The newly introduced wm_application_domain() interface can under
certain circumstances lack a domain entrypoint permission.
This patch updates the wm module so that when the wm has to launch
an application that uses wm_application_domain(), it can find
the entrypoint to the application's domain.
Signed-off-by: Guido Trentalancia <[email protected]>
---
policy/modules/contrib/wm.if | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
--- a/policy/modules/contrib/wm.if 2016-12-17 17:29:33.856307127 +0100
+++ b/policy/modules/contrib/wm.if 2016-12-22 21:41:33.432961506 +0100
@@ -216,8 +216,6 @@ interface(`wm_application_domain',`
attribute wm_domain;
')
- application_type($1)
- ubac_constrained($1)
- application_executable_file($2)
+ userdom_user_application_domain($1, $2)
domtrans_pattern(wm_domain, $2, $1)
')
On 12/22/16 15:47, Guido Trentalancia via refpolicy wrote:
> The newly introduced wm_application_domain() interface can under
> certain circumstances lack a domain entrypoint permission.
>
> This patch updates the wm module so that when the wm has to launch
> an application that uses wm_application_domain(), it can find
> the entrypoint to the application's domain.
>
> Signed-off-by: Guido Trentalancia <[email protected]>
> ---
> policy/modules/contrib/wm.if | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> --- a/policy/modules/contrib/wm.if 2016-12-17 17:29:33.856307127 +0100
> +++ b/policy/modules/contrib/wm.if 2016-12-22 21:41:33.432961506 +0100
> @@ -216,8 +216,6 @@ interface(`wm_application_domain',`
> attribute wm_domain;
> ')
>
> - application_type($1)
> - ubac_constrained($1)
> - application_executable_file($2)
> + userdom_user_application_domain($1, $2)
> domtrans_pattern(wm_domain, $2, $1)
> ')
Merged.
--
Chris PeBenito