[08/19] sepolicy: We should be creating _exec interfaces when we create the domtrans interface

Commit Message

Petr Lautrbach May 3, 2017, 10:30 a.m. UTC

From: Dan Walsh <dwalsh@redhat.com>

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
---
 python/sepolicy/sepolicy/templates/executable.py | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

Patch

diff --git a/python/sepolicy/sepolicy/templates/executable.py b/python/sepolicy/sepolicy/templates/executable.py
index 4cc5bfa4..456a7ca8 100644
--- a/python/sepolicy/sepolicy/templates/executable.py
+++ b/python/sepolicy/sepolicy/templates/executable.py
@@ -220,7 +220,7 @@  if_program_rules="""
 
 ########################################
 ## <summary>
-##	Execute TEMPLATE in the TEMPLATETYPE domin.
+##	Execute TEMPLATETYPE_exec_t in the TEMPLATETYPE domin.
 ## </summary>
 ## <param name=\"domain\">
 ## <summary>
@@ -236,6 +236,25 @@  interface(`TEMPLATETYPE_domtrans',`
 	corecmd_search_bin($1)
 	domtrans_pattern($1, TEMPLATETYPE_exec_t, TEMPLATETYPE_t)
 ')
+
+######################################
+## <summary>
+##	Execute TEMPLATETYPE in the caller domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`TEMPLATETYPE_exec',`
+	gen_require(`
+		type TEMPLATETYPE_exec_t;
+	')
+
+	corecmd_search_bin($1)
+	can_exec($1, TEMPLATETYPE_exec_t)
+')
 """
 
 if_user_program_rules="""