From: domg472@gmail.com (Dominick Grift)
Date: Fri, 3 Sep 2010 16:24:21 +0200
Subject: [refpolicy] [Various 4/5] Implement seutil_domtrans_setsebool and
 add a call to this interface for the following domains: rpm_script_t,
 setroubelshoot_fixit_t, anaconda_t.
Message-ID: <20100903142417.GA26367@localhost.localdomain>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Signed-off-by: Dominick Grift <domg472@gmail.com>
---
:100644 100644 96f68e9... d1ebb91... M	policy/modules/admin/anaconda.te
:100644 100644 1a08320... e7312eb... M	policy/modules/admin/rpm.te
:100644 100644 3d17148... 3a2351b... M	policy/modules/services/setroubleshoot.te
:100644 100644 170e2c7... cecca76... M	policy/modules/system/selinuxutil.if
 policy/modules/admin/anaconda.te          |    1 +
 policy/modules/admin/rpm.te               |    1 +
 policy/modules/services/setroubleshoot.te |    1 +
 policy/modules/system/selinuxutil.if      |   20 ++++++++++++++++++++
 4 files changed, 23 insertions(+), 0 deletions(-)

diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
index 96f68e9..d1ebb91 100644
--- a/policy/modules/admin/anaconda.te
+++ b/policy/modules/admin/anaconda.te
@@ -31,6 +31,7 @@ modutils_domtrans_insmod(anaconda_t)
 modutils_domtrans_depmod(anaconda_t)
 
 seutil_domtrans_semanage(anaconda_t)
+seutil_domtrans_setsebool(anaconda_t)
 
 userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file fifo_file sock_file })
 
diff --git a/policy/modules/admin/rpm.te b/policy/modules/admin/rpm.te
index 1a08320..e7312eb 100644
--- a/policy/modules/admin/rpm.te
+++ b/policy/modules/admin/rpm.te
@@ -334,6 +334,7 @@ modutils_domtrans_insmod(rpm_script_t)
 seutil_domtrans_loadpolicy(rpm_script_t)
 seutil_domtrans_setfiles(rpm_script_t)
 seutil_domtrans_semanage(rpm_script_t)
+seutil_domtrans_setsebool(rpm_script_t)
 
 userdom_use_all_users_fds(rpm_script_t)
 
diff --git a/policy/modules/services/setroubleshoot.te b/policy/modules/services/setroubleshoot.te
index 3d17148..3a2351b 100644
--- a/policy/modules/services/setroubleshoot.te
+++ b/policy/modules/services/setroubleshoot.te
@@ -150,6 +150,7 @@ corecmd_exec_bin(setroubleshoot_fixit_t)
 corecmd_exec_shell(setroubleshoot_fixit_t)
 
 seutil_domtrans_setfiles(setroubleshoot_fixit_t)
+seutil_domtrans_setsebool(setroubleshoot_fixit_t)
 
 files_read_usr_files(setroubleshoot_fixit_t)
 files_read_etc_files(setroubleshoot_fixit_t)
diff --git a/policy/modules/system/selinuxutil.if b/policy/modules/system/selinuxutil.if
index 170e2c7..cecca76 100644
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@@ -1038,6 +1038,26 @@ interface(`seutil_run_semanage',`
 
 ########################################
 ## <summary>
+##	Execute a domain transition to run setsebool.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`seutil_domtrans_setsebool',`
+	gen_require(`
+		type setsebool_t, setsebool_exec_t;
+	')
+
+	files_search_usr($1)
+	corecmd_search_bin($1)
+	domtrans_pattern($1, setsebool_exec_t, setsebool_t)
+')
+
+########################################
+## <summary>
 ##	Full management of the semanage
 ##	module store.
 ## </summary>
-- 
1.7.2.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100903/89df66ad/attachment.bin