Since the introduction of the portage_fetch_t domain, access to the
domain was governed through the portage_domtrans and portage_run
interfaces. To support calling portage only (but no fetch domain) or
vice versa, the interfaces need to be split up.
In this patch, we introduce the interfaces portage_domtrans_fetch and
portage_run_fetch which will be used later in the domains that need to
call portage/layman/emerge-webrsync/...
Signed-off-by: Sven Vermeulen <[email protected]>
---
portage.if | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 50 insertions(+), 0 deletions(-)
diff --git a/portage.if b/portage.if
index 9f7d652..ea892d1 100644
--- a/portage.if
+++ b/portage.if
@@ -213,6 +213,56 @@ interface(`portage_compile_domain',`
########################################
## <summary>
+## Execute tree management functions (fetching, layman, ...)
+## in the portage_fetch_t domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`portage_domtrans_fetch',`
+ gen_require(`
+ type portage_fetch_t, portage_fetch_exec_t;
+ ')
+
+ files_search_usr($1)
+ corecmd_search_bin($1)
+
+ domtrans_pattern($1, portage_fetch_exec_t, portage_fetch_t)
+')
+
+########################################
+## <summary>
+## Execute tree management functions (fetching, layman, ...)
+## in the portage_fetch_t domain, and allow the specified role
+## the portage_fetch_t domain.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed to transition.
+## </summary>
+## </param>
+## <param name="role">
+## <summary>
+## The role to allow the portage domain.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`portage_run_fetch',`
+ gen_require(`
+ type portage_fetch_t;
+ ')
+
+ portage_domtrans_fetch($1)
+ role $2 types portage_fetch_t;
+')
+
+
+########################################
+## <summary>
## Execute gcc-config in the gcc_config domain.
## </summary>
## <param name="domain">
--
1.7.3.4
On 09/09/11 15:27, Sven Vermeulen wrote:
> Since the introduction of the portage_fetch_t domain, access to the
> domain was governed through the portage_domtrans and portage_run
> interfaces. To support calling portage only (but no fetch domain) or
> vice versa, the interfaces need to be split up.
>
> In this patch, we introduce the interfaces portage_domtrans_fetch and
> portage_run_fetch which will be used later in the domains that need to
> call portage/layman/emerge-webrsync/...
This doesn't remove the portage fetch transition in portage_domtrans(), nor does it update any callers that actually need the fetch transition.
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> portage.if | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
> 1 files changed, 50 insertions(+), 0 deletions(-)
>
> diff --git a/portage.if b/portage.if
> index 9f7d652..ea892d1 100644
> --- a/portage.if
> +++ b/portage.if
> @@ -213,6 +213,56 @@ interface(`portage_compile_domain',`
>
> ########################################
> ## <summary>
> +## Execute tree management functions (fetching, layman, ...)
> +## in the portage_fetch_t domain.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +## </param>
> +#
> +interface(`portage_domtrans_fetch',`
> + gen_require(`
> + type portage_fetch_t, portage_fetch_exec_t;
> + ')
> +
> + files_search_usr($1)
> + corecmd_search_bin($1)
> +
> + domtrans_pattern($1, portage_fetch_exec_t, portage_fetch_t)
> +')
> +
> +########################################
> +## <summary>
> +## Execute tree management functions (fetching, layman, ...)
> +## in the portage_fetch_t domain, and allow the specified role
> +## the portage_fetch_t domain.
> +## </summary>
> +## <param name="domain">
> +## <summary>
> +## Domain allowed to transition.
> +## </summary>
> +## </param>
> +## <param name="role">
> +## <summary>
> +## The role to allow the portage domain.
> +## </summary>
> +## </param>
> +## <rolecap/>
> +#
> +interface(`portage_run_fetch',`
> + gen_require(`
> + type portage_fetch_t;
> + ')
> +
> + portage_domtrans_fetch($1)
> + role $2 types portage_fetch_t;
> +')
> +
> +
> +########################################
> +## <summary>
> ## Execute gcc-config in the gcc_config domain.
> ## </summary>
> ## <param name="domain">
--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com