)
- domain_entry_file($1_games_t,games_exec_t)
+ application_domain($1_games_t,games_exec_t)
role $3 types $1_games_t;
type $1_games_devpts_t;
diff --git a/policy/modules/apps/games.te b/policy/modules/apps/games.te
index 07f2284..863d8b0 100644
--- a/policy/modules/apps/games.te
+++ b/policy/modules/apps/games.te
@@ -1,5 +1,5 @@
-policy_module(games,1.3.0)
+policy_module(games,1.3.1)
########################################
#
diff --git a/policy/modules/apps/gift.if b/policy/modules/apps/gift.if
index 1bdc35f..8d034ae 100644
--- a/policy/modules/apps/gift.if
+++ b/policy/modules/apps/gift.if
@@ -40,8 +40,7 @@ template(`gift_per_role_template',`
#
type $1_gift_t;
- domain_type($1_gift_t)
- domain_entry_file($1_gift_t,gift_exec_t)
+ application_domain($1_gift_t,gift_exec_t)
role $3 types $1_gift_t;
type $1_gift_home_t alias $1_gift_rw_t;
@@ -52,8 +51,7 @@ template(`gift_per_role_template',`
files_tmpfs_file($1_gift_tmpfs_t)
type $1_giftd_t;
- domain_type($1_giftd_t)
- domain_entry_file($1_giftd_t,giftd_exec_t)
+ application_domain($1_giftd_t,giftd_exec_t)
role $3 types $1_giftd_t;
##############################
diff --git a/policy/modules/apps/gift.te b/policy/modules/apps/gift.te
index 80bb218..0acf45f 100644
--- a/policy/modules/apps/gift.te
+++ b/policy/modules/apps/gift.te
@@ -1,5 +1,5 @@
-policy_module(gift,1.1.0)
+policy_module(gift,1.1.1)
########################################
#
@@ -7,7 +7,7 @@ policy_module(gift,1.1.0)
#
type gift_exec_t;
-corecmd_executable_file(gift_exec_t)
+application_executable_file(gift_exec_t)
type giftd_exec_t;
-corecmd_executable_file(giftd_exec_t)
+application_executable_file(giftd_exec_t)
diff --git a/policy/modules/apps/gnome.if b/policy/modules/apps/gnome.if
index a0e35fc..4da4442 100644
--- a/policy/modules/apps/gnome.if
+++ b/policy/modules/apps/gnome.if
@@ -44,8 +44,7 @@ template(`gnome_per_role_template',`
#
type $1_gconfd_t, gnomedomain;
- domain_type($1_gconfd_t)
- domain_entry_file($1_gconfd_t, gconfd_exec_t)
+ application_domain($1_gconfd_t, gconfd_exec_t)
role $3 types $1_gconfd_t;
type $1_gconf_home_t;
diff --git a/policy/modules/apps/gnome.te b/policy/modules/apps/gnome.te
index 09c9177..87cfb3b 100644
--- a/policy/modules/apps/gnome.te
+++ b/policy/modules/apps/gnome.te
@@ -1,5 +1,5 @@
-policy_module(gnome,1.1.0)
+policy_module(gnome,1.1.1)
##############################
#
@@ -12,4 +12,4 @@ type gconf_etc_t;
files_type(gconf_etc_t)
type gconfd_exec_t;
-corecmd_executable_file(gconfd_exec_t)
+application_executable_file(gconfd_exec_t)
diff --git a/policy/modules/apps/gpg.if b/policy/modules/apps/gpg.if
index d2382c4..d607833 100644
--- a/policy/modules/apps/gpg.if
+++ b/policy/modules/apps/gpg.if
@@ -46,13 +46,11 @@ template(`gpg_per_role_template',`
#
type $1_gpg_t;
- domain_type($1_gpg_t)
- domain_entry_file($1_gpg_t,gpg_exec_t)
+ application_domain($1_gpg_t,gpg_exec_t)
role $3 types $1_gpg_t;
type $1_gpg_agent_t;
- domain_type($1_gpg_agent_t)
- domain_entry_file($1_gpg_agent_t,gpg_agent_exec_t)
+ application_domain($1_gpg_agent_t,gpg_agent_exec_t)
role $3 types $1_gpg_agent_t;
type $1_gpg_agent_tmp_t;
@@ -62,13 +60,11 @@ template(`gpg_per_role_template',`
userdom_user_home_content($1,$1_gpg_secret_t)
type $1_gpg_helper_t;
- domain_type($1_gpg_helper_t)
- domain_entry_file($1_gpg_helper_t,gpg_helper_exec_t)
+ application_domain($1_gpg_helper_t,gpg_helper_exec_t)
role $3 types $1_gpg_helper_t;
type $1_gpg_pinentry_t;
- domain_type($1_gpg_pinentry_t)
- domain_entry_file($1_gpg_pinentry_t,pinentry_exec_t)
+ application_domain($1_gpg_pinentry_t,pinentry_exec_t)
role $3 types $1_gpg_pinentry_t;
########################################
diff --git a/policy/modules/apps/gpg.te b/policy/modules/apps/gpg.te
index b04bbde..381f493 100644
--- a/policy/modules/apps/gpg.te
+++ b/policy/modules/apps/gpg.te
@@ -1,5 +1,5 @@
-policy_module(gpg, 1.3.0)
+policy_module(gpg, 1.3.1)
########################################
#
@@ -9,13 +9,13 @@ policy_module(gpg, 1.3.0)
# Type for gpg or pgp executables.
type gpg_exec_t;
type gpg_helper_exec_t;
-corecmd_executable_file(gpg_exec_t)
-corecmd_executable_file(gpg_helper_exec_t)
+application_executable_file(gpg_exec_t)
+application_executable_file(gpg_helper_exec_t)
