From: pebenito@ieee.org (Chris PeBenito)
Date: Thu, 22 Dec 2016 16:13:46 -0500
Subject: [refpolicy] [PATCH] wm: properly set domain entrypoint in
 wm_application_domain()
In-Reply-To: <1482439678.20547.1.camel@trentalancia.net>
References: <1482439678.20547.1.camel@trentalancia.net>
Message-ID: <2f0f640f-4912-c569-ef3d-34c6caa05a9e@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 12/22/16 15:47, Guido Trentalancia via refpolicy wrote:
> The newly introduced wm_application_domain() interface can under
> certain circumstances lack a domain entrypoint permission.
>
> This patch updates the wm module so that when the wm has to launch
> an application that uses wm_application_domain(), it can find
> the entrypoint to the application's domain.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/wm.if |    4 +---
>  1 file changed, 1 insertion(+), 3 deletions(-)
>
> --- a/policy/modules/contrib/wm.if	2016-12-17 17:29:33.856307127 +0100
> +++ b/policy/modules/contrib/wm.if	2016-12-22 21:41:33.432961506 +0100
> @@ -216,8 +216,6 @@ interface(`wm_application_domain',`
>  		attribute wm_domain;
>  	')
>
> -	application_type($1)
> -	ubac_constrained($1)
> -	application_executable_file($2)
> +	userdom_user_application_domain($1, $2)
>  	domtrans_pattern(wm_domain, $2, $1)
>  ')

Merged.

-- 
Chris PeBenito