Convert selinuxutil over to role attributes for semanage.

2011-08-01 09:02:21 -04:00 · 2011-08-01 09:02:21 -04:00 · e3a043d18d
commit e3a043d18d
parent 2dd113f11c
2 changed files with 8 additions and 7 deletions
--- a/policy/modules/system/selinuxutil.if
+++ b/policy/modules/system/selinuxutil.if
@ -1027,13 +1027,11 @@ interface(`seutil_domtrans_semanage',`
 #
 interface(`seutil_run_semanage',`
 	gen_require(`
-		type semanage_t;
+		attribute_role semanage_roles;
 	')

 	seutil_domtrans_semanage($1)
-	seutil_run_setfiles(semanage_t, $2)
-	seutil_run_loadpolicy(semanage_t, $2)
-	role $2 types semanage_t;
+	roleattribute $2 semanage_roles;
 ')

 ########################################
--- a/policy/modules/system/selinuxutil.te
+++ b/policy/modules/system/selinuxutil.te
@ -12,6 +12,9 @@ gen_require(`
 attribute can_write_binary_policy;
 attribute can_relabelto_binary_policy;

+attribute_role semanage_roles;
+roleattribute system_r semanage_roles;
+
 #
 # selinux_config_t is the type applied to
 # /etc/selinux/config
@ -89,7 +92,7 @@ type semanage_t;
 type semanage_exec_t;
 application_domain(semanage_t, semanage_exec_t)
 domain_interactive_fd(semanage_t)
-role system_r types semanage_t;
+role semanage_roles types semanage_t;

 type semanage_store_t;
 files_type(semanage_store_t)
@ -481,8 +484,8 @@ miscfiles_read_localization(semanage_t)
 seutil_libselinux_linked(semanage_t)
 seutil_manage_file_contexts(semanage_t)
 seutil_manage_config(semanage_t)
-seutil_domtrans_setfiles(semanage_t)
-seutil_domtrans_loadpolicy(semanage_t)
+seutil_run_setfiles(semanage_t, semanage_roles)
+seutil_run_loadpolicy(semanage_t, semanage_roles)
 seutil_manage_bin_policy(semanage_t)
 seutil_use_newrole_fds(semanage_t)
 seutil_manage_module_store(semanage_t)