# Type for the gpg-agent executable.
type gpg_agent_exec_t;
-corecmd_executable_file(gpg_agent_exec_t)
+application_executable_file(gpg_agent_exec_t)
# type for the pinentry executable
type pinentry_exec_t;
-corecmd_executable_file(pinentry_exec_t)
+application_executable_file(pinentry_exec_t)
diff --git a/policy/modules/apps/irc.if b/policy/modules/apps/irc.if
index 8fbbc04..3d0e9fc 100644
--- a/policy/modules/apps/irc.if
+++ b/policy/modules/apps/irc.if
@@ -43,13 +43,12 @@ template(`irc_per_role_template',`
#
type $1_irc_t;
- domain_type($1_irc_t)
- domain_entry_file($1_irc_t,irc_exec_t)
+ application_domain($1_irc_t,irc_exec_t)
role $3 types $1_irc_t;
type $1_irc_exec_t;
userdom_user_home_content($1,$1_irc_exec_t)
- domain_entry_file($1_irc_t,$1_irc_exec_t)
+ application_domain($1_irc_t,$1_irc_exec_t)
type $1_irc_home_t;
userdom_user_home_content($1,$1_irc_home_t)
diff --git a/policy/modules/apps/irc.te b/policy/modules/apps/irc.te
index 89cbc10..47228b4 100644
--- a/policy/modules/apps/irc.te
+++ b/policy/modules/apps/irc.te
@@ -1,5 +1,5 @@
-policy_module(irc,1.2.0)
+policy_module(irc,1.2.1)
########################################
#
@@ -7,4 +7,4 @@ policy_module(irc,1.2.0)
#
type irc_exec_t;
-corecmd_executable_file(irc_exec_t)
+application_executable_file(irc_exec_t)
diff --git a/policy/modules/apps/java.if b/policy/modules/apps/java.if
index 80770b1..a2c4011 100644
--- a/policy/modules/apps/java.if
+++ b/policy/modules/apps/java.if
@@ -43,8 +43,7 @@ template(`java_per_role_template',`
#
type $1_javaplugin_t;
- domain_type($1_javaplugin_t)
- domain_entry_file($1_javaplugin_t,java_exec_t)
+ application_domain($1_javaplugin_t,java_exec_t)
role $3 types $1_javaplugin_t;
type $1_javaplugin_tmp_t;
diff --git a/policy/modules/apps/java.te b/policy/modules/apps/java.te
index aef7925..d87dd18 100644
--- a/policy/modules/apps/java.te
+++ b/policy/modules/apps/java.te
@@ -1,5 +1,5 @@
-policy_module(java,1.5.0)
+policy_module(java,1.5.1)
########################################
#
diff --git a/policy/modules/apps/lockdev.if b/policy/modules/apps/lockdev.if
index 3230ffa..d9d61c0 100644
--- a/policy/modules/apps/lockdev.if
+++ b/policy/modules/apps/lockdev.if
@@ -44,8 +44,7 @@ template(`lockdev_per_role_template',`
#
type $1_lockdev_t;
- domain_type($1_lockdev_t)
- domain_entry_file($1_lockdev_t,lockdev_exec_t)
+ application_domain($1_lockdev_t,lockdev_exec_t)
role $3 types $1_lockdev_t;
type $1_lockdev_lock_t;
diff --git a/policy/modules/apps/lockdev.te b/policy/modules/apps/lockdev.te
index 80b7b43..728a4eb 100644
--- a/policy/modules/apps/lockdev.te
+++ b/policy/modules/apps/lockdev.te
@@ -1,5 +1,5 @@
-policy_module(lockdev,1.1.0)
+policy_module(lockdev,1.1.1)
########################################
#
@@ -7,4 +7,4 @@ policy_module(lockdev,1.1.0)
#
type lockdev_exec_t;
-corecmd_executable_file(lockdev_exec_t)
+application_executable_file(lockdev_exec_t)
diff --git a/policy/modules/apps/mozilla.if b/policy/modules/apps/mozilla.if
index 7a1802e..2450078 100644
--- a/policy/modules/apps/mozilla.if
+++ b/policy/modules/apps/mozilla.if
@@ -42,8 +42,7 @@ template(`mozilla_per_role_template',`
# Declarations
#
type $1_mozilla_t;
- domain_type($1_mozilla_t)
- domain_entry_file($1_mozilla_t,mozilla_exec_t)
+ application_domain($1_mozilla_t,mozilla_exec_t)
role $3 types $1_mozilla_t;
type $1_mozilla_home_t alias $1_mozilla_rw_t;
diff --git a/policy/modules/apps/mozilla.te b/policy/modules/apps/mozilla.te
index e86553f..f286f6b 100644
--- a/policy/modules/apps/mozilla.te
+++ b/policy/modules/apps/mozilla.te
@@ -1,5 +1,5 @@
-policy_module(mozilla,1.3.0)
+policy_module(mozilla,1.3.1)
########################################
#
@@ -19,4 +19,4 @@ type mozilla_conf_t;
files_config_file(mozilla_conf_t)
type mozilla_exec_t;
-corecmd_executable_file(mozilla_exec_t)
+application_executable_file(mozilla_exec_t)
diff --git a/policy/modules/apps/mplayer.if b/policy/modules/apps/mplayer.if
index 99bc933..39b1bf4 100644
--- a/policy/modules/apps/mplayer.if
+++ b/policy/modules/apps/mplayer.if
@@ -43,13 +43,11 @@ template(`mplayer_per_role_template',`
#
type $1_mencoder_t;
- domain_type($1_mencoder_t)
- domain_entry_file($1_mencoder_t,mencoder_exec_t)
+ application_domain($1_mencoder_t,mencoder_exec_t)
role $3 types $1_mencoder_t;
type $1_mplayer_t;
- domain_type($1_mplayer_t)
- domain_entry_file($1_mplayer_t,mplayer_exec_t)
+ application_domain($1_mplayer_t,mplayer_exec_t)
role $3 types $1_mplayer_t;
type $1_mplayer_home_t alias $1_mplayer_rw_t;
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
index 1aeb176..ebead61 100644
--- a/policy/modules/apps/mplayer.te
+++ b/policy/modules/apps/mplayer.te
@@ -1,5 +1,5 @@
-policy_module(mplayer,1.2.0)
+policy_module(mplayer,1.2.1)
########################################
#
@@ -20,10 +20,10 @@ files_config_file(mplayer_etc_t)
ifdef(`strict_policy',`
type mencoder_exec_t;
- corecmd_executable_file(mencoder_exec_t)
+ application_executable_file(mencoder_exec_t)
type mplayer_exec_t;
- corecmd_executable_file(mplayer_exec_t)
+ application_executable_file(mplayer_exec_t)
')
ifdef(`targeted_policy',`
diff --git a/policy/modules/apps/rssh.if b/policy/modules/apps/rssh.if
index 8ed37fb..32659b7 100644
--- a/policy/modules/apps/rssh.if
+++ b/policy/modules/apps/rssh.if
@@ -31,8 +31,7 @@ template(`rssh_per_role_template',`
#
type $1_rssh_t alias rssh_$1_t, rssh_domain_type;
- domain_type($1_rssh_t)
- domain_entry_file($1_rssh_t,rssh_exec_t)
+ application_domain($1_rssh_t,rssh_exec_t)
domain_user_exemption_target($1_t)
domain_interactive_fd($1_rssh_t)
role system_r types $1_rssh_t;
diff --git a/policy/modules/apps/rssh.te b/policy/modules/apps/rssh.te
index 8419801..8c03d96 100644
--- a/policy/modules/apps/rssh.te
+++ b/policy/modules/apps/rssh.te
@@ -1,5 +1,5 @@
-policy_module(rssh,1.0.0)
