trunk: add application module

Changelog

@@ -1,4 +1,6 @@
 - Add debian apcupsd binary location, from Stefan Schulze Frielinghaus.
+- Added modules:
+	application
 
 * Fri Jun 29 2007 Chris PeBenito <selinux@tresys.com> - 20070629
 - Fix incorrectly named files_lib_filetrans_shared_lib() interface in the

policy/modules/admin/alsa.te

@@ -1,5 +1,5 @@
 
-policy_module(alsa,1.1.0)
+policy_module(alsa,1.1.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(alsa,1.1.0)
 
 type alsa_t;
 type alsa_exec_t;
-domain_type(alsa_t)
-domain_entry_file(alsa_t, alsa_exec_t)
+application_domain(alsa_t, alsa_exec_t)
 role system_r types alsa_t;
 
 type alsa_etc_rw_t;

policy/modules/admin/amanda.te

@@ -1,5 +1,5 @@
 
-policy_module(amanda,1.6.0)
+policy_module(amanda,1.6.1)
 
 #######################################
 #
@@ -51,8 +51,7 @@ files_type(amanda_data_t)
 # type for amrecover
 type amanda_recover_t;
 type amanda_recover_exec_t;
-domain_type(amanda_recover_t)
-domain_entry_file(amanda_recover_t,amanda_recover_exec_t)
+application_domain(amanda_recover_t,amanda_recover_exec_t)
 role system_r types amanda_recover_t;
 
 # type for recover files ( restored data )

policy/modules/admin/bootloader.te

@@ -1,5 +1,5 @@
 
-policy_module(bootloader,1.5.0)
+policy_module(bootloader,1.5.1)
 
 ########################################
 #
@@ -15,11 +15,9 @@ type boot_runtime_t;
 files_type(boot_runtime_t)
 
 type bootloader_t;
-domain_type(bootloader_t)
-role system_r types bootloader_t;
-
 type bootloader_exec_t;
-domain_entry_file(bootloader_t,bootloader_exec_t)
+application_domain(bootloader_t,bootloader_exec_t)
+role system_r types bootloader_t;
 
 #
 # bootloader_etc_t is the configuration file,

policy/modules/admin/certwatch.te

@@ -8,8 +8,7 @@ policy_module(certwatch,1.0)
 
 type certwatch_t;
 type certwatch_exec_t;
-domain_type(certwatch_t)
-domain_entry_file(certwatch_t,certwatch_exec_t)
+application_domain(certwatch_t,certwatch_exec_t)
 role system_r types certwatch_t;
 
 ########################################

policy/modules/admin/consoletype.te

@@ -1,5 +1,5 @@
 
-policy_module(consoletype,1.3.0)
+policy_module(consoletype,1.3.1)
 
 ########################################
 #
@@ -8,6 +8,7 @@ policy_module(consoletype,1.3.0)
 
 type consoletype_t;
 type consoletype_exec_t;
+application_executable_file(consoletype_exec_t)
 init_domain(consoletype_t,consoletype_exec_t)
 mls_file_read_up(consoletype_t)
 mls_file_write_down(consoletype_t)

policy/modules/admin/ddcprobe.te

@@ -1,5 +1,5 @@
 
-policy_module(ddcprobe,1.0.0)
+policy_module(ddcprobe,1.0.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(ddcprobe,1.0.0)
 
 type ddcprobe_t;
 type ddcprobe_exec_t;
-domain_type(ddcprobe_t)
-domain_entry_file(ddcprobe_t,ddcprobe_exec_t)
+application_domain(ddcprobe_t,ddcprobe_exec_t)
 role system_r types ddcprobe_t;
 
 ########################################

policy/modules/admin/dmidecode.te

@@ -1,5 +1,5 @@
 
-policy_module(dmidecode,1.1.0)
+policy_module(dmidecode,1.1.1)
 
 ########################################
 #
@@ -7,11 +7,9 @@ policy_module(dmidecode,1.1.0)
 #
 
 type dmidecode_t;
-domain_type(dmidecode_t)
-role system_r types dmidecode_t;
-
 type dmidecode_exec_t;
-domain_entry_file(dmidecode_t,dmidecode_exec_t)
+application_domain(dmidecode_t,dmidecode_exec_t)
+role system_r types dmidecode_t;
 
 ########################################
 #

policy/modules/admin/logwatch.te

@@ -1,5 +1,5 @@
 
-policy_module(logwatch,1.5.0)
+policy_module(logwatch,1.5.1)
 
 #################################
 #
@@ -8,8 +8,7 @@ policy_module(logwatch,1.5.0)
 
 type logwatch_t;
 type logwatch_exec_t;
-domain_type(logwatch_t)
-domain_entry_file(logwatch_t,logwatch_exec_t)
+application_domain(logwatch_t,logwatch_exec_t)
 role system_r types logwatch_t;
 
 type logwatch_cache_t;

policy/modules/admin/portage.te

@@ -1,5 +1,5 @@
 
-policy_module(portage,1.3.0)
+policy_module(portage,1.3.1)
 
 ########################################
 #
@@ -8,35 +8,30 @@ policy_module(portage,1.3.0)
 
 type gcc_config_t;
 type gcc_config_exec_t;
-domain_type(gcc_config_t)
-domain_entry_file(gcc_config_t,gcc_config_exec_t)
+application_domain(gcc_config_t,gcc_config_exec_t)
 
 # constraining type
 type portage_t;
 type portage_exec_t;
-domain_type(portage_t)
-domain_entry_file(portage_t,portage_exec_t)
+application_domain(portage_t,portage_exec_t)
 rsync_entry_type(portage_t)
 corecmd_shell_entry_type(portage_t)
-domain_entry_file(portage_t,portage_exec_t)
 
 # portage domain for merging packages to the live fs
 type portage_t.merge;
-domain_type(portage_t.merge)
-domain_entry_file(portage_t.merge,portage_exec_t)
+application_domain(portage_t.merge,portage_exec_t)
 domain_obj_id_change_exemption(portage_t.merge)
 
 # portage compile sandbox domain
 type portage_t.sandbox alias portage_sandbox_t;
-domain_type(portage_t.sandbox)
+application_domain(portage_t.sandbox,portage_exec_t)
 # the shell is the entrypoint if regular sandbox is disabled
 # portage_exec_t is the entrypoint if regular sandbox is enabled
 corecmd_shell_entry_type(portage_t.sandbox)
-domain_entry_file(portage_t.sandbox,portage_exec_t)
 
 # portage package fetching domain
 type portage_t.fetch alias portage_fetch_t;
-domain_type(portage_t.fetch)
+application_type(portage_t.fetch)
 corecmd_shell_entry_type(portage_t.fetch)
 rsync_entry_type(portage_t.fetch)
 

policy/modules/admin/readahead.te

@@ -1,5 +1,5 @@
 
-policy_module(readahead,1.3.0)
+policy_module(readahead,1.3.1)
 
