From 5a7837efd9c042c6763b9f803773c0593027731e Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <me@concord.sh>
Date: Wed, 13 Oct 2021 18:46:07 -0400
Subject: [PATCH] mono: use user exec domain attribute

Signed-off-by: Kenton Groombridge <me@concord.sh>
---
 policy/modules/apps/mono.if | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

diff --git a/policy/modules/apps/mono.if b/policy/modules/apps/mono.if
index f37db3e8c..ef116c391 100644
--- a/policy/modules/apps/mono.if
+++ b/policy/modules/apps/mono.if
@@ -12,18 +12,23 @@
 ## </desc>
 ## <param name="role_prefix">
 ##	<summary>
-##	The prefix of the user domain (e.g., user
-##	is the prefix for user_t).
-##	</summary>
-## </param>
-## <param name="user_role">
-##	<summary>
-##	The role associated with the user domain.
+##	The prefix of the user role (e.g., user
+##	is the prefix for user_r).
 ##	</summary>
 ## </param>
 ## <param name="user_domain">
 ##	<summary>
-##	The type of the user domain.
+##	User domain for the role.
+##	</summary>
+## </param>
+## <param name="user_exec_domain">
+##	<summary>
+##	User exec domain for execute and transition access.
+##	</summary>
+## </param>
+## <param name="role">
+##	<summary>
+##	Role allowed access
 ##	</summary>
 ## </param>
 #
@@ -54,16 +59,16 @@ template(`mono_role_template',`
 	domtrans_pattern($3, mono_exec_t, $1_mono_t)
 
 	allow $3 $1_mono_t:process { ptrace noatsecure signal_perms };
-	ps_process_pattern($2, $1_mono_t)
+	ps_process_pattern($3, $1_mono_t)
 
-	corecmd_bin_domtrans($1_mono_t, $3)
+	corecmd_bin_domtrans($1_mono_t, $2)
 
 	userdom_manage_user_tmpfs_files($1_mono_t)
 
 	optional_policy(`
 		fs_dontaudit_rw_tmpfs_files($1_mono_t)
 
-		xserver_role($1, $1_mono_t, $1_application_exec_domain, $1_r)
+		xserver_role($1, $1_mono_t, $3, $4)
 	')
 ')