+policy_module(rssh,1.0.1)
########################################
#
@@ -10,4 +10,4 @@ attribute rssh_domain_type;
attribute rssh_ro_content_type;
type rssh_exec_t;
-corecmd_executable_file(rssh_exec_t)
+application_executable_file(rssh_exec_t)
diff --git a/policy/modules/apps/screen.if b/policy/modules/apps/screen.if
index 73b396c..0d05795 100644
--- a/policy/modules/apps/screen.if
+++ b/policy/modules/apps/screen.if
@@ -43,8 +43,7 @@ template(`screen_per_role_template',`
#
type $1_screen_t;
- domain_type($1_screen_t)
- domain_entry_file($1_screen_t,screen_exec_t)
+ application_domain($1_screen_t,screen_exec_t)
domain_interactive_fd($1_screen_t)
role $3 types $1_screen_t;
diff --git a/policy/modules/apps/screen.te b/policy/modules/apps/screen.te
index 59cab14..8009b82 100644
--- a/policy/modules/apps/screen.te
+++ b/policy/modules/apps/screen.te
@@ -1,5 +1,5 @@
-policy_module(screen,1.2.0)
+policy_module(screen,1.2.1)
########################################
#
@@ -10,4 +10,4 @@ type screen_dir_t;
files_pid_file(screen_dir_t)
type screen_exec_t;
-corecmd_executable_file(screen_exec_t)
+application_executable_file(screen_exec_t)
diff --git a/policy/modules/apps/thunderbird.if b/policy/modules/apps/thunderbird.if
index fb1ab3f..68a97e6 100644
--- a/policy/modules/apps/thunderbird.if
+++ b/policy/modules/apps/thunderbird.if
@@ -40,8 +40,7 @@ template(`thunderbird_per_role_template',`
#
type $1_thunderbird_t;
- domain_type($1_thunderbird_t)
- domain_entry_file($1_thunderbird_t,thunderbird_exec_t)
+ application_domain($1_thunderbird_t,thunderbird_exec_t)
role $3 types $1_thunderbird_t;
type $1_thunderbird_home_t alias $1_thunderbird_rw_t;
diff --git a/policy/modules/apps/thunderbird.te b/policy/modules/apps/thunderbird.te
index afff071..67cf527 100644
--- a/policy/modules/apps/thunderbird.te
+++ b/policy/modules/apps/thunderbird.te
@@ -1,5 +1,5 @@
-policy_module(thunderbird,1.3.0)
+policy_module(thunderbird,1.3.1)
########################################
#
@@ -7,4 +7,4 @@ policy_module(thunderbird,1.3.0)
#
type thunderbird_exec_t;
-corecmd_executable_file(thunderbird_exec_t)
+application_executable_file(thunderbird_exec_t)
diff --git a/policy/modules/apps/tvtime.if b/policy/modules/apps/tvtime.if
index ef67d5e..2c65aad 100644
--- a/policy/modules/apps/tvtime.if
+++ b/policy/modules/apps/tvtime.if
@@ -43,8 +43,7 @@ template(`tvtime_per_role_template',`
#
type $1_tvtime_t;
- domain_type($1_tvtime_t)
- domain_entry_file($1_tvtime_t,tvtime_exec_t)
+ application_domain($1_tvtime_t,tvtime_exec_t)
role $3 types $1_tvtime_t;
type $1_tvtime_home_t alias $1_tvtime_rw_t;
diff --git a/policy/modules/apps/tvtime.te b/policy/modules/apps/tvtime.te
index 4c211eb..82c7f87 100644
--- a/policy/modules/apps/tvtime.te
+++ b/policy/modules/apps/tvtime.te
@@ -1,5 +1,5 @@
-policy_module(tvtime,1.2.0)
+policy_module(tvtime,1.2.1)
########################################
#
@@ -7,7 +7,7 @@ policy_module(tvtime,1.2.0)
#
type tvtime_exec_t;
-corecmd_executable_file(tvtime_exec_t)
+application_executable_file(tvtime_exec_t)
type tvtime_dir_t;
files_pid_file(tvtime_dir_t)
diff --git a/policy/modules/apps/uml.if b/policy/modules/apps/uml.if
index ac9cae1..0336e7b 100644
--- a/policy/modules/apps/uml.if
+++ b/policy/modules/apps/uml.if
@@ -43,11 +43,9 @@ template(`uml_per_role_template',`
#
type $1_uml_t;
- domain_type($1_uml_t)
- role $3 types $1_uml_t;
-
type $1_uml_exec_t;
- domain_entry_file($1_uml_t,$1_uml_exec_t)
+ application_domain($1_uml_t,$1_uml_exec_t)
+ role $3 types $1_uml_t;
type $1_uml_ro_t;
files_type($1_uml_ro_t)
diff --git a/policy/modules/apps/uml.te b/policy/modules/apps/uml.te
index d47dd57..a0727ff 100644
--- a/policy/modules/apps/uml.te
+++ b/policy/modules/apps/uml.te
@@ -1,5 +1,5 @@
-policy_module(uml,1.3.0)
+policy_module(uml,1.3.1)
########################################
#
@@ -7,7 +7,7 @@ policy_module(uml,1.3.0)
#
type uml_exec_t;
-corecmd_executable_file(uml_exec_t)
+application_executable_file(uml_exec_t)
type uml_ro_t;
files_type(uml_ro_t)
diff --git a/policy/modules/apps/userhelper.if b/policy/modules/apps/userhelper.if
index dac7b45..8cfca3c 100644
--- a/policy/modules/apps/userhelper.if
+++ b/policy/modules/apps/userhelper.if
@@ -43,8 +43,7 @@ template(`userhelper_per_role_template',`
#
type $1_userhelper_t;
- domain_type($1_userhelper_t)
- domain_entry_file($1_userhelper_t,userhelper_exec_t)
+ application_domain($1_userhelper_t,userhelper_exec_t)
domain_role_change_exemption($1_userhelper_t)
domain_obj_id_change_exemption($1_userhelper_t)
domain_interactive_fd($1_userhelper_t)
diff --git a/policy/modules/apps/userhelper.te b/policy/modules/apps/userhelper.te
index bb0a268..d225542 100644
--- a/policy/modules/apps/userhelper.te
+++ b/policy/modules/apps/userhelper.te
@@ -1,5 +1,5 @@
-policy_module(userhelper,1.2.0)
+policy_module(userhelper,1.2.1)
########################################
#
@@ -10,4 +10,4 @@ type userhelper_conf_t;
files_type(userhelper_conf_t)
type userhelper_exec_t;
-corecmd_executable_file(userhelper_exec_t)
+application_executable_file(userhelper_exec_t)
diff --git a/policy/modules/apps/usernetctl.te b/policy/modules/apps/usernetctl.te
index 7830a06..72aa5af 100644
--- a/policy/modules/apps/usernetctl.te
+++ b/policy/modules/apps/usernetctl.te
@@ -1,5 +1,5 @@
-policy_module(usernetctl,1.1.0)
+policy_module(usernetctl,1.1.1)
########################################
#
@@ -18,8 +18,7 @@ gen_tunable(user_net_control,false)
type usernetctl_t;
type usernetctl_exec_t;
-domain_type(usernetctl_t)
-domain_entry_file(usernetctl_t,usernetctl_exec_t)
+application_domain(usernetctl_t,usernetctl_exec_t)
domain_interactive_fd(usernetctl_t)
########################################
diff --git a/policy/modules/apps/webalizer.te b/policy/modules/apps/webalizer.te
index cd5915e..c7254e1 100644