 ########################################
 #
@@ -9,6 +9,7 @@ policy_module(readahead,1.3.0)
 type readahead_t;
 type readahead_exec_t;
 init_daemon_domain(readahead_t,readahead_exec_t)
+application_domain(readahead_t,readahead_exec_t)
 
 type readahead_var_run_t;
 files_pid_file(readahead_var_run_t)

policy/modules/admin/sudo.if

@@ -45,8 +45,7 @@ template(`sudo_per_role_template',`
 	#
 
 	type $1_sudo_t; 
-	domain_type($1_sudo_t)
-	domain_entry_file($1_sudo_t,sudo_exec_t)
+	application_domain($1_sudo_t,sudo_exec_t)
 	domain_interactive_fd($1_sudo_t)
 	role $3 types $1_sudo_t;
 

policy/modules/admin/sudo.te

@@ -1,11 +1,11 @@
 
-policy_module(sudo,1.1.0)
+policy_module(sudo,1.1.1)
 
 ########################################
 #
 # Declarations
 
 type sudo_exec_t;
-corecmd_executable_file(sudo_exec_t)
+application_executable_file(sudo_exec_t)
 
 # Remaining policy in per user domain template.

policy/modules/admin/sxid.te

@@ -1,5 +1,5 @@
 
-policy_module(sxid,1.2.0)
+policy_module(sxid,1.2.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(sxid,1.2.0)
 
 type sxid_t;
 type sxid_exec_t;
-domain_type(sxid_t)
-domain_entry_file(sxid_t,sxid_exec_t)
+application_domain(sxid_t,sxid_exec_t)
 
 type sxid_log_t;
 logging_log_file(sxid_log_t)

policy/modules/admin/tmpreaper.te

@@ -1,5 +1,5 @@
 
-policy_module(tmpreaper,1.2.0)
+policy_module(tmpreaper,1.2.1)
 
 ########################################
 #
@@ -7,11 +7,9 @@ policy_module(tmpreaper,1.2.0)
 #
 
 type tmpreaper_t;
-role system_r types tmpreaper_t;
-domain_type(tmpreaper_t)
-
 type tmpreaper_exec_t;
-domain_entry_file(tmpreaper_t,tmpreaper_exec_t)
+application_domain(tmpreaper_t,tmpreaper_exec_t)
+role system_r types tmpreaper_t;
 
 ########################################
 #

policy/modules/admin/tripwire.te

@@ -1,5 +1,5 @@
 
-policy_module(tripwire,1.0.0)
+policy_module(tripwire,1.0.1)
 
 ########################################
 #
@@ -8,13 +8,11 @@ policy_module(tripwire,1.0.0)
 
 type siggen_t;
 type siggen_exec_t;
-domain_type(siggen_t)
-domain_entry_file(siggen_t,siggen_exec_t)
+application_domain(siggen_t,siggen_exec_t)
 
 type tripwire_t;
 type tripwire_exec_t;
-domain_type(tripwire_t)
-domain_entry_file(tripwire_t,tripwire_exec_t)
+application_domain(tripwire_t,tripwire_exec_t)
 role system_r types tripwire_t;
 
 type tripwire_etc_t;
@@ -31,13 +29,11 @@ files_type(tripwire_var_lib_t)
 
 type twadmin_t;
 type twadmin_exec_t;
-domain_type(twadmin_t)
-domain_entry_file(twadmin_t,twadmin_exec_t)
+application_domain(twadmin_t,twadmin_exec_t)
 
 type twprint_t;
 type twprint_exec_t;
-domain_type(twprint_t)
-domain_entry_file(twprint_t,twprint_exec_t)
+application_domain(twprint_t,twprint_exec_t)
 
 ########################################
 #

policy/modules/admin/tzdata.te

@@ -1,5 +1,5 @@
 
-policy_module(tzdata,1.0.0)
+policy_module(tzdata,1.0.1)
 
 ########################################
 #
@@ -9,6 +9,7 @@ policy_module(tzdata,1.0.0)
 type tzdata_t;
 type tzdata_exec_t;
 init_daemon_domain(tzdata_t, tzdata_exec_t)
+application_domain(tzdata_t, tzdata_exec_t)
 
 ########################################
 #

policy/modules/admin/usermanage.te

@@ -1,5 +1,5 @@
 
-policy_module(usermanage,1.7.0)
+policy_module(usermanage,1.7.1)
 
 ########################################
 #
@@ -10,19 +10,15 @@ type admin_passwd_exec_t;
 files_type(admin_passwd_exec_t)
 
 type chfn_t;
+type chfn_exec_t;
 domain_obj_id_change_exemption(chfn_t)
-domain_type(chfn_t)
+application_domain(chfn_t,chfn_exec_t)
 role system_r types chfn_t;
 
-type chfn_exec_t;
-domain_entry_file(chfn_t,chfn_exec_t)
-
 type crack_t;
-domain_type(crack_t)
-role system_r types crack_t;
-
 type crack_exec_t;
-domain_entry_file(crack_t,crack_exec_t)
+application_domain(crack_t,crack_exec_t)
+role system_r types crack_t;
 
 type crack_db_t;
 files_type(crack_db_t)
@@ -37,17 +33,14 @@ init_system_domain(groupadd_t,groupadd_exec_t)
 role system_r types groupadd_t;
 
 type passwd_t;
-domain_obj_id_change_exemption(passwd_t)
-domain_type(passwd_t)
-role system_r types passwd_t;
-
 type passwd_exec_t;
-domain_entry_file(passwd_t,passwd_exec_t)
+domain_obj_id_change_exemption(passwd_t)
+application_domain(passwd_t,passwd_exec_t)
+role system_r types passwd_t;
 
 type sysadm_passwd_t;
 domain_obj_id_change_exemption(sysadm_passwd_t)
-domain_type(sysadm_passwd_t)
-domain_entry_file(sysadm_passwd_t,admin_passwd_exec_t)
+application_domain(sysadm_passwd_t,admin_passwd_exec_t)
 role system_r types sysadm_passwd_t;
 
 type sysadm_passwd_tmp_t;

policy/modules/admin/vpn.te

@@ -1,5 +1,5 @@
 
-policy_module(vpn,1.5.0)
+policy_module(vpn,1.5.1)
 
 ########################################
 #
@@ -7,10 +7,8 @@ policy_module(vpn,1.5.0)
 #
 
 type vpnc_t;
-domain_type(vpnc_t)
-
 type vpnc_exec_t;
-domain_entry_file(vpnc_t,vpnc_exec_t)
+application_domain(vpnc_t,vpnc_exec_t)
 role system_r types vpnc_t;
 
 type vpnc_tmp_t;

policy/modules/apps/ada.te

@@ -1,5 +1,5 @@
 
-policy_module(ada,1.0.0)
+policy_module(ada,1.0.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(ada,1.0.0)
 
 type ada_t;
 type ada_exec_t;
-domain_type(ada_t)
-domain_entry_file(ada_t,ada_exec_t)
+application_domain(ada_t,ada_exec_t)
 
