add domain(_auto)_trans

refpolicy/policy/modules/system/domain.if

@@ -464,3 +464,34 @@ define(`domain_read_all_entrypoint_programs_depend',`
 ')
 
 ## </module>
+
+#
+# These next macros are not interfaces, but actually are 
+# support macros.  Due to the domain_ prefix, are they 
+# are placed in this module.
+#
+
+########################################
+#
+# domain_trans(source_domain,entrypoint_file,target_domain)
+#
+define(`domain_auto_trans',`
+	requires_block_template(`$0'_depend)
+
+	allow $1 $2:file { getattr read execute };
+	allow $1 $3:process transition;
+	dontaudit $1 $3:process { noatsecure siginh rlimitinh };
+')
+
+define(`domain_trans_depend',`
+
+########################################
+#
+# domain_auto_trans(source_domain,entrypoint_file,target_domain)
+#
+define(`domain_auto_trans',`
+	requires_block_template(`$0'_depend)
+
+	domain_trans($1,$2,$3)
+	type_transition $1 $2:process $3;
+')