From b04eccd87b9c323a9b8bddaae417bda1ad6eca57 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Wed, 18 Oct 2006 17:31:14 +0000
Subject: [PATCH] fix duplicate /usr/bin/mplayer fc match for targeted

---
 policy/modules/apps/mplayer.fc      |  5 +++--
 policy/modules/apps/mplayer.te      | 21 ++++++++++++------
 policy/modules/system/unconfined.fc |  2 --
 policy/modules/system/unconfined.if | 34 +++++++++++++++++++++++++++++
 policy/modules/system/unconfined.te |  2 +-
 5 files changed, 52 insertions(+), 12 deletions(-)

diff --git a/policy/modules/apps/mplayer.fc b/policy/modules/apps/mplayer.fc
index 60db2e9b..4806b644 100644
--- a/policy/modules/apps/mplayer.fc
+++ b/policy/modules/apps/mplayer.fc
@@ -6,8 +6,9 @@
 #
 # /usr
 #
-/usr/bin/mplayer	--	   	gen_context(system_u:object_r:mplayer_exec_t,s0)
-/usr/bin/mencoder	--	   	gen_context(system_u:object_r:mencoder_exec_t,s0)
+/usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
+/usr/bin/mencoder	--	gen_context(system_u:object_r:mencoder_exec_t,s0)
+/usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 
 ifdef(`strict_policy',`
 HOME_DIR/\.mplayer(/.*)?        gen_context(system_u:object_r:ROLE_mplayer_home_t,s0)
diff --git a/policy/modules/apps/mplayer.te b/policy/modules/apps/mplayer.te
index adbb1760..d535b7cf 100644
--- a/policy/modules/apps/mplayer.te
+++ b/policy/modules/apps/mplayer.te
@@ -1,16 +1,23 @@
 
-policy_module(mplayer,1.0.2)
+policy_module(mplayer,1.0.3)
 
 ########################################
 #
 # Declarations
 #
 
-type mplayer_exec_t;
-corecmd_executable_file(mplayer_exec_t)
-
-type mencoder_exec_t;
-corecmd_executable_file(mencoder_exec_t)
-
 type mplayer_etc_t;
 files_config_file(mplayer_etc_t)
+
+ifdef(`strict_policy',`
+	type mencoder_exec_t;
+	corecmd_executable_file(mencoder_exec_t)
+
+	type mplayer_exec_t;
+	corecmd_executable_file(mplayer_exec_t)
+')
+
+ifdef(`targeted_policy',`
+	unconfined_execmem_alias_program(mencoder_exec_t)
+	unconfined_execmem_alias_program(mplayer_exec_t)
+')
diff --git a/policy/modules/system/unconfined.fc b/policy/modules/system/unconfined.fc
index cf3fa5a0..471b06a1 100644
--- a/policy/modules/system/unconfined.fc
+++ b/policy/modules/system/unconfined.fc
@@ -8,7 +8,5 @@ ifdef(`targeted_policy',`
 /usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/local/RealPlay/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-/usr/bin/mplayer	 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-/usr/bin/xine		 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/lib/ia32el/ia32x_loader 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 ')
diff --git a/policy/modules/system/unconfined.if b/policy/modules/system/unconfined.if
index 26df7d59..59fc8f03 100644
--- a/policy/modules/system/unconfined.if
+++ b/policy/modules/system/unconfined.if
@@ -488,6 +488,40 @@ interface(`unconfined_alias_domain',`
 	')
 ')
 
+########################################
+## <summary>
+##	Add an alias type to the unconfined execmem
+##	program file type.
+## </summary>
+## <desc>
+##	<p>
+##	Add an alias type to the unconfined execmem
+##	program file type.
+##	</p>
+##	<p>
+##	This is added to support targeted policy.  Its
+##	use should be limited.  It has no effect
+##	on the strict policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	New alias of the unconfined execmem program type.
+##	</summary>
+## </param>
+#
+interface(`unconfined_execmem_alias_program',`
+	ifdef(`targeted_policy',`
+		gen_require(`
+			type unconfined_execmem_exec_t;
+		')
+
+		typealias unconfined_execmem_exec_t alias $1;
+	',`
+		refpolicywarn(`$0($1) has no effect in strict policy.')
+	')
+')
+
 ########################################
 ## <summary>
 ##	Connect to the the unconfined DBUS
diff --git a/policy/modules/system/unconfined.te b/policy/modules/system/unconfined.te
index 74f6c1b7..9376ccaf 100644
--- a/policy/modules/system/unconfined.te
+++ b/policy/modules/system/unconfined.te
@@ -1,5 +1,5 @@
 
-policy_module(unconfined,1.3.15)
+policy_module(unconfined,1.3.16)
 
 ########################################
 #