 ########################################
 #

policy/modules/apps/authbind.te

@@ -1,5 +1,5 @@
 
-policy_module(authbind,1.0.0)
+policy_module(authbind,1.0.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(authbind,1.0.0)
 
 type authbind_t;
 type authbind_exec_t;
-domain_type(authbind_t)
-domain_entry_file(authbind_t,authbind_exec_t)
+application_domain(authbind_t,authbind_exec_t)
 role system_r types authbind_t;
 
 type authbind_etc_t;

policy/modules/apps/cdrecord.if

@@ -44,8 +44,7 @@ template(`cdrecord_per_role_template', `
 	#
 
 	type $1_cdrecord_t;
-	domain_type($1_cdrecord_t)
-	domain_entry_file($1_cdrecord_t,cdrecord_exec_t)
+	application_domain($1_cdrecord_t,cdrecord_exec_t)
 	role $3 types $1_cdrecord_t;
 
 	########################################

policy/modules/apps/cdrecord.te

@@ -1,5 +1,5 @@
 
-policy_module(cdrecord,1.2.0)
+policy_module(cdrecord,1.2.1)
 
 ########################################
 #
@@ -18,4 +18,4 @@ gen_tunable(cdrecord_read_content,false)
 ')
 
 type cdrecord_exec_t;
-corecmd_executable_file(cdrecord_exec_t)
+application_executable_file(cdrecord_exec_t)

policy/modules/apps/ethereal.if

@@ -45,8 +45,7 @@ template(`ethereal_per_role_template',`
 
 	# Type for program
 	type $1_ethereal_t;
-	domain_type($1_ethereal_t)
-	domain_entry_file($1_ethereal_t,ethereal_exec_t)
+	application_domain($1_ethereal_t,ethereal_exec_t)
 	role $3 types $1_ethereal_t;
 
 	type $1_ethereal_home_t alias $1_ethereal_rw_t;

policy/modules/apps/ethereal.te

@@ -1,5 +1,5 @@
 
-policy_module(ethereal,1.2.0)
+policy_module(ethereal,1.2.1)
 
 ########################################
 #
@@ -7,12 +7,11 @@ policy_module(ethereal,1.2.0)
 #
 
 type ethereal_exec_t;
-corecmd_executable_file(ethereal_exec_t)
+application_executable_file(ethereal_exec_t)
 
 type tethereal_t;
 type tethereal_exec_t;
-domain_type(tethereal_t)
-domain_entry_file(tethereal_t,tethereal_exec_t)
+application_domain(tethereal_t,tethereal_exec_t)
 
 type tethereal_tmp_t;
 files_tmp_file(tethereal_tmp_t)

policy/modules/apps/evolution.if

@@ -41,8 +41,7 @@ template(`evolution_per_role_template',`
 	#
 
 	type $1_evolution_t;
-	domain_type($1_evolution_t)
-	domain_entry_file($1_evolution_t,evolution_exec_t)
+	application_domain($1_evolution_t,evolution_exec_t)
 	role $3 types $1_evolution_t;
 
 	type $1_evolution_tmpfs_t;
@@ -56,8 +55,7 @@ template(`evolution_per_role_template',`
 	files_tmp_file($1_evolution_orbit_tmp_t)
 	
 	type $1_evolution_alarm_t;
-	domain_type($1_evolution_alarm_t)
-	domain_entry_file($1_evolution_alarm_t,evolution_alarm_exec_t)
+	application_domain($1_evolution_alarm_t,evolution_alarm_exec_t)
 	role $3 types $1_evolution_alarm_t;
 
 	type $1_evolution_alarm_tmpfs_t;
@@ -67,8 +65,7 @@ template(`evolution_per_role_template',`
 	files_tmp_file($1_evolution_alarm_orbit_tmp_t)
 
 	type $1_evolution_exchange_t;
-	domain_type($1_evolution_exchange_t)
-	domain_entry_file($1_evolution_exchange_t,evolution_exchange_exec_t)
+	application_domain($1_evolution_exchange_t,evolution_exchange_exec_t)
 	role $3 types $1_evolution_exchange_t;
 
 	type $1_evolution_exchange_tmpfs_t;
@@ -81,16 +78,14 @@ template(`evolution_per_role_template',`
 	files_tmp_file($1_evolution_exchange_orbit_tmp_t)
 
 	type $1_evolution_server_t;
-	domain_type($1_evolution_server_t)
-	domain_entry_file($1_evolution_server_t,evolution_server_exec_t)
+	application_domain($1_evolution_server_t,evolution_server_exec_t)
 	role $3 types $1_evolution_server_t;
 
 	type $1_evolution_server_orbit_tmp_t;
 	files_tmp_file($1_evolution_server_orbit_tmp_t)
 
 	type $1_evolution_webcal_t;
-	domain_type($1_evolution_webcal_t)
-	domain_entry_file($1_evolution_webcal_t,evolution_webcal_exec_t)
+	application_domain($1_evolution_webcal_t,evolution_webcal_exec_t)
 	role $3 types $1_evolution_webcal_t;
 
 	type $1_evolution_webcal_tmpfs_t;

policy/modules/apps/evolution.te

@@ -1,5 +1,5 @@
 
-policy_module(evolution,1.3.0)
+policy_module(evolution,1.3.1)
 
 ########################################
 #
@@ -7,16 +7,16 @@ policy_module(evolution,1.3.0)
 #
 
 type evolution_exec_t;
-corecmd_executable_file(evolution_exec_t)
+application_executable_file(evolution_exec_t)
 
 type evolution_alarm_exec_t;
-corecmd_executable_file(evolution_alarm_exec_t)
+application_executable_file(evolution_alarm_exec_t)
 
 type evolution_exchange_exec_t;
-corecmd_executable_file(evolution_exchange_exec_t)
+application_executable_file(evolution_exchange_exec_t)
 
 type evolution_server_exec_t;
-corecmd_executable_file(evolution_server_exec_t)
+application_executable_file(evolution_server_exec_t)
 
 type evolution_webcal_exec_t;
-corecmd_executable_file(evolution_webcal_exec_t)
+application_executable_file(evolution_webcal_exec_t)

policy/modules/apps/games.if

@@ -44,8 +44,7 @@ template(`games_per_role_template',`
 	#
 
 	type $1_games_t;
-	domain_type($1_games_t)
-	domain_entry_file($1_games_t,games_exec_t)
+	application_domain($1_games_t,games_exec_t)
 	role $3 types $1_games_t;
 
 	type $1_games_devpts_t;

policy/modules/apps/games.te

@@ -1,5 +1,5 @@
 
-policy_module(games,1.3.0)
+policy_module(games,1.3.1)
 
