Add role attributes in iptables.

2011-08-12 08:10:59 -04:00 · 2011-08-12 08:10:59 -04:00 · a858f08e5b
parent e3a043d18d
commit a858f08e5b
2 changed files with 8 additions and 11 deletions
--- a/policy/modules/system/iptables.if
+++ b/policy/modules/system/iptables.if
@ -42,17 +42,11 @@ interface(`iptables_domtrans',`
 #
 interface(`iptables_run',`
 	gen_require(`
-		type iptables_t;
+		attribute_role iptables_roles;
 	')

 	iptables_domtrans($1)
-	role $2 types iptables_t;
-
-	sysnet_run_ifconfig(iptables_t, $2)
-
-	optional_policy(`
-		modutils_run_insmod(iptables_t, $2)
-	')
+	roleattribute $2 iptables_roles;
 ')

 ########################################
--- a/policy/modules/system/iptables.te
+++ b/policy/modules/system/iptables.te
@ -5,10 +5,13 @@ policy_module(iptables, 1.12.1)
 # Declarations
 #

+attribute_role iptables_roles;
+roleattribute system_r iptables_roles;
+
 type iptables_t;
 type iptables_exec_t;
 init_system_domain(iptables_t, iptables_exec_t)
-role system_r types iptables_t;
+role iptables_roles types iptables_t;

 type iptables_initrc_exec_t;
 init_script_file(iptables_initrc_exec_t)
@ -87,7 +90,7 @@ logging_send_syslog_msg(iptables_t)

 miscfiles_read_localization(iptables_t)

-sysnet_domtrans_ifconfig(iptables_t)
+sysnet_run_ifconfig(iptables_t, iptables_roles)
 sysnet_dns_name_resolve(iptables_t)

 userdom_use_user_terminals(iptables_t)
@ -107,7 +110,7 @@ optional_policy(`
 ')

 optional_policy(`
-	modutils_domtrans_insmod(iptables_t)
+	modutils_run_insmod(iptables_t, iptables_roles)
 ')

 optional_policy(`