fix te_trans conflict

refpolicy/policy/modules/services/mta.if

@@ -230,6 +230,24 @@ interface(`mta_sendmail_mailserver',`
 	typeattribute $1 mailserver_domain;
 ')
 
+#######################################
+## <summary>
+##	Allow the specified domain to use
+##	the sendmail program as an entrypoint.
+## </summary>
+## <param name="domain">
+##	Domain allowed access.
+## </param>
+#
+# cjp: added for targeted sendmail (unconfined)
+interface(`mta_sendmail_entry',`
+	gen_require(`
+		type sendmail_exec_t;
+	')
+
+	domain_entry_file($1,sendmail_exec_t)
+')
+
 #######################################
 ## <summary>
 ##	Make a type a mailserver type used

refpolicy/policy/modules/services/sendmail.te

@@ -17,8 +17,7 @@ files_pid_file(sendmail_var_run_t)
 
 ifdef(`targeted_policy',`
 	unconfined_alias_domain(sendmail_t)
-	type sendmail_exec_t;
+	mta_sendmail_entry(sendmail_t)
-	domain_entry_file(sendmail_t,sendmail_exec_t)
 ',`
 	type sendmail_t;
 	mta_sendmail_mailserver(sendmail_t)

refpolicy/policy/modules/services/xdm.te

@@ -55,6 +55,7 @@ files_tmpfs_file(xdm_tmpfs_t)
 # Local policy
 #
 
+ifdef(`targeted_policy',`',`
 	allow xdm_t self:capability { setgid setuid sys_resource kill sys_tty_config mknod chown dac_override dac_read_search fowner fsetid ipc_owner sys_nice sys_rawio net_bind_service };
 	allow xdm_t self:process { setexec setpgid setsched setrlimit };
 	allow xdm_t self:fifo_file rw_file_perms;
@@ -96,10 +97,6 @@ selinux_compute_user_contexts(xdm_t)
 
 	files_read_etc_runtime_files(xdm_t)
 
-ifdef(`targeted_policy',`
-	unconfined_domain_template(xdm_t)
-')
-
 	ifdef(`TODO',`
 	# cjp: TODO: integrate strict policy:
 	daemon_domain(xdm, `, privuser, privrole, auth_chkpwd, privowner, privmem, nscd_client_domain')
@@ -420,3 +417,4 @@ can_exec(xdm_t, xdm_exec_t)
 	# Supress permission check on .ICE-unix
 	dontaudit xdm_t ice_tmp_t:dir { getattr setattr };
 	') dnl end TODO
+')