 ########################################
 #

policy/modules/apps/gift.if

@@ -40,8 +40,7 @@ template(`gift_per_role_template',`
 	#
 
 	type $1_gift_t;
-	domain_type($1_gift_t)
-	domain_entry_file($1_gift_t,gift_exec_t)
+	application_domain($1_gift_t,gift_exec_t)
 	role $3 types $1_gift_t;
 
 	type $1_gift_home_t alias $1_gift_rw_t;
@@ -52,8 +51,7 @@ template(`gift_per_role_template',`
 	files_tmpfs_file($1_gift_tmpfs_t)
 
 	type $1_giftd_t;
-	domain_type($1_giftd_t)
-	domain_entry_file($1_giftd_t,giftd_exec_t)
+	application_domain($1_giftd_t,giftd_exec_t)
 	role $3 types $1_giftd_t;
 
 	##############################

policy/modules/apps/gift.te

@@ -1,5 +1,5 @@
 
-policy_module(gift,1.1.0)
+policy_module(gift,1.1.1)
 
 ########################################
 #
@@ -7,7 +7,7 @@ policy_module(gift,1.1.0)
 #
 
 type gift_exec_t;
-corecmd_executable_file(gift_exec_t)
+application_executable_file(gift_exec_t)
 
 type giftd_exec_t;
-corecmd_executable_file(giftd_exec_t)
+application_executable_file(giftd_exec_t)

policy/modules/apps/gnome.if

@@ -44,8 +44,7 @@ template(`gnome_per_role_template',`
 	#
 	type $1_gconfd_t, gnomedomain;
 
-	domain_type($1_gconfd_t)
-	domain_entry_file($1_gconfd_t, gconfd_exec_t)
+	application_domain($1_gconfd_t, gconfd_exec_t)
 	role $3 types $1_gconfd_t;
 
 	type $1_gconf_home_t;

policy/modules/apps/gnome.te

@@ -1,5 +1,5 @@
 
-policy_module(gnome,1.1.0)
+policy_module(gnome,1.1.1)
 
 ##############################
 #
@@ -12,4 +12,4 @@ type gconf_etc_t;
 files_type(gconf_etc_t)
 
 type gconfd_exec_t;
-corecmd_executable_file(gconfd_exec_t)
+application_executable_file(gconfd_exec_t)

policy/modules/apps/gpg.if

@@ -46,13 +46,11 @@ template(`gpg_per_role_template',`
 	#
 
 	type $1_gpg_t;
-	domain_type($1_gpg_t)
-	domain_entry_file($1_gpg_t,gpg_exec_t)
+	application_domain($1_gpg_t,gpg_exec_t)
 	role $3 types $1_gpg_t;
 
 	type $1_gpg_agent_t;
-	domain_type($1_gpg_agent_t)
-	domain_entry_file($1_gpg_agent_t,gpg_agent_exec_t)
+	application_domain($1_gpg_agent_t,gpg_agent_exec_t)
 	role $3 types $1_gpg_agent_t;
 
 	type $1_gpg_agent_tmp_t;
@@ -62,13 +60,11 @@ template(`gpg_per_role_template',`
 	userdom_user_home_content($1,$1_gpg_secret_t)
 
 	type $1_gpg_helper_t;
-	domain_type($1_gpg_helper_t)
-	domain_entry_file($1_gpg_helper_t,gpg_helper_exec_t)
+	application_domain($1_gpg_helper_t,gpg_helper_exec_t)
 	role $3 types $1_gpg_helper_t;
 
 	type $1_gpg_pinentry_t;
-	domain_type($1_gpg_pinentry_t)
-	domain_entry_file($1_gpg_pinentry_t,pinentry_exec_t)
+	application_domain($1_gpg_pinentry_t,pinentry_exec_t)
 	role $3 types $1_gpg_pinentry_t;
 
 	########################################

policy/modules/apps/gpg.te

@@ -1,5 +1,5 @@
 
-policy_module(gpg, 1.3.0)
+policy_module(gpg, 1.3.1)
 
 ########################################
 #
@@ -9,13 +9,13 @@ policy_module(gpg, 1.3.0)
 # Type for gpg or pgp executables.
 type gpg_exec_t;
 type gpg_helper_exec_t;
-corecmd_executable_file(gpg_exec_t)
-corecmd_executable_file(gpg_helper_exec_t)
+application_executable_file(gpg_exec_t)
+application_executable_file(gpg_helper_exec_t)
 
 # Type for the gpg-agent executable.
 type gpg_agent_exec_t;
-corecmd_executable_file(gpg_agent_exec_t)
+application_executable_file(gpg_agent_exec_t)
 
 # type for the pinentry executable
 type pinentry_exec_t;
-corecmd_executable_file(pinentry_exec_t)
+application_executable_file(pinentry_exec_t)

policy/modules/apps/irc.if

@@ -43,13 +43,12 @@ template(`irc_per_role_template',`
 	#
 
 	type $1_irc_t;
-	domain_type($1_irc_t)
-	domain_entry_file($1_irc_t,irc_exec_t)
+	application_domain($1_irc_t,irc_exec_t)
 	role $3 types $1_irc_t;
 
 	type $1_irc_exec_t;
 	userdom_user_home_content($1,$1_irc_exec_t)
-	domain_entry_file($1_irc_t,$1_irc_exec_t)
+	application_domain($1_irc_t,$1_irc_exec_t)
 
 	type $1_irc_home_t;
 	userdom_user_home_content($1,$1_irc_home_t)

policy/modules/apps/irc.te

@@ -1,5 +1,5 @@
 
-policy_module(irc,1.2.0)
+policy_module(irc,1.2.1)
 
 ########################################
 #
@@ -7,4 +7,4 @@ policy_module(irc,1.2.0)
 #
 
 type irc_exec_t;
-corecmd_executable_file(irc_exec_t)
+application_executable_file(irc_exec_t)

policy/modules/apps/java.if

@@ -43,8 +43,7 @@ template(`java_per_role_template',`
 	#
 
 	type $1_javaplugin_t;
-	domain_type($1_javaplugin_t)
-	domain_entry_file($1_javaplugin_t,java_exec_t)
+	application_domain($1_javaplugin_t,java_exec_t)
 	role $3 types $1_javaplugin_t;
 	
 	type $1_javaplugin_tmp_t;

policy/modules/apps/java.te

@@ -1,5 +1,5 @@
 
-policy_module(java,1.5.0)
+policy_module(java,1.5.1)
 
