From: pebenito@ieee.org (Chris PeBenito)
Date: Mon, 23 Jan 2017 18:51:21 -0500
Subject: [refpolicy] [PATCH 2/2] cups: new interface to execute HPLIP
 applications in their own domain
In-Reply-To: <1484874369.6635.5.camel@trentalancia.net>
References: <1484874330.6635.3.camel@trentalancia.net>
	<1484874369.6635.5.camel@trentalancia.net>
Message-ID: <98169f84-e68e-680f-b7eb-60db2b00c75c@ieee.org>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 01/19/17 20:06, Guido Trentalancia via refpolicy wrote:
> Add a new interface to the cups module to execute HP Linux Imaging
> and Printing (HPLIP) applications in their own domain.
>
> Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
> ---
>  policy/modules/contrib/cups.if |   21 +++++++++++++++++++++
>  1 file changed, 21 insertions(+)
>
> diff -pru a/policy/modules/contrib/cups.if b/policy/modules/contrib/cups.if
> --- a/policy/modules/contrib/cups.if	2016-12-07 13:39:49.921909683 +0100
> +++ b/policy/modules/contrib/cups.if	2017-01-20 01:57:19.639254042 +0100
> @@ -375,3 +375,24 @@ interface(`cups_admin',`
>  	admin_pattern($1, { cupsd_config_var_run_t cupsd_var_run_t hplip_var_run_t })
>  	admin_pattern($1, { ptal_var_run_t cupsd_lpd_var_run_t })
>  ')
> +
> +########################################
> +## <summary>
> +##	Execute HP Linux Imaging and
> +##	Printing applications in their
> +##	own domain.
> +## </summary>
> +## <param name="domain">
> +##	<summary>
> +##	Domain allowed to transition.
> +##	</summary>
> +## </param>
> +#
> +interface(`cups_domtrans_hplip',`
> +	gen_require(`
> +		type hplip_t, hplip_exec_t;
> +	')
> +
> +	corecmd_search_bin($1)
> +	domtrans_pattern($1, hplip_exec_t, hplip_t)
> +')

Merged.

-- 
Chris PeBenito