From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 20 Jan 2017 02:06:09 +0100
Subject: [refpolicy] [PATCH 2/2] cups: new interface to execute HPLIP
 applications in their own domain
In-Reply-To: <1484874330.6635.3.camel@trentalancia.net>
References: <1484874330.6635.3.camel@trentalancia.net>
Message-ID: <1484874369.6635.5.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Add a new interface to the cups module to execute HP Linux Imaging
and Printing (HPLIP) applications in their own domain.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/contrib/cups.if |   21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
--- a/policy/modules/contrib/cups.if	2016-12-07 13:39:49.921909683 +0100
+++ b/policy/modules/contrib/cups.if	2017-01-20 01:57:19.639254042 +0100
@@ -375,3 +375,24 @@ interface(`cups_admin',`
 	admin_pattern($1, { cupsd_config_var_run_t cupsd_var_run_t hplip_var_run_t })
 	admin_pattern($1, { ptal_var_run_t cupsd_lpd_var_run_t })
 ')
+
+########################################
+## <summary>
+##	Execute HP Linux Imaging and
+##	Printing applications in their
+##	own domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed to transition.
+##	</summary>
+## </param>
+#
+interface(`cups_domtrans_hplip',`
+	gen_require(`
+		type hplip_t, hplip_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	domtrans_pattern($1, hplip_exec_t, hplip_t)
+')