fix duplicate /usr/bin/mplayer fc match for targeted

policy/modules/apps/mplayer.fc

@@ -6,8 +6,9 @@
 #
 # /usr
 #
-/usr/bin/mplayer	--	   	gen_context(system_u:object_r:mplayer_exec_t,s0)
+/usr/bin/mplayer	--	gen_context(system_u:object_r:mplayer_exec_t,s0)
-/usr/bin/mencoder	--	   	gen_context(system_u:object_r:mencoder_exec_t,s0)
+/usr/bin/mencoder	--	gen_context(system_u:object_r:mencoder_exec_t,s0)
+/usr/bin/xine		--	gen_context(system_u:object_r:mplayer_exec_t,s0)
 
 ifdef(`strict_policy',`
 HOME_DIR/\.mplayer(/.*)?        gen_context(system_u:object_r:ROLE_mplayer_home_t,s0)

policy/modules/apps/mplayer.te

@@ -1,16 +1,23 @@
 
-policy_module(mplayer,1.0.2)
+policy_module(mplayer,1.0.3)
 
 ########################################
 #
 # Declarations
 #
 
-type mplayer_exec_t;
-corecmd_executable_file(mplayer_exec_t)
-
-type mencoder_exec_t;
-corecmd_executable_file(mencoder_exec_t)
-
 type mplayer_etc_t;
 files_config_file(mplayer_etc_t)
+
+ifdef(`strict_policy',`
+	type mencoder_exec_t;
+	corecmd_executable_file(mencoder_exec_t)
+
+	type mplayer_exec_t;
+	corecmd_executable_file(mplayer_exec_t)
+')
+
+ifdef(`targeted_policy',`
+	unconfined_execmem_alias_program(mencoder_exec_t)
+	unconfined_execmem_alias_program(mplayer_exec_t)
+')

policy/modules/system/unconfined.fc

@@ -8,7 +8,5 @@ ifdef(`targeted_policy',`
 /usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/bin/valgrind 		--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/local/RealPlay/realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-/usr/bin/mplayer	 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
-/usr/bin/xine		 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 /usr/lib/ia32el/ia32x_loader 	--	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 ')

policy/modules/system/unconfined.if

@@ -488,6 +488,40 @@ interface(`unconfined_alias_domain',`
 	')
 ')
 
+########################################
+## <summary>
+##	Add an alias type to the unconfined execmem
+##	program file type.
+## </summary>
+## <desc>
+##	<p>
+##	Add an alias type to the unconfined execmem
+##	program file type.
+##	</p>
+##	<p>
+##	This is added to support targeted policy.  Its
+##	use should be limited.  It has no effect
+##	on the strict policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	New alias of the unconfined execmem program type.
+##	</summary>
+## </param>
+#
+interface(`unconfined_execmem_alias_program',`
+	ifdef(`targeted_policy',`
+		gen_require(`
+			type unconfined_execmem_exec_t;
+		')
+
+		typealias unconfined_execmem_exec_t alias $1;
+	',`
+		refpolicywarn(`$0($1) has no effect in strict policy.')
+	')
+')
+
 ########################################
 ## <summary>
 ##	Connect to the the unconfined DBUS

policy/modules/system/unconfined.te

@@ -1,5 +1,5 @@
 
-policy_module(unconfined,1.3.15)
+policy_module(unconfined,1.3.16)
 
 ########################################
 #