 ########################################
 #

policy/modules/apps/lockdev.if

@@ -44,8 +44,7 @@ template(`lockdev_per_role_template',`
 	#
 
 	type $1_lockdev_t;
-	domain_type($1_lockdev_t)
-	domain_entry_file($1_lockdev_t,lockdev_exec_t)
+	application_domain($1_lockdev_t,lockdev_exec_t)
 	role $3 types $1_lockdev_t;
 
 	type $1_lockdev_lock_t;

policy/modules/apps/lockdev.te

@@ -1,5 +1,5 @@
 
-policy_module(lockdev,1.1.0)
+policy_module(lockdev,1.1.1)
 
 ########################################
 #
@@ -7,4 +7,4 @@ policy_module(lockdev,1.1.0)
 #
 
 type lockdev_exec_t;
-corecmd_executable_file(lockdev_exec_t)
+application_executable_file(lockdev_exec_t)

policy/modules/apps/mozilla.if

@@ -42,8 +42,7 @@ template(`mozilla_per_role_template',`
 	# Declarations
 	#
 	type $1_mozilla_t;
-	domain_type($1_mozilla_t)
-	domain_entry_file($1_mozilla_t,mozilla_exec_t)
+	application_domain($1_mozilla_t,mozilla_exec_t)
 	role $3 types $1_mozilla_t;
 
 	type $1_mozilla_home_t alias $1_mozilla_rw_t;

policy/modules/apps/mozilla.te

@@ -1,5 +1,5 @@
 
-policy_module(mozilla,1.3.0)
+policy_module(mozilla,1.3.1)
 
 ########################################
 #
@@ -19,4 +19,4 @@ type mozilla_conf_t;
 files_config_file(mozilla_conf_t)
 
 type mozilla_exec_t;
-corecmd_executable_file(mozilla_exec_t)
+application_executable_file(mozilla_exec_t)

policy/modules/apps/mplayer.if

@@ -43,13 +43,11 @@ template(`mplayer_per_role_template',`
 	#
 
 	type $1_mencoder_t;
-	domain_type($1_mencoder_t)
-	domain_entry_file($1_mencoder_t,mencoder_exec_t)
+	application_domain($1_mencoder_t,mencoder_exec_t)
 	role $3 types $1_mencoder_t;
 
 	type $1_mplayer_t;
-	domain_type($1_mplayer_t)
-	domain_entry_file($1_mplayer_t,mplayer_exec_t)
+	application_domain($1_mplayer_t,mplayer_exec_t)
 	role $3 types $1_mplayer_t;
 
 	type $1_mplayer_home_t alias $1_mplayer_rw_t;

policy/modules/apps/mplayer.te

@@ -1,5 +1,5 @@
 
-policy_module(mplayer,1.2.0)
+policy_module(mplayer,1.2.1)
 
 ########################################
 #
@@ -20,10 +20,10 @@ files_config_file(mplayer_etc_t)
 
 ifdef(`strict_policy',`
 	type mencoder_exec_t;
-	corecmd_executable_file(mencoder_exec_t)
+	application_executable_file(mencoder_exec_t)
 
 	type mplayer_exec_t;
-	corecmd_executable_file(mplayer_exec_t)
+	application_executable_file(mplayer_exec_t)
 ')
 
 ifdef(`targeted_policy',`

policy/modules/apps/rssh.if

@@ -31,8 +31,7 @@ template(`rssh_per_role_template',`
 	#
 
 	type $1_rssh_t alias rssh_$1_t, rssh_domain_type;
-	domain_type($1_rssh_t)
-	domain_entry_file($1_rssh_t,rssh_exec_t)
+	application_domain($1_rssh_t,rssh_exec_t)
 	domain_user_exemption_target($1_t)
 	domain_interactive_fd($1_rssh_t)
 	role system_r types $1_rssh_t;

policy/modules/apps/rssh.te

@@ -1,5 +1,5 @@
 
-policy_module(rssh,1.0.0)
+policy_module(rssh,1.0.1)
 
 ########################################
 #
@@ -10,4 +10,4 @@ attribute rssh_domain_type;
 attribute rssh_ro_content_type;
 
 type rssh_exec_t;
-corecmd_executable_file(rssh_exec_t)
+application_executable_file(rssh_exec_t)

policy/modules/apps/screen.if

@@ -43,8 +43,7 @@ template(`screen_per_role_template',`
 	#
 
 	type $1_screen_t;
-	domain_type($1_screen_t)
-	domain_entry_file($1_screen_t,screen_exec_t)
+	application_domain($1_screen_t,screen_exec_t)
 	domain_interactive_fd($1_screen_t)
 	role $3 types $1_screen_t;
 

policy/modules/apps/screen.te

@@ -1,5 +1,5 @@
 
-policy_module(screen,1.2.0)
+policy_module(screen,1.2.1)
 
 ########################################
 #
@@ -10,4 +10,4 @@ type screen_dir_t;
 files_pid_file(screen_dir_t)
 
 type screen_exec_t;
-corecmd_executable_file(screen_exec_t)
+application_executable_file(screen_exec_t)

policy/modules/apps/thunderbird.if

@@ -40,8 +40,7 @@ template(`thunderbird_per_role_template',`
 	#
 
 	type $1_thunderbird_t;
-	domain_type($1_thunderbird_t)
-	domain_entry_file($1_thunderbird_t,thunderbird_exec_t)
+	application_domain($1_thunderbird_t,thunderbird_exec_t)
 	role $3 types $1_thunderbird_t;
 
 	type $1_thunderbird_home_t alias $1_thunderbird_rw_t;

policy/modules/apps/thunderbird.te

@@ -1,5 +1,5 @@
 
-policy_module(thunderbird,1.3.0)
+policy_module(thunderbird,1.3.1)
 
 ########################################
 #
@@ -7,4 +7,4 @@ policy_module(thunderbird,1.3.0)
 #
 
 type thunderbird_exec_t;
-corecmd_executable_file(thunderbird_exec_t)
+application_executable_file(thunderbird_exec_t)

policy/modules/apps/tvtime.if

@@ -43,8 +43,7 @@ template(`tvtime_per_role_template',`
 	#
 
 	type $1_tvtime_t;
-	domain_type($1_tvtime_t)
-	domain_entry_file($1_tvtime_t,tvtime_exec_t)
+	application_domain($1_tvtime_t,tvtime_exec_t)
 	role $3 types $1_tvtime_t;
 
 	type $1_tvtime_home_t alias $1_tvtime_rw_t;

policy/modules/apps/tvtime.te

@@ -1,5 +1,5 @@
 
-policy_module(tvtime,1.2.0)
+policy_module(tvtime,1.2.1)
 
