From: sven.vermeulen@siphos.be (Sven Vermeulen)
Date: Tue, 1 May 2012 10:33:19 +0200
Subject: [refpolicy] [PATCH 2/2] Support mozilla_roles
Message-ID: <20120501083319.GK32060@siphos.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

The mozilla definition already includes the mozilla_roles role attribute, but missed including the mozilla_plugin in it.
Also, the mozilla_role() interface should add the mozilla_roles attribute to the calling role, not just the mozilla_t type.

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 mozilla.if |    3 ++-
 mozilla.te |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mozilla.if b/mozilla.if
index af2ba47..b397fde 100644
--- a/mozilla.if
+++ b/mozilla.if
@@ -18,9 +18,10 @@
 interface(`mozilla_role',`
 	gen_require(`
 		type mozilla_t, mozilla_exec_t, mozilla_home_t;
+		attribute_role mozilla_roles;
 	')
 
-	role $1 types mozilla_t;
+	roleattribute $1 mozilla_roles;
 
 	domain_auto_trans($2, mozilla_exec_t, mozilla_t)
 	# Unrestricted inheritance from the caller.
diff --git a/mozilla.te b/mozilla.te
index c4f425d..d3fad85 100644
--- a/mozilla.te
+++ b/mozilla.te
@@ -32,7 +32,7 @@ userdom_user_home_content(mozilla_home_t)
 type mozilla_plugin_t;
 type mozilla_plugin_exec_t;
 application_domain(mozilla_plugin_t, mozilla_plugin_exec_t)
-role system_r types mozilla_plugin_t;
+role mozilla_roles types mozilla_plugin_t;
 
 type mozilla_plugin_tmp_t;
 userdom_user_tmp_file(mozilla_plugin_tmp_t)
-- 
1.7.3.4