--- a/policy/modules/apps/webalizer.te
+++ b/policy/modules/apps/webalizer.te
@@ -1,5 +1,5 @@
-policy_module(webalizer,1.5.0)
+policy_module(webalizer,1.5.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(webalizer,1.5.0)
type webalizer_t;
type webalizer_exec_t;
-domain_type(webalizer_t)
-domain_entry_file(webalizer_t,webalizer_exec_t)
+application_domain(webalizer_t,webalizer_exec_t)
role system_r types webalizer_t;
type webalizer_etc_t;
diff --git a/policy/modules/apps/wine.te b/policy/modules/apps/wine.te
index 3bf101f..511f135 100644
--- a/policy/modules/apps/wine.te
+++ b/policy/modules/apps/wine.te
@@ -1,5 +1,5 @@
-policy_module(wine,1.3.0)
+policy_module(wine,1.3.1)
########################################
#
@@ -7,10 +7,8 @@ policy_module(wine,1.3.0)
#
type wine_t;
-domain_type(wine_t)
-
type wine_exec_t;
-domain_entry_file(wine_t,wine_exec_t)
+application_domain(wine_t,wine_exec_t)
########################################
#
diff --git a/policy/modules/apps/yam.te b/policy/modules/apps/yam.te
index 88d1582..5c1f510 100644
--- a/policy/modules/apps/yam.te
+++ b/policy/modules/apps/yam.te
@@ -1,5 +1,5 @@
-policy_module(yam,1.1.0)
+policy_module(yam,1.1.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(yam,1.1.0)
type yam_t alias yam_crond_t;
type yam_exec_t;
-domain_type(yam_t)
-domain_entry_file(yam_t,yam_exec_t)
+application_domain(yam_t,yam_exec_t)
type yam_content_t;
files_mountpoint(yam_content_t)
diff --git a/policy/modules/services/aide.te b/policy/modules/services/aide.te
index d93b300..b3e45f4 100644
--- a/policy/modules/services/aide.te
+++ b/policy/modules/services/aide.te
@@ -1,5 +1,5 @@
-policy_module(aide,1.1.0)
+policy_module(aide,1.1.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(aide,1.1.0)
type aide_t;
type aide_exec_t;
-domain_type(aide_t)
-domain_entry_file(aide_t,aide_exec_t)
+application_domain(aide_t,aide_exec_t)
# log files
type aide_log_t;
diff --git a/policy/modules/services/apm.te b/policy/modules/services/apm.te
index 42536ba..6516aef 100644
--- a/policy/modules/services/apm.te
+++ b/policy/modules/services/apm.te
@@ -1,5 +1,5 @@
-policy_module(apm,1.4.0)
+policy_module(apm,1.4.1)
########################################
#
@@ -10,11 +10,10 @@ type apmd_exec_t;
init_daemon_domain(apmd_t,apmd_exec_t)
type apm_t;
-domain_type(apm_t)
+type apm_exec_t;
+application_domain(apm_t,apm_exec_t)
role system_r types apm_t;
-type apm_exec_t;
-domain_entry_file(apm_t,apm_exec_t)
type apmd_log_t;
logging_log_file(apmd_log_t)
diff --git a/policy/modules/services/clockspeed.te b/policy/modules/services/clockspeed.te
index ceeaec9..8f3ba42 100644
--- a/policy/modules/services/clockspeed.te
+++ b/policy/modules/services/clockspeed.te
@@ -1,5 +1,5 @@
-policy_module(clockspeed,1.2.0)
+policy_module(clockspeed,1.2.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(clockspeed,1.2.0)
type clockspeed_cli_t;
type clockspeed_cli_exec_t;
-domain_type(clockspeed_cli_t)
-domain_entry_file(clockspeed_cli_t,clockspeed_cli_exec_t)
+application_domain(clockspeed_cli_t,clockspeed_cli_exec_t)
type clockspeed_srv_t;
type clockspeed_srv_exec_t;
diff --git a/policy/modules/services/cron.if b/policy/modules/services/cron.if
index 765ffe6..da245f0 100644
--- a/policy/modules/services/cron.if
+++ b/policy/modules/services/cron.if
@@ -50,8 +50,7 @@ template(`cron_per_role_template',`
role $3 types $1_crond_t;
type $1_crontab_t;
- domain_type($1_crontab_t)
- domain_entry_file($1_crontab_t,crontab_exec_t)
+ application_domain($1_crontab_t,crontab_exec_t)
role $3 types $1_crontab_t;
type $1_crontab_tmp_t;
diff --git a/policy/modules/services/cron.te b/policy/modules/services/cron.te
index 9164053..d5cc206 100644
--- a/policy/modules/services/cron.te
+++ b/policy/modules/services/cron.te
@@ -1,5 +1,5 @@
-policy_module(cron,1.7.0)
+policy_module(cron,1.7.1)
gen_require(`
class passwd rootok;
@@ -29,7 +29,7 @@ gen_tunable(fcron_crond,false)
attribute cron_spool_type;
type anacron_exec_t;
-corecmd_executable_file(anacron_exec_t)
+application_executable_file(anacron_exec_t)
type cron_spool_t;
files_type(cron_spool_t)
@@ -55,7 +55,7 @@ type crond_var_run_t;
files_pid_file(crond_var_run_t)
type crontab_exec_t;
-corecmd_executable_file(crontab_exec_t)
+application_executable_file(crontab_exec_t)
type system_cron_spool_t, cron_spool_type;
files_type(system_cron_spool_t)
diff --git a/policy/modules/services/dcc.te b/policy/modules/services/dcc.te
index 12ade93..3db0fad 100644
--- a/policy/modules/services/dcc.te
+++ b/policy/modules/services/dcc.te
@@ -1,5 +1,5 @@
-policy_module(dcc,1.3.0)
+policy_module(dcc,1.3.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(dcc,1.3.0)
type cdcc_t;
type cdcc_exec_t;
-domain_type(cdcc_t)
-domain_entry_file(cdcc_t,cdcc_exec_t)
+application_domain(cdcc_t,cdcc_exec_t)
role system_r types cdcc_t;
type cdcc_tmp_t;
@@ -17,8 +16,7 @@ files_tmp_file(cdcc_tmp_t)
type dcc_client_t;
type dcc_client_exec_t;
-domain_type(dcc_client_t)
-domain_entry_file(dcc_client_t,dcc_client_exec_t)
+application_domain(dcc_client_t,dcc_client_exec_t)
role system_r types dcc_client_t;
type dcc_client_map_t;
@@ -29,8 +27,7 @@ files_tmp_file(dcc_client_tmp_t)
type dcc_dbclean_t;
type dcc_dbclean_exec_t;
-domain_type(dcc_dbclean_t)
-domain_entry_file(dcc_dbclean_t,dcc_dbclean_exec_t)
+application_domain(dcc_dbclean_t,dcc_dbclean_exec_t)
role system_r types dcc_dbclean_t;
type dcc_dbclean_tmp_t;
diff --git a/policy/modules/services/lpd.if b/policy/modules/services/lpd.if
index 0214664..e48ba2a 100644
--- a/policy/modules/services/lpd.if
+++ b/policy/modules/services/lpd.if
@@ -43,8 +43,7 @@ template(`lpd_per_role_template',`
#
# Derived domain based on the calling user domain and the program
type $1_lpr_t;
- domain_type($1_lpr_t)
- domain_entry_file($1_lpr_t,lpr_exec_t)
+ application_domain($1_lpr_t,lpr_exec_t)