 ########################################
 #
@@ -7,7 +7,7 @@ policy_module(tvtime,1.2.0)
 #
 
 type tvtime_exec_t;
-corecmd_executable_file(tvtime_exec_t)
+application_executable_file(tvtime_exec_t)
 
 type tvtime_dir_t;
 files_pid_file(tvtime_dir_t)

policy/modules/apps/uml.if

@@ -43,11 +43,9 @@ template(`uml_per_role_template',`
 	#
 
 	type $1_uml_t;
-	domain_type($1_uml_t)
-	role $3 types $1_uml_t;
-
 	type $1_uml_exec_t;
-	domain_entry_file($1_uml_t,$1_uml_exec_t)
+	application_domain($1_uml_t,$1_uml_exec_t)
+	role $3 types $1_uml_t;
 
 	type $1_uml_ro_t;
 	files_type($1_uml_ro_t)

policy/modules/apps/uml.te

@@ -1,5 +1,5 @@
 
-policy_module(uml,1.3.0)
+policy_module(uml,1.3.1)
 
 ########################################
 #
@@ -7,7 +7,7 @@ policy_module(uml,1.3.0)
 #
 
 type uml_exec_t;
-corecmd_executable_file(uml_exec_t)
+application_executable_file(uml_exec_t)
 
 type uml_ro_t;
 files_type(uml_ro_t)

policy/modules/apps/userhelper.if

@@ -43,8 +43,7 @@ template(`userhelper_per_role_template',`
 	#
 
 	type $1_userhelper_t;
-	domain_type($1_userhelper_t)
-	domain_entry_file($1_userhelper_t,userhelper_exec_t)
+	application_domain($1_userhelper_t,userhelper_exec_t)
 	domain_role_change_exemption($1_userhelper_t)
 	domain_obj_id_change_exemption($1_userhelper_t)
 	domain_interactive_fd($1_userhelper_t)

policy/modules/apps/userhelper.te

@@ -1,5 +1,5 @@
 
-policy_module(userhelper,1.2.0)
+policy_module(userhelper,1.2.1)
 
 ########################################
 #
@@ -10,4 +10,4 @@ type userhelper_conf_t;
 files_type(userhelper_conf_t)
 
 type userhelper_exec_t;
-corecmd_executable_file(userhelper_exec_t)
+application_executable_file(userhelper_exec_t)

policy/modules/apps/usernetctl.te

@@ -1,5 +1,5 @@
 
-policy_module(usernetctl,1.1.0)
+policy_module(usernetctl,1.1.1)
 
 ########################################
 #
@@ -18,8 +18,7 @@ gen_tunable(user_net_control,false)
 
 type usernetctl_t;
 type usernetctl_exec_t;
-domain_type(usernetctl_t)
-domain_entry_file(usernetctl_t,usernetctl_exec_t)
+application_domain(usernetctl_t,usernetctl_exec_t)
 domain_interactive_fd(usernetctl_t)
 
 ########################################

policy/modules/apps/webalizer.te

@@ -1,5 +1,5 @@
 
-policy_module(webalizer,1.5.0)
+policy_module(webalizer,1.5.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(webalizer,1.5.0)
 
 type webalizer_t;
 type webalizer_exec_t;
-domain_type(webalizer_t)
-domain_entry_file(webalizer_t,webalizer_exec_t)
+application_domain(webalizer_t,webalizer_exec_t)
 role system_r types webalizer_t;
 
 type webalizer_etc_t;

policy/modules/apps/wine.te

@@ -1,5 +1,5 @@
 
-policy_module(wine,1.3.0)
+policy_module(wine,1.3.1)
 
 ########################################
 #
@@ -7,10 +7,8 @@ policy_module(wine,1.3.0)
 #
 
 type wine_t;
-domain_type(wine_t)
-
 type wine_exec_t;
-domain_entry_file(wine_t,wine_exec_t)
+application_domain(wine_t,wine_exec_t)
 
 ########################################
 #

policy/modules/apps/yam.te

@@ -1,5 +1,5 @@
 
-policy_module(yam,1.1.0)
+policy_module(yam,1.1.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(yam,1.1.0)
 
 type yam_t alias yam_crond_t;
 type yam_exec_t;
-domain_type(yam_t)
-domain_entry_file(yam_t,yam_exec_t)
+application_domain(yam_t,yam_exec_t)
 
 type yam_content_t;
 files_mountpoint(yam_content_t)

policy/modules/services/aide.te

@@ -1,5 +1,5 @@
 
-policy_module(aide,1.1.0)
+policy_module(aide,1.1.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(aide,1.1.0)
 
 type aide_t;
 type aide_exec_t;
-domain_type(aide_t)
-domain_entry_file(aide_t,aide_exec_t)
+application_domain(aide_t,aide_exec_t)
 
 # log files
 type aide_log_t;

policy/modules/services/apm.te

@@ -1,5 +1,5 @@
 
-policy_module(apm,1.4.0)
+policy_module(apm,1.4.1)
 
 ########################################
 #
@@ -10,11 +10,10 @@ type apmd_exec_t;
 init_daemon_domain(apmd_t,apmd_exec_t)
 
 type apm_t;
-domain_type(apm_t)
+type apm_exec_t;
+application_domain(apm_t,apm_exec_t)
 role system_r types apm_t;
 
-type apm_exec_t;
-domain_entry_file(apm_t,apm_exec_t)
 
 type apmd_log_t;
 logging_log_file(apmd_log_t)

policy/modules/services/clockspeed.te

@@ -1,5 +1,5 @@
 
-policy_module(clockspeed,1.2.0)
+policy_module(clockspeed,1.2.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(clockspeed,1.2.0)
 
 type clockspeed_cli_t;
 type clockspeed_cli_exec_t;
-domain_type(clockspeed_cli_t)
-domain_entry_file(clockspeed_cli_t,clockspeed_cli_exec_t)
+application_domain(clockspeed_cli_t,clockspeed_cli_exec_t)
 
 type clockspeed_srv_t;
 type clockspeed_srv_exec_t;

policy/modules/services/cron.if

@@ -50,8 +50,7 @@ template(`cron_per_role_template',`
 	role $3 types $1_crond_t;
 
 	type $1_crontab_t;
-	domain_type($1_crontab_t)
-	domain_entry_file($1_crontab_t,crontab_exec_t)
+	application_domain($1_crontab_t,crontab_exec_t)
 	role $3 types $1_crontab_t;
 
 	type $1_crontab_tmp_t;

policy/modules/services/cron.te

@@ -1,5 +1,5 @@
 
-policy_module(cron,1.7.0)
+policy_module(cron,1.7.1)
 
 gen_require(`
 	class passwd rootok;
@@ -29,7 +29,7 @@ gen_tunable(fcron_crond,false)
 attribute cron_spool_type;
 
 type anacron_exec_t;
-corecmd_executable_file(anacron_exec_t)
+application_executable_file(anacron_exec_t)
 
 type cron_spool_t;
 files_type(cron_spool_t)
@@ -55,7 +55,7 @@ type crond_var_run_t;
 files_pid_file(crond_var_run_t)
 
