From 68bbbbdec60d5e3470b99d1aad48f483da96ca2c Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 25 Aug 2011 07:34:08 -0400
Subject: [PATCH] Change pppd_can_insmod to a Boolean so tunables and Booleans
 are not mixed.

---
 policy/modules/services/ppp.te | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/policy/modules/services/ppp.te b/policy/modules/services/ppp.te
index 2af42e7c3..a2d43a9fb 100644
--- a/policy/modules/services/ppp.te
+++ b/policy/modules/services/ppp.te
@@ -1,4 +1,4 @@
-policy_module(ppp, 1.12.0)
+policy_module(ppp, 1.12.1)
 
 ########################################
 #
@@ -10,7 +10,7 @@ policy_module(ppp, 1.12.0)
 ## Allow pppd to load kernel modules for certain modems
 ## </p>
 ## </desc>
-gen_tunable(pppd_can_insmod, false)
+gen_bool(pppd_can_insmod, false)
 
 ## <desc>
 ## <p>
@@ -187,9 +187,14 @@ optional_policy(`
 ')
 
 optional_policy(`
-	tunable_policy(`pppd_can_insmod && ! secure_mode_insmod',`
-		modutils_domtrans_insmod_uncond(pppd_t)
+	# The toolchain does not support nested conditionals
+	gen_require(`
+		bool secure_mode_insmod;
 	')
+
+	if (pppd_can_insmod && ! secure_mode_insmod) {
+		modutils_domtrans_insmod_uncond(pppd_t)
+	}
 ')
 
 optional_policy(`