role $3 types $1_lpr_t;
type $1_lpr_tmp_t;
diff --git a/policy/modules/services/lpd.te b/policy/modules/services/lpd.te
index cdccfb2..4d94288 100644
--- a/policy/modules/services/lpd.te
+++ b/policy/modules/services/lpd.te
@@ -1,5 +1,5 @@
-policy_module(lpd,1.6.0)
+policy_module(lpd,1.6.1)
########################################
#
@@ -32,7 +32,7 @@ type lpd_var_run_t;
files_pid_file(lpd_var_run_t)
type lpr_exec_t;
-corecmd_executable_file(lpr_exec_t)
+application_executable_file(lpr_exec_t)
type print_spool_t;
files_tmp_file(print_spool_t)
diff --git a/policy/modules/services/mta.if b/policy/modules/services/mta.if
index dd5d77d..905dbbc 100644
--- a/policy/modules/services/mta.if
+++ b/policy/modules/services/mta.if
@@ -51,8 +51,7 @@ template(`mta_base_mail_template',`
#
type $1_mail_t, user_mail_domain;
- domain_type($1_mail_t)
- domain_entry_file($1_mail_t,sendmail_exec_t)
+ application_domain($1_mail_t,sendmail_exec_t)
type $1_mail_tmp_t;
files_tmp_file($1_mail_tmp_t)
diff --git a/policy/modules/services/mta.te b/policy/modules/services/mta.te
index 4c1560c..d0dbd59 100644
--- a/policy/modules/services/mta.te
+++ b/policy/modules/services/mta.te
@@ -1,5 +1,5 @@
-policy_module(mta,1.7.0)
+policy_module(mta,1.7.1)
########################################
#
@@ -26,7 +26,7 @@ type mail_spool_t;
files_type(mail_spool_t)
type sendmail_exec_t;
-files_type(sendmail_exec_t)
+application_executable_file(sendmail_exec_t)
mta_base_mail_template(system)
role system_r types system_mail_t;
diff --git a/policy/modules/services/ntop.te b/policy/modules/services/ntop.te
index a207198..b15991f 100644
--- a/policy/modules/services/ntop.te
+++ b/policy/modules/services/ntop.te
@@ -1,5 +1,5 @@
-policy_module(ntop,1.3.0)
+policy_module(ntop,1.3.1)
########################################
#
@@ -9,6 +9,7 @@ policy_module(ntop,1.3.0)
type ntop_t;
type ntop_exec_t;
init_daemon_domain(ntop_t,ntop_exec_t)
+application_domain(ntop_t,ntop_exec_t)
type ntop_etc_t;
files_config_file(ntop_etc_t)
diff --git a/policy/modules/services/oav.te b/policy/modules/services/oav.te
index 0a45cbd..fd9b207 100644
--- a/policy/modules/services/oav.te
+++ b/policy/modules/services/oav.te
@@ -1,5 +1,5 @@
-policy_module(oav,1.3.0)
+policy_module(oav,1.3.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(oav,1.3.0)
type oav_update_t;
type oav_update_exec_t;
-domain_type(oav_update_t)
-domain_entry_file(oav_update_t,oav_update_exec_t)
+application_domain(oav_update_t,oav_update_exec_t)
# cjp: may be collapsable to etc_t
type oav_update_etc_t;
diff --git a/policy/modules/services/postfix.te b/policy/modules/services/postfix.te
index 2d6b44d..bbd5002 100644
--- a/policy/modules/services/postfix.te
+++ b/policy/modules/services/postfix.te
@@ -1,5 +1,5 @@
-policy_module(postfix,1.6.0)
+policy_module(postfix,1.6.1)
########################################
#
@@ -22,7 +22,7 @@ type postfix_etc_t;
files_type(postfix_etc_t)
type postfix_exec_t;
-corecmd_executable_file(postfix_exec_t)
+application_executable_file(postfix_exec_t)
postfix_server_domain_template(local)
mta_mailserver_delivery(postfix_local_t)
@@ -33,8 +33,7 @@ files_tmp_file(postfix_local_tmp_t)
# Program for creating database files
type postfix_map_t;
type postfix_map_exec_t;
-domain_type(postfix_map_t)
-domain_entry_file(postfix_map_t,postfix_map_exec_t)
+application_domain(postfix_map_t,postfix_map_exec_t)
type postfix_map_tmp_t;
files_tmp_file(postfix_map_tmp_t)
diff --git a/policy/modules/services/procmail.te b/policy/modules/services/procmail.te
index a1968fe..490eed4 100644
--- a/policy/modules/services/procmail.te
+++ b/policy/modules/services/procmail.te
@@ -1,5 +1,5 @@
-policy_module(procmail,1.6.0)
+policy_module(procmail,1.6.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(procmail,1.6.0)
type procmail_t;
type procmail_exec_t;
-domain_type(procmail_t)
-domain_entry_file(procmail_t,procmail_exec_t)
+application_domain(procmail_t,procmail_exec_t)
role system_r types procmail_t;
type procmail_tmp_t;
diff --git a/policy/modules/services/publicfile.te b/policy/modules/services/publicfile.te
index 42a09bc..a3510ac 100644
--- a/policy/modules/services/publicfile.te
+++ b/policy/modules/services/publicfile.te
@@ -1,5 +1,5 @@
-policy_module(publicfile,1.0.0)
+policy_module(publicfile,1.0.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(publicfile,1.0.0)
type publicfile_t;
type publicfile_exec_t;
-init_system_domain(publicfile_t,publicfile_exec_t)
-role system_r types publicfile_t;
+init_daemon_domain(publicfile_t,publicfile_exec_t)
type publicfile_content_t;
files_type(publicfile_content_t)
diff --git a/policy/modules/services/pyzor.te b/policy/modules/services/pyzor.te
index 9dde1ce..6e9799d 100644
--- a/policy/modules/services/pyzor.te
+++ b/policy/modules/services/pyzor.te
@@ -1,5 +1,5 @@
-policy_module(pyzor,1.3.0)
+policy_module(pyzor,1.3.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(pyzor,1.3.0)
type pyzor_t;
type pyzor_exec_t;
-domain_type(pyzor_t)
-domain_entry_file(pyzor_t,pyzor_exec_t)
+application_domain(pyzor_t,pyzor_exec_t)
role system_r types pyzor_t;
type pyzord_t;
diff --git a/policy/modules/services/qmail.te b/policy/modules/services/qmail.te
index 9b59c6a..67af736 100644
--- a/policy/modules/services/qmail.te
+++ b/policy/modules/services/qmail.te
@@ -1,5 +1,5 @@
-policy_module(qmail,1.2.0)
+policy_module(qmail,1.2.1)
########################################
#
@@ -56,8 +56,7 @@ init_daemon_domain(qmail_start_t,qmail_start_exec_t)
type qmail_tcp_env_t;
type qmail_tcp_env_exec_t;
-domain_type(qmail_tcp_env_t)
-domain_entry_file(qmail_tcp_env_t,qmail_tcp_env_exec_t)
+application_domain(qmail_tcp_env_t,qmail_tcp_env_exec_t)
########################################
#
diff --git a/policy/modules/services/spamassassin.if b/policy/modules/services/spamassassin.if