 type crontab_exec_t;
-corecmd_executable_file(crontab_exec_t)
+application_executable_file(crontab_exec_t)
 
 type system_cron_spool_t, cron_spool_type;
 files_type(system_cron_spool_t)

policy/modules/services/dcc.te

@@ -1,5 +1,5 @@
 
-policy_module(dcc,1.3.0)
+policy_module(dcc,1.3.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(dcc,1.3.0)
 
 type cdcc_t;
 type cdcc_exec_t;
-domain_type(cdcc_t)
-domain_entry_file(cdcc_t,cdcc_exec_t)
+application_domain(cdcc_t,cdcc_exec_t)
 role system_r types cdcc_t;
 
 type cdcc_tmp_t;
@@ -17,8 +16,7 @@ files_tmp_file(cdcc_tmp_t)
 
 type dcc_client_t;
 type dcc_client_exec_t;
-domain_type(dcc_client_t)
-domain_entry_file(dcc_client_t,dcc_client_exec_t)
+application_domain(dcc_client_t,dcc_client_exec_t)
 role system_r types dcc_client_t;
 
 type dcc_client_map_t;
@@ -29,8 +27,7 @@ files_tmp_file(dcc_client_tmp_t)
 
 type dcc_dbclean_t;
 type dcc_dbclean_exec_t;
-domain_type(dcc_dbclean_t)
-domain_entry_file(dcc_dbclean_t,dcc_dbclean_exec_t)
+application_domain(dcc_dbclean_t,dcc_dbclean_exec_t)
 role system_r types dcc_dbclean_t;
 
 type dcc_dbclean_tmp_t;

policy/modules/services/lpd.if

@@ -43,8 +43,7 @@ template(`lpd_per_role_template',`
 	#
 	# Derived domain based on the calling user domain and the program
 	type $1_lpr_t;
-	domain_type($1_lpr_t)
-	domain_entry_file($1_lpr_t,lpr_exec_t)
+	application_domain($1_lpr_t,lpr_exec_t)
 	role $3 types $1_lpr_t;
 
 	type $1_lpr_tmp_t;

policy/modules/services/lpd.te

@@ -1,5 +1,5 @@
 
-policy_module(lpd,1.6.0)
+policy_module(lpd,1.6.1)
 
 ########################################
 #
@@ -32,7 +32,7 @@ type lpd_var_run_t;
 files_pid_file(lpd_var_run_t)
 
 type lpr_exec_t;
-corecmd_executable_file(lpr_exec_t)
+application_executable_file(lpr_exec_t)
 
 type print_spool_t;
 files_tmp_file(print_spool_t)

policy/modules/services/mta.if

@@ -51,8 +51,7 @@ template(`mta_base_mail_template',`
 	#
 
 	type $1_mail_t, user_mail_domain;
-	domain_type($1_mail_t)
-	domain_entry_file($1_mail_t,sendmail_exec_t)
+	application_domain($1_mail_t,sendmail_exec_t)
 
 	type $1_mail_tmp_t;
 	files_tmp_file($1_mail_tmp_t)

policy/modules/services/mta.te

@@ -1,5 +1,5 @@
 
-policy_module(mta,1.7.0)
+policy_module(mta,1.7.1)
 
 ########################################
 #
@@ -26,7 +26,7 @@ type mail_spool_t;
 files_type(mail_spool_t)
 
 type sendmail_exec_t;
-files_type(sendmail_exec_t)
+application_executable_file(sendmail_exec_t)
 
 mta_base_mail_template(system)
 role system_r types system_mail_t;

policy/modules/services/ntop.te

@@ -1,5 +1,5 @@
 
-policy_module(ntop,1.3.0)
+policy_module(ntop,1.3.1)
 
 ########################################
 #
@@ -9,6 +9,7 @@ policy_module(ntop,1.3.0)
 type ntop_t;
 type ntop_exec_t;
 init_daemon_domain(ntop_t,ntop_exec_t)
+application_domain(ntop_t,ntop_exec_t)
 
 type ntop_etc_t;
 files_config_file(ntop_etc_t)

policy/modules/services/oav.te

@@ -1,5 +1,5 @@
 
-policy_module(oav,1.3.0)
+policy_module(oav,1.3.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(oav,1.3.0)
 
 type oav_update_t;
 type oav_update_exec_t;
-domain_type(oav_update_t)
-domain_entry_file(oav_update_t,oav_update_exec_t)
+application_domain(oav_update_t,oav_update_exec_t)
 
 # cjp: may be collapsable to etc_t
 type oav_update_etc_t;

policy/modules/services/postfix.te

@@ -1,5 +1,5 @@
 
-policy_module(postfix,1.6.0)
+policy_module(postfix,1.6.1)
 
 ########################################
 #
@@ -22,7 +22,7 @@ type postfix_etc_t;
 files_type(postfix_etc_t)
 
 type postfix_exec_t;
-corecmd_executable_file(postfix_exec_t)
+application_executable_file(postfix_exec_t)
 
 postfix_server_domain_template(local)
 mta_mailserver_delivery(postfix_local_t)
@@ -33,8 +33,7 @@ files_tmp_file(postfix_local_tmp_t)
 # Program for creating database files
 type postfix_map_t;
 type postfix_map_exec_t;
-domain_type(postfix_map_t)
-domain_entry_file(postfix_map_t,postfix_map_exec_t)
+application_domain(postfix_map_t,postfix_map_exec_t)
 
 type postfix_map_tmp_t;
 files_tmp_file(postfix_map_tmp_t)

policy/modules/services/procmail.te

@@ -1,5 +1,5 @@
 
-policy_module(procmail,1.6.0)
+policy_module(procmail,1.6.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(procmail,1.6.0)
 
 type procmail_t;
 type procmail_exec_t;
-domain_type(procmail_t)
-domain_entry_file(procmail_t,procmail_exec_t)
+application_domain(procmail_t,procmail_exec_t)
 role system_r types procmail_t;
 
 type procmail_tmp_t;

policy/modules/services/publicfile.te

@@ -1,5 +1,5 @@
 
-policy_module(publicfile,1.0.0)
+policy_module(publicfile,1.0.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(publicfile,1.0.0)
 
 type publicfile_t;
 type publicfile_exec_t;
-init_system_domain(publicfile_t,publicfile_exec_t)
-role system_r types publicfile_t;
+init_daemon_domain(publicfile_t,publicfile_exec_t)
 
 type publicfile_content_t;
 files_type(publicfile_content_t)

policy/modules/services/pyzor.te

@@ -1,5 +1,5 @@
 
-policy_module(pyzor,1.3.0)
+policy_module(pyzor,1.3.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(pyzor,1.3.0)
 
 type pyzor_t;
 type pyzor_exec_t;
-domain_type(pyzor_t)
-domain_entry_file(pyzor_t,pyzor_exec_t)
+application_domain(pyzor_t,pyzor_exec_t)
 role system_r types pyzor_t;
 
 type pyzord_t;

policy/modules/services/qmail.te

@@ -1,5 +1,5 @@
 
-policy_module(qmail,1.2.0)
+policy_module(qmail,1.2.1)
 
