roles patch from Dan Walsh to move unwanted interface calls into a ifndef

policy/modules/roles/staff.te

@@ -19,11 +19,37 @@ optional_policy(`
 ')
 
 optional_policy(`
-	auth_role(staff_r, staff_t)
+	auditadm_role_change(staff_r)
 ')
 
 optional_policy(`
-	auditadm_role_change(staff_r)
+	postgresql_role(staff_r, staff_t)
+')
+
+optional_policy(`
+	secadm_role_change(staff_r)
+')
+
+optional_policy(`
+	ssh_role_template(staff, staff_r, staff_t)
+')
+
+optional_policy(`
+	sudo_role_template(staff, staff_r, staff_t)
+')
+
+optional_policy(`
+	sysadm_role_change(staff_r)
+	userdom_dontaudit_use_user_terminals(staff_t)
+')
+
+optional_policy(`
+	xserver_role(staff_r, staff_t)
+')
+
+ifndef(`distro_redhat',`
+	optional_policy(`
+		auth_role(staff_r, staff_t)
 	')
 
 	optional_policy(`
@@ -94,11 +120,6 @@ optional_policy(`
 		oident_manage_user_content(staff_t)
 		oident_relabel_user_content(staff_t)
 	')
-
-optional_policy(`
-	postgresql_role(staff_r, staff_t)
-')
-
 	optional_policy(`
 		pyzor_role(staff_r, staff_t)
 	')
@@ -115,31 +136,14 @@ optional_policy(`
 		screen_role_template(staff, staff_r, staff_t)
 	')
 
-optional_policy(`
-	secadm_role_change(staff_r)
-')
-
 	optional_policy(`
 		spamassassin_role(staff_r, staff_t)
 	')
 
-optional_policy(`
-	ssh_role_template(staff, staff_r, staff_t)
-')
-
 	optional_policy(`
 		su_role_template(staff, staff_r, staff_t)
 	')
 
-optional_policy(`
-	sudo_role_template(staff, staff_r, staff_t)
-')
-
-optional_policy(`
-	sysadm_role_change(staff_r)
-	userdom_dontaudit_use_user_terminals(staff_t)
-')
-
 	optional_policy(`
 		thunderbird_role(staff_r, staff_t)
 	')
@@ -163,7 +167,4 @@ optional_policy(`
 	optional_policy(`
 		wireshark_role(staff_r, staff_t)
 	')
-
-optional_policy(`
-	xserver_role(staff_r, staff_t)
 ')

policy/modules/roles/sysadm.te

@@ -85,10 +85,6 @@ optional_policy(`
 	auditadm_role_change(sysadm_r)
 ')
 
-optional_policy(`
-	auth_role(sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	backup_run(sysadm_t, sysadm_r)
 ')
@@ -97,18 +93,10 @@ optional_policy(`
 	bind_run_ndc(sysadm_t, sysadm_r)
 ')
 
-optional_policy(`
-	bluetooth_role(sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	bootloader_run(sysadm_t, sysadm_r)
 ')
 
-optional_policy(`
-	cdrecord_role(sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	certwatch_run(sysadm_t, sysadm_r)
 ')
@@ -125,18 +113,10 @@ optional_policy(`
 	consoletype_run(sysadm_t, sysadm_r)
 ')
 
-optional_policy(`
-	cron_admin_role(sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	cvs_exec(sysadm_t)
 ')
 
-optional_policy(`
-	dbus_role_template(sysadm, sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	dcc_run_cdcc(sysadm_t, sysadm_r)
 	dcc_run_client(sysadm_t, sysadm_r)
@@ -159,10 +139,6 @@ optional_policy(`
 	dpkg_run(sysadm_t, sysadm_r)
 ')
 
-optional_policy(`
-	evolution_role(sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	firstboot_run(sysadm_t, sysadm_r)
 ')
@@ -171,22 +147,6 @@ optional_policy(`
 	fstools_run(sysadm_t, sysadm_r)
 ')
 
-optional_policy(`
-	games_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	gift_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	gnome_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	gpg_role(sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	hostname_run(sysadm_t, sysadm_r)
 ')
@@ -205,14 +165,6 @@ optional_policy(`
 	iptables_run(sysadm_t, sysadm_r)
 ')
 
-optional_policy(`
-	irc_role(sysadm_r, sysadm_t)
-')
-
-optional_policy(`
-	java_role(sysadm_r, sysadm_t)
-')
-
 optional_policy(`
 	kudzu_run(sysadm_t, sysadm_r)
 ')
@@ -444,3 +396,54 @@ optional_policy(`
 optional_policy(`
 	yam_run(sysadm_t, sysadm_r)
 ')
+
+ifndef(`distro_redhat',`
+	optional_policy(`
+		auth_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		bluetooth_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		cdrecord_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		cron_admin_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		dbus_role_template(sysadm, sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		evolution_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		games_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		gift_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		gnome_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		gpg_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		irc_role(sysadm_r, sysadm_t)
+	')
+
+	optional_policy(`
+		java_role(sysadm_r, sysadm_t)
+	')
+')
+

policy/modules/roles/unprivuser.te

@@ -16,6 +16,15 @@ optional_policy(`
 	apache_role(user_r, user_t)
 ')
 
+optional_policy(`
+	screen_role_template(user, user_r, user_t)
+')
+
+optional_policy(`
+	xserver_role(user_r, user_t)
+')
+
+ifndef(`distro_redhat',`
 	optional_policy(`
 		auth_role(user_r, user_t)
 	')
@@ -105,10 +114,6 @@ optional_policy(`
 		rssh_role(user_r, user_t)
 	')
 
-optional_policy(`
-	screen_role_template(user, user_r, user_t)
-')
-
 	optional_policy(`
 	spamassassin_role(user_r, user_t)
 	')
@@ -148,7 +153,4 @@ optional_policy(`
 	optional_policy(`
 		wireshark_role(user_r, user_t)
 	')
-
-optional_policy(`
-	xserver_role(user_r, user_t)
 ')