trunk: add unconfined_run_to().

policy/modules/system/unconfined.if

@@ -276,6 +276,46 @@ interface(`unconfined_domtrans_to',`
 	domtrans_pattern(unconfined_t,$2,$1)
 ')
 
+########################################
+## <summary>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.  Allow the specified domain the
+##	unconfined role and use of unconfined user terminals.
+## </summary>
+## <desc>
+##	<p>
+##	Allow unconfined to execute the specified program in
+##	the specified domain.  Allow the specified domain the
+##	unconfined role and use of unconfined user terminals.
+##	</p>
+##	<p>
+##	This is a interface to support third party modules
+##	and its use is not allowed in upstream reference
+##	policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain to execute in.
+##	</summary>
+## </param>
+## <param name="entry_file">
+##	<summary>
+##	Domain entry point file.
+##	</summary>
+## </param>
+#
+interface(`unconfined_run_to',`
+	gen_require(`
+		type unconfined_t, unconfined_devpts_t, unconfined_tty_device_t;
+		role unconfined_r;
+	')
+
+	domtrans_pattern(unconfined_t,$2,$1)
+	role unconfined_r types $1;
+	allow $1 { unconfined_devpts_t unconfined_tty_device_t }:chr_file rw_term_perms;
+')
+
 ########################################
 ## <summary>
 ##	Inherit file descriptors from the unconfined domain.

policy/modules/system/unconfined.te

@@ -1,5 +1,5 @@
 
-policy_module(unconfined,2.0.2)
+policy_module(unconfined,2.0.3)
 
 ########################################
 #