From d40c0ecf7acd6745f32017a378b8cba953e78605 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 1 May 2006 19:11:54 +0000
Subject: [PATCH] fix up entrypoints

---
 refpolicy/policy/modules/apps/games.if        | 1 +
 refpolicy/policy/modules/apps/java.if         | 1 +
 refpolicy/policy/modules/services/dbus.if     | 6 +-----
 refpolicy/policy/modules/system/ipsec.te      | 1 +
 refpolicy/policy/modules/system/userdomain.if | 4 +++-
 5 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/refpolicy/policy/modules/apps/games.if b/refpolicy/policy/modules/apps/games.if
index 1e88bbdd..319a7075 100644
--- a/refpolicy/policy/modules/apps/games.if
+++ b/refpolicy/policy/modules/apps/games.if
@@ -41,6 +41,7 @@ template(`games_per_userdomain_template',`
 
 	type $1_games_t;
 	domain_type($1_games_t)
+	domain_entry_file($1_games_t,games_exec_t)
 	role $3 types $1_games_t;
 
 	type $1_games_devpts_t;
diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if
index 0c950ecf..cd3d01ac 100644
--- a/refpolicy/policy/modules/apps/java.if
+++ b/refpolicy/policy/modules/apps/java.if
@@ -44,6 +44,7 @@ template(`java_per_userdomain_template',`
 
 	type $1_javaplugin_t;
 	domain_type($1_javaplugin_t)
+	domain_entry_file($1_javaplugin_t,java_exec_t)
 	role $3 types $1_javaplugin_t;
 	
 	type $1_javaplugin_tmp_t;
diff --git a/refpolicy/policy/modules/services/dbus.if b/refpolicy/policy/modules/services/dbus.if
index a0f6b56a..36877e6d 100644
--- a/refpolicy/policy/modules/services/dbus.if
+++ b/refpolicy/policy/modules/services/dbus.if
@@ -49,11 +49,6 @@ interface(`dbus_stub',`
 ## </param>
 #
 template(`dbus_per_userdomain_template',`
-	gen_require(`
-		type system_dbusd_t, dbusd_etc_t;
-		type system_dbusd_exec_t;
-		class dbus { send_msg acquire_svc };
-	')
 
 	##############################
 	#
@@ -61,6 +56,7 @@ template(`dbus_per_userdomain_template',`
 	#
 	type $1_dbusd_t;
 	domain_type($1_dbusd_t)
+	domain_entry_file($1_dbusd_t,system_dbusd_exec_t)
 	role $3 types $1_dbusd_t;
 
 	type $1_dbusd_$1_t;
diff --git a/refpolicy/policy/modules/system/ipsec.te b/refpolicy/policy/modules/system/ipsec.te
index 4b618ef0..bf5a5df0 100644
--- a/refpolicy/policy/modules/system/ipsec.te
+++ b/refpolicy/policy/modules/system/ipsec.te
@@ -26,6 +26,7 @@ files_pid_file(ipsec_var_run_t)
 type ipsec_mgmt_t;
 type ipsec_mgmt_exec_t;
 init_system_domain(ipsec_mgmt_t,ipsec_mgmt_exec_t)
+corecmd_shell_entry_type(ipsec_mgmt_t)
 role system_r types ipsec_mgmt_t;
 
 type ipsec_mgmt_lock_t;
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 886b0358..d0e7c924 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -31,6 +31,8 @@ template(`base_user_template',`
 	type $1_t, userdomain;
 	domain_type($1_t)
 	corecmd_shell_entry_type($1_t)
+	corecmd_bin_entry_type($1_t)
+	corecmd_sbin_entry_type($1_t)
 	domain_user_exemption_target($1_t)
 	role $1_r types $1_t;
 	allow system_r $1_r;
@@ -105,7 +107,7 @@ template(`base_user_template',`
 	can_exec($1_t,$1_home_t)
 
 	# full control of the home directory
-	allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto };
+	allow $1_t $1_home_t:file { create_file_perms relabelfrom relabelto entrypoint };
 	allow $1_t $1_home_t:lnk_file { create_lnk_perms relabelfrom relabelto };
 	allow $1_t $1_home_t:dir { create_dir_perms relabelfrom relabelto };
 	allow $1_t $1_home_t:sock_file { create_file_perms relabelfrom relabelto };