From a1d2e8ab294271134488832d0f1625625aa9eb11 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 7 Jun 2005 14:43:14 +0000
Subject: [PATCH] add domain(_auto)_trans

---
 refpolicy/policy/modules/system/domain.if | 31 +++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/refpolicy/policy/modules/system/domain.if b/refpolicy/policy/modules/system/domain.if
index a0368c92..f9e1cf4f 100644
--- a/refpolicy/policy/modules/system/domain.if
+++ b/refpolicy/policy/modules/system/domain.if
@@ -464,3 +464,34 @@ define(`domain_read_all_entrypoint_programs_depend',`
 ')
 
 ## </module>
+
+#
+# These next macros are not interfaces, but actually are 
+# support macros.  Due to the domain_ prefix, are they 
+# are placed in this module.
+#
+
+########################################
+#
+# domain_trans(source_domain,entrypoint_file,target_domain)
+#
+define(`domain_auto_trans',`
+	requires_block_template(`$0'_depend)
+
+	allow $1 $2:file { getattr read execute };
+	allow $1 $3:process transition;
+	dontaudit $1 $3:process { noatsecure siginh rlimitinh };
+')
+
+define(`domain_trans_depend',`
+
+########################################
+#
+# domain_auto_trans(source_domain,entrypoint_file,target_domain)
+#
+define(`domain_auto_trans',`
+	requires_block_template(`$0'_depend)
+
+	domain_trans($1,$2,$3)
+	type_transition $1 $2:process $3;
+')