index 7a374fd..c2802e1 100644
--- a/policy/modules/services/spamassassin.if
+++ b/policy/modules/services/spamassassin.if
@@ -46,16 +46,14 @@ template(`spamassassin_per_role_template',`
#
type $1_spamc_t;
- domain_type($1_spamc_t)
- domain_entry_file($1_spamc_t,spamc_exec_t)
+ application_domain($1_spamc_t,spamc_exec_t)
role $3 types $1_spamc_t;
type $1_spamc_tmp_t;
files_tmp_file($1_spamc_tmp_t)
type $1_spamassassin_t;
- domain_type($1_spamassassin_t)
- domain_entry_file($1_spamassassin_t,spamassassin_exec_t)
+ application_domain($1_spamassassin_t,spamassassin_exec_t)
role $3 types $1_spamassassin_t;
type $1_spamassassin_home_t alias $1_spamassassin_rw_t;
diff --git a/policy/modules/services/spamassassin.te b/policy/modules/services/spamassassin.te
index 7baf590..78e3b8e 100644
--- a/policy/modules/services/spamassassin.te
+++ b/policy/modules/services/spamassassin.te
@@ -1,5 +1,5 @@
-policy_module(spamassassin,1.7.0)
+policy_module(spamassassin,1.7.1)
########################################
#
@@ -26,7 +26,7 @@ gen_tunable(spamd_enable_home_dirs,true)
# spamassassin client executable
type spamc_exec_t;
-corecmd_executable_file(spamc_exec_t)
+application_executable_file(spamc_exec_t)
type spamd_t;
type spamd_exec_t;
@@ -46,7 +46,7 @@ type spamd_var_run_t;
files_pid_file(spamd_var_run_t)
type spamassassin_exec_t;
-corecmd_executable_file(spamassassin_exec_t)
+application_executable_file(spamassassin_exec_t)
########################################
#
diff --git a/policy/modules/services/ssh.if b/policy/modules/services/ssh.if
index 623cdd0..22fa094 100644
--- a/policy/modules/services/ssh.if
+++ b/policy/modules/services/ssh.if
@@ -44,8 +44,7 @@ template(`ssh_basic_client_template',`
#
type $1_ssh_t;
- domain_type($1_ssh_t)
- domain_entry_file($1_ssh_t,ssh_exec_t)
+ application_domain($1_ssh_t,ssh_exec_t)
role $3 types $1_ssh_t;
type $1_home_ssh_t;
@@ -216,8 +215,7 @@ template(`ssh_per_role_template',`
userdom_user_home_content($1,$1_home_ssh_t)
type $1_ssh_agent_t;
- domain_type($1_ssh_agent_t)
- domain_entry_file($1_ssh_agent_t,ssh_agent_exec_t)
+ application_domain($1_ssh_agent_t,ssh_agent_exec_t)
domain_interactive_fd($1_ssh_agent_t)
role $3 types $1_ssh_agent_t;
@@ -225,8 +223,7 @@ template(`ssh_per_role_template',`
files_tmp_file($1_ssh_agent_tmp_t)
type $1_ssh_keysign_t;
- domain_type($1_ssh_keysign_t)
- domain_entry_file($1_ssh_keysign_t,ssh_keysign_exec_t)
+ application_domain($1_ssh_keysign_t,ssh_keysign_exec_t)
role $3 types $1_ssh_keysign_t;
type $1_ssh_tmpfs_t;
diff --git a/policy/modules/services/ssh.te b/policy/modules/services/ssh.te
index dd89416..b8ca2f5 100644
--- a/policy/modules/services/ssh.te
+++ b/policy/modules/services/ssh.te
@@ -1,5 +1,5 @@
-policy_module(ssh,1.7.0)
+policy_module(ssh,1.7.1)
########################################
#
@@ -28,7 +28,7 @@ files_type(ssh_agent_exec_t)
# ssh client executable.
type ssh_exec_t;
-corecmd_executable_file(ssh_exec_t)
+application_executable_file(ssh_exec_t)
type ssh_keygen_t;
type ssh_keygen_exec_t;
@@ -36,7 +36,7 @@ init_system_domain(ssh_keygen_t,ssh_keygen_exec_t)
role system_r types ssh_keygen_t;
type ssh_keysign_exec_t;
-corecmd_executable_file(ssh_keysign_exec_t)
+application_executable_file(ssh_keysign_exec_t)
type sshd_exec_t;
corecmd_executable_file(sshd_exec_t)
diff --git a/policy/modules/services/timidity.te b/policy/modules/services/timidity.te
index 8215198..31ff5af 100644
--- a/policy/modules/services/timidity.te
+++ b/policy/modules/services/timidity.te
@@ -1,5 +1,5 @@
-policy_module(timidity,1.4.0)
+policy_module(timidity,1.4.1)
# Note: You only need this policy if you want to run timidity as a server
@@ -11,6 +11,7 @@ policy_module(timidity,1.4.0)
type timidity_t;
type timidity_exec_t;
init_daemon_domain(timidity_t,timidity_exec_t)
+application_domain(timidity_t,timidity_exec_t)
type timidity_tmpfs_t;
files_tmpfs_file(timidity_tmpfs_t)
diff --git a/policy/modules/services/uucp.te b/policy/modules/services/uucp.te
index 4cd9971..d89a801 100644
--- a/policy/modules/services/uucp.te
+++ b/policy/modules/services/uucp.te
@@ -1,5 +1,5 @@
-policy_module(uucp,1.4.0)
+policy_module(uucp,1.4.1)
########################################
#
@@ -30,8 +30,7 @@ logging_log_file(uucpd_log_t)
type uux_t;
type uux_exec_t;
-domain_type(uux_t)
-domain_entry_file(uux_t,uux_exec_t)
+application_domain(uux_t,uux_exec_t)
role system_r types uux_t;
########################################
diff --git a/policy/modules/services/xserver.te b/policy/modules/services/xserver.te
index e082648..27475d8 100644
--- a/policy/modules/services/xserver.te
+++ b/policy/modules/services/xserver.te
@@ -1,5 +1,5 @@
-policy_module(xserver,1.5.0)
+policy_module(xserver,1.5.1)
########################################
#
@@ -29,10 +29,10 @@ attribute fonts_config_type;
attribute xauth_home_type;
type iceauth_exec_t;
-corecmd_executable_file(iceauth_exec_t)
+application_executable_file(iceauth_exec_t)
type xauth_exec_t;
-corecmd_executable_file(xauth_exec_t)
+application_executable_file(xauth_exec_t)
# this is not actually a device, its a pipe
type xconsole_device_t;
diff --git a/policy/modules/system/application.fc b/policy/modules/system/application.fc
new file mode 100644
index 0000000..08133f3
--- /dev/null
+++ b/policy/modules/system/application.fc
@@ -0,0 +1 @@
+# No application file contexts.
diff --git a/policy/modules/system/application.if b/policy/modules/system/application.if
new file mode 100644
index 0000000..3816dac
--- /dev/null
+++ b/policy/modules/system/application.if
@@ -0,0 +1,83 @@
+## <summary>Policy for user executable applications.</summary>
+
+########################################
+## <summary>
+## Make the specified type usable as an application domain.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used as a domain type.
