From 64daa85393e97875ad924a72df38f92ecb600666 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 15 Jan 2009 15:07:37 +0000
Subject: [PATCH] trunk: add sysadm_entry_spec_domtrans_to() interface from
 clip.

---
 policy/modules/roles/sysadm.if | 35 ++++++++++++++++++++++++++++++++++
 policy/modules/roles/sysadm.te |  2 +-
 2 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/policy/modules/roles/sysadm.if b/policy/modules/roles/sysadm.if
index 42be030fa..ff9243078 100644
--- a/policy/modules/roles/sysadm.if
+++ b/policy/modules/roles/sysadm.if
@@ -114,6 +114,41 @@ interface(`sysadm_entry_spec_domtrans',`
 	allow sysadm_t $1:process sigchld;
 ')
 
+########################################
+## <summary>
+##	Allow sysadm to execute all entrypoint files in
+##	a specified domain.  This is an explicit transition,
+##	requiring the caller to use setexeccon().
+## </summary>
+## <desc>
+##	<p>
+##	Allow sysadm to execute all entrypoint files in
+##	a specified domain.  This is an explicit transition,
+##	requiring the caller to use setexeccon().
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`sysadm_entry_spec_domtrans_to',`
+	gen_require(`
+		type sysadm_t;
+	')
+
+	domain_entry_file_spec_domtrans(sysadm_t, $1)
+	allow $1 sysadm_t:fd use;
+	allow $1 sysadm_t:fifo_file rw_file_perms;
+	allow $1 sysadm_t:process sigchld;
+')
+
 ########################################
 ## <summary>
 ##	Allow sysadm to execute a generic bin program in
diff --git a/policy/modules/roles/sysadm.te b/policy/modules/roles/sysadm.te
index e69ab7c4d..b17984d9e 100644
--- a/policy/modules/roles/sysadm.te
+++ b/policy/modules/roles/sysadm.te
@@ -1,5 +1,5 @@
 
-policy_module(sysadm, 2.0.0)
+policy_module(sysadm, 2.0.1)
 
 ########################################
 #