+## </summary>
+## </param>
+#
+interface(`application_type',`
+ gen_require(`
+ attribute application_domain_type;
+ ')
+
+ typeattribute $1 application_domain_type;
+
+ # start with basic domain
+ domain_type($1)
+')
+
+########################################
+## <summary>
+## Make the specified type usable for files
+## that are exectuables, such as binary programs.
+## This does not include shared libraries.
+## </summary>
+## <param name="type">
+## <summary>
+## Type to be used for files.
+## </summary>
+## </param>
+#
+interface(`application_executable_file',`
+ gen_require(`
+ attribute application_exec_type;
+ ')
+
+ typeattribute $1 application_exec_type;
+
+ corecmd_executable_file($1)
+')
+
+########################################
+## <summary>
+## Execute application executables in the caller domain.
+## </summary>
+## <param name="type">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`application_exec',`
+ gen_require(`
+ attribute application_exec_type;
+ ')
+
+ can_exec($1, application_exec_type)
+')
+
+########################################
+## <summary>
+## Create a domain which can be started by users
+## </summary>
+## <param name="domain">
+## <summary>
+## Type to be used as a domain.
+## </summary>
+## </param>
+## <param name="entry_point">
+## <summary>
+## Type of the program to be used as an entry point to this domain.
+## </summary>
+## </param>
+#
+interface(`application_domain',`
+ application_type($1)
+ application_executable_file($2)
+ domain_entry_file($1,$2)
+')
diff --git a/policy/modules/system/application.te b/policy/modules/system/application.te
new file mode 100644
index 0000000..94c7aac
--- /dev/null
+++ b/policy/modules/system/application.te
@@ -0,0 +1,14 @@
+
+policy_module(application,1.0.0)
+
+# Attribute of user applications
+attribute application_domain_type;
+
+# Executables to be run by user
+attribute application_exec_type;
+
+optional_policy(`
+ ssh_sigchld(application_domain_type)
+ ssh_rw_stream_sockets(application_domain_type)
+')
+
diff --git a/policy/modules/system/authlogin.if b/policy/modules/system/authlogin.if
index 892032f..753ffed 100644
--- a/policy/modules/system/authlogin.if
+++ b/policy/modules/system/authlogin.if
@@ -24,8 +24,7 @@ template(`authlogin_common_auth_domain_template',`
')
type $1_chkpwd_t, can_read_shadow_passwords;
- domain_type($1_chkpwd_t)
- domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
+ application_domain($1_chkpwd_t,chkpwd_exec_t)
allow $1_chkpwd_t self:capability { audit_control setuid };
allow $1_chkpwd_t self:process getattr;
diff --git a/policy/modules/system/authlogin.te b/policy/modules/system/authlogin.te
index 1507e20..3c6b300 100644
--- a/policy/modules/system/authlogin.te
+++ b/policy/modules/system/authlogin.te
@@ -1,5 +1,5 @@
-policy_module(authlogin,1.7.0)
+policy_module(authlogin,1.7.1)
########################################
#
@@ -11,7 +11,7 @@ attribute can_write_shadow_passwords;
attribute can_relabelto_shadow_passwords;
type chkpwd_exec_t;
-corecmd_executable_file(chkpwd_exec_t)
+application_executable_file(chkpwd_exec_t)
type faillog_t;
logging_log_file(faillog_t)
@@ -20,7 +20,7 @@ type lastlog_t;
logging_log_file(lastlog_t)
type login_exec_t;
-corecmd_executable_file(login_exec_t)
+application_executable_file(login_exec_t)
type pam_console_t;
type pam_console_exec_t;
@@ -50,10 +50,8 @@ neverallow ~can_write_shadow_passwords shadow_t:file { create write };
neverallow ~can_relabelto_shadow_passwords shadow_t:file relabelto;
type utempter_t;
-domain_type(utempter_t)
-
type utempter_exec_t;
-domain_entry_file(utempter_t,utempter_exec_t)
+application_domain(utempter_t,utempter_exec_t)
#
# var_auth_t is the type of /var/lib/auth, usually
diff --git a/policy/modules/system/daemontools.te b/policy/modules/system/daemontools.te
index 58a78de..3186528 100644
--- a/policy/modules/system/daemontools.te
+++ b/policy/modules/system/daemontools.te
@@ -1,5 +1,5 @@
-policy_module(daemontools,1.1.0)
+policy_module(daemontools,1.1.1)
########################################
#
@@ -14,14 +14,12 @@ files_type(svc_log_t)
type svc_multilog_t;
type svc_multilog_exec_t;
-domain_type(svc_multilog_t)
-domain_entry_file(svc_multilog_t,svc_multilog_exec_t)
+application_domain(svc_multilog_t,svc_multilog_exec_t)
role system_r types svc_multilog_t;
type svc_run_t;
type svc_run_exec_t;
-domain_type(svc_run_t)
-domain_entry_file(svc_run_t,svc_run_exec_t)
+application_domain(svc_run_t,svc_run_exec_t)
role system_r types svc_run_t;
type svc_start_t;
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 0e7ef25..ac536fc 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -196,8 +196,7 @@ interface(`init_system_domain',`
role system_r;
')
- domain_type($1)
- domain_entry_file($1,$2)
+ application_domain($1,$2)
role system_r types $1;
diff --git a/policy/modules/system/init.te b/policy/modules/system/init.te
index c9ddc2e..59926f8 100644
--- a/policy/modules/system/init.te
+++ b/policy/modules/system/init.te
@@ -1,5 +1,5 @@
-policy_module(init,1.7.0)
+policy_module(init,1.7.1)
gen_require(`
class passwd rootok;
@@ -643,6 +643,11 @@ optional_policy(`
')
optional_policy(`
+ # in emergency/recovery situations use sulogin
+ locallogin_domtrans_sulogin(initrc_t)
+')
+
+optional_policy(`
# This is needed to permit chown to read /var/spool/lpd/lp.
# This is opens up security more than necessary; this means that ANYTHING
# running in the initrc_t domain can read the printer spool directory.
diff --git a/policy/modules/system/locallogin.if b/policy/modules/system/locallogin.if
index db32b2e..447fe0b 100644
--- a/policy/modules/system/locallogin.if
+++ b/policy/modules/system/locallogin.if
@@ -111,3 +111,21 @@ interface(`locallogin_link_keys',`
allow $1 local_login_t:key link;
')
+
+########################################
+## <summary>
+## Execute local logins in the local login domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`locallogin_domtrans_sulogin',`
+ gen_require(`
+ type sulogin_exec_t, sulogin_t;
+ ')
+
+ domtrans_pattern($1,sulogin_exec_t,sulogin_t)
+')
diff --git a/policy/modules/system/locallogin.te b/policy/modules/system/locallogin.te
index e73a4c8..acfe74f 100644
--- a/policy/modules/system/locallogin.te
+++ b/policy/modules/system/locallogin.te
@@ -1,5 +1,5 @@
-policy_module(locallogin,1.4.0)
+policy_module(locallogin,1.4.1)
########################################
#
@@ -25,7 +25,6 @@ domain_subj_id_change_exemption(sulogin_t)
domain_role_change_exemption(sulogin_t)
domain_interactive_fd(sulogin_t)
init_domain(sulogin_t,sulogin_exec_t)
-init_system_domain(sulogin_t,sulogin_exec_t)
role system_r types sulogin_t;
########################################
diff --git a/policy/modules/system/modutils.te b/policy/modules/system/modutils.te
index 657475d..e12a155 100644
--- a/policy/modules/system/modutils.te
+++ b/policy/modules/system/modutils.te
@@ -1,5 +1,5 @@
-policy_module(modutils,1.4.0)
+policy_module(modutils,1.4.1)
gen_require(`
bool secure_mode_insmod;
@@ -20,8 +20,7 @@ files_type(modules_dep_t)
type insmod_t;
type insmod_exec_t;
-domain_type(insmod_t)
-domain_entry_file(insmod_t,insmod_exec_t)
+application_domain(insmod_t,insmod_exec_t)
mls_file_write_down(insmod_t)
role system_r types insmod_t;
diff --git a/policy/modules/system/mount.te b/policy/modules/system/mount.te
index 6950895..4cc9b97 100644
--- a/policy/modules/system/mount.te
+++ b/policy/modules/system/mount.te
@@ -1,5 +1,5 @@
-policy_module(mount,1.7.0)
+policy_module(mount,1.7.1)
########################################
#
@@ -28,8 +28,7 @@ files_tmp_file(mount_tmp_t)
ifdef(`targeted_policy',`
type unconfined_mount_t;
- domain_type(unconfined_mount_t)
- domain_entry_file(unconfined_mount_t,mount_exec_t)
+ application_domain(unconfined_mount_t,mount_exec_t)
')
########################################
diff --git a/policy/modules/system/netlabel.te b/policy/modules/system/netlabel.te
index 464fb5b..232d203 100644
--- a/policy/modules/system/netlabel.te
+++ b/policy/modules/system/netlabel.te
@@ -1,5 +1,5 @@
-policy_module(netlabel,1.0.0)
+policy_module(netlabel,1.0.1)
########################################
#
@@ -8,8 +8,7 @@ policy_module(netlabel,1.0.0)
type netlabel_mgmt_t;
type netlabel_mgmt_exec_t;
-domain_type(netlabel_mgmt_t)
-domain_entry_file(netlabel_mgmt_t,netlabel_mgmt_exec_t)
+application_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t)
########################################
#
diff --git a/policy/modules/system/pcmcia.te b/policy/modules/system/pcmcia.te
index 9550cbc..3ab7e34 100644
--- a/policy/modules/system/pcmcia.te
+++ b/policy/modules/system/pcmcia.te
@@ -1,5 +1,5 @@
-policy_module(pcmcia,1.2.0)
+policy_module(pcmcia,1.2.1)
########################################
#
@@ -22,7 +22,7 @@ type cardmgr_var_run_t;
files_pid_file(cardmgr_var_run_t)
type cardctl_exec_t;
-domain_entry_file(cardmgr_t,cardctl_exec_t)
+application_domain(cardmgr_t,cardctl_exec_t)
########################################
#
diff --git a/policy/modules/system/selinuxutil.te b/policy/modules/system/selinuxutil.te
index d7d6880..8a3cf88 100644
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@@ -1,5 +1,5 @@
-policy_module(selinuxutil,1.6.0)
+policy_module(selinuxutil,1.6.1)
ifdef(`strict_policy',`
gen_require(`
@@ -26,11 +26,9 @@ type selinux_config_t;
files_type(selinux_config_t)
type checkpolicy_t, can_write_binary_policy;
-domain_type(checkpolicy_t)
-role system_r types checkpolicy_t;
-
type checkpolicy_exec_t;
-domain_entry_file(checkpolicy_t,checkpolicy_exec_t)
+application_domain(checkpolicy_t, checkpolicy_exec_t)
+role system_r types checkpolicy_t;
#
# default_context_t is the type applied to
@@ -47,20 +45,17 @@ type file_context_t;
files_type(file_context_t)
type load_policy_t;
-domain_type(load_policy_t)
-role system_r types load_policy_t;
-
type load_policy_exec_t;
-domain_entry_file(load_policy_t,load_policy_exec_t)
+application_domain(load_policy_t,load_policy_exec_t)
+role system_r types load_policy_t;
type newrole_t;
+type newrole_exec_t;
+application_domain(newrole_t,newrole_exec_t)
domain_role_change_exemption(newrole_t)
domain_obj_id_change_exemption(newrole_t)
-domain_type(newrole_t)
domain_interactive_fd(newrole_t)
-type newrole_exec_t;
-domain_entry_file(newrole_t,newrole_exec_t)
#
# policy_config_t is the type of /etc/security/selinux/*
@@ -90,16 +85,15 @@ files_pid_file(restorecond_var_run_t)
type run_init_t;
type run_init_exec_t;
-domain_type(run_init_t)
-domain_entry_file(run_init_t,run_init_exec_t)
+application_domain(run_init_t,run_init_exec_t)
domain_system_change_exemption(run_init_t)
+role system_r types run_init_t;
type semanage_t;
-domain_type(semanage_t)
domain_interactive_fd(semanage_t)
type semanage_exec_t;
-domain_entry_file(semanage_t, semanage_exec_t)
+application_domain(semanage_t,semanage_exec_t)
role system_r types semanage_t;
type semanage_store_t;
diff --git a/policy/modules/system/xen.te b/policy/modules/system/xen.te
index 5b7ffde..7c0e8b6 100644
--- a/policy/modules/system/xen.te
+++ b/policy/modules/system/xen.te
@@ -1,5 +1,5 @@
-policy_module(xen,1.4.0)
+policy_module(xen,1.4.1)
########################################
#
@@ -70,7 +70,7 @@ files_pid_file(xenconsoled_var_run_t)
type xm_t;
type xm_exec_t;
domain_type(xm_t)
-init_daemon_domain(xm_t, xm_exec_t)
+init_system_domain(xm_t, xm_exec_t)
########################################
#
More information about the scm-commits
mailing list