 ########################################
 #
@@ -56,8 +56,7 @@ init_daemon_domain(qmail_start_t,qmail_start_exec_t)
 
 type qmail_tcp_env_t;
 type qmail_tcp_env_exec_t;
-domain_type(qmail_tcp_env_t)
-domain_entry_file(qmail_tcp_env_t,qmail_tcp_env_exec_t)
+application_domain(qmail_tcp_env_t,qmail_tcp_env_exec_t)
 
 ########################################
 #

policy/modules/services/spamassassin.if

@@ -46,16 +46,14 @@ template(`spamassassin_per_role_template',`
 	#
 
 	type $1_spamc_t;
-	domain_type($1_spamc_t)
-	domain_entry_file($1_spamc_t,spamc_exec_t)
+	application_domain($1_spamc_t,spamc_exec_t)
 	role $3 types $1_spamc_t;
 
 	type $1_spamc_tmp_t;
 	files_tmp_file($1_spamc_tmp_t)
 
 	type $1_spamassassin_t;
-	domain_type($1_spamassassin_t)
-	domain_entry_file($1_spamassassin_t,spamassassin_exec_t)
+	application_domain($1_spamassassin_t,spamassassin_exec_t)
 	role $3 types $1_spamassassin_t;
 
 	type $1_spamassassin_home_t alias $1_spamassassin_rw_t;

policy/modules/services/spamassassin.te

@@ -1,5 +1,5 @@
 
-policy_module(spamassassin,1.7.0)
+policy_module(spamassassin,1.7.1)
 
 ########################################
 #
@@ -26,7 +26,7 @@ gen_tunable(spamd_enable_home_dirs,true)
 
 # spamassassin client executable
 type spamc_exec_t;
-corecmd_executable_file(spamc_exec_t)
+application_executable_file(spamc_exec_t)
 
 type spamd_t;
 type spamd_exec_t;
@@ -46,7 +46,7 @@ type spamd_var_run_t;
 files_pid_file(spamd_var_run_t)
 
 type spamassassin_exec_t;
-corecmd_executable_file(spamassassin_exec_t)
+application_executable_file(spamassassin_exec_t)
 
 ########################################
 #

policy/modules/services/ssh.if

@@ -44,8 +44,7 @@ template(`ssh_basic_client_template',`
 	#
 
 	type $1_ssh_t;
-	domain_type($1_ssh_t)
-	domain_entry_file($1_ssh_t,ssh_exec_t)
+	application_domain($1_ssh_t,ssh_exec_t)
 	role $3 types $1_ssh_t;
 
 	type $1_home_ssh_t;
@@ -216,8 +215,7 @@ template(`ssh_per_role_template',`
 	userdom_user_home_content($1,$1_home_ssh_t)
 
 	type $1_ssh_agent_t;
-	domain_type($1_ssh_agent_t)
-	domain_entry_file($1_ssh_agent_t,ssh_agent_exec_t)
+	application_domain($1_ssh_agent_t,ssh_agent_exec_t)
 	domain_interactive_fd($1_ssh_agent_t)
 	role $3 types $1_ssh_agent_t;
 
@@ -225,8 +223,7 @@ template(`ssh_per_role_template',`
 	files_tmp_file($1_ssh_agent_tmp_t)
 
 	type $1_ssh_keysign_t;
-	domain_type($1_ssh_keysign_t)
-	domain_entry_file($1_ssh_keysign_t,ssh_keysign_exec_t)
+	application_domain($1_ssh_keysign_t,ssh_keysign_exec_t)
 	role $3 types $1_ssh_keysign_t;
 
 	type $1_ssh_tmpfs_t;

policy/modules/services/ssh.te

@@ -1,5 +1,5 @@
 
-policy_module(ssh,1.7.0)
+policy_module(ssh,1.7.1)
 
 ########################################
 #
@@ -28,7 +28,7 @@ files_type(ssh_agent_exec_t)
 
 # ssh client executable.
 type ssh_exec_t;
-corecmd_executable_file(ssh_exec_t)
+application_executable_file(ssh_exec_t)
 
 type ssh_keygen_t;
 type ssh_keygen_exec_t;
@@ -36,7 +36,7 @@ init_system_domain(ssh_keygen_t,ssh_keygen_exec_t)
 role system_r types ssh_keygen_t;
 
 type ssh_keysign_exec_t;
-corecmd_executable_file(ssh_keysign_exec_t)
+application_executable_file(ssh_keysign_exec_t)
 
 type sshd_exec_t;
 corecmd_executable_file(sshd_exec_t)

policy/modules/services/timidity.te

@@ -1,5 +1,5 @@
 
-policy_module(timidity,1.4.0)
+policy_module(timidity,1.4.1)
 
 # Note: You only need this policy if you want to run timidity as a server
 
@@ -11,6 +11,7 @@ policy_module(timidity,1.4.0)
 type timidity_t;
 type timidity_exec_t;
 init_daemon_domain(timidity_t,timidity_exec_t)
+application_domain(timidity_t,timidity_exec_t)
 
 type timidity_tmpfs_t;
 files_tmpfs_file(timidity_tmpfs_t)

policy/modules/services/uucp.te

@@ -1,5 +1,5 @@
 
-policy_module(uucp,1.4.0)
+policy_module(uucp,1.4.1)
 
 ########################################
 #
@@ -30,8 +30,7 @@ logging_log_file(uucpd_log_t)
 
 type uux_t;
 type uux_exec_t;
-domain_type(uux_t)
-domain_entry_file(uux_t,uux_exec_t)
+application_domain(uux_t,uux_exec_t)
 role system_r types uux_t;
 
 ########################################

policy/modules/services/xserver.te

@@ -1,5 +1,5 @@
 
-policy_module(xserver,1.5.0)
+policy_module(xserver,1.5.1)
 
 ########################################
 #
@@ -29,10 +29,10 @@ attribute fonts_config_type;
 attribute xauth_home_type;
 
 type iceauth_exec_t;
-corecmd_executable_file(iceauth_exec_t)
+application_executable_file(iceauth_exec_t)
 
 type xauth_exec_t;
-corecmd_executable_file(xauth_exec_t)
+application_executable_file(xauth_exec_t)
 
 # this is not actually a device, its a pipe
 type xconsole_device_t;

policy/modules/system/application.fc

@@ -0,0 +1 @@
+# No application file contexts.

policy/modules/system/application.if

@@ -0,0 +1,83 @@
+## <summary>Policy for user executable applications.</summary>
+
+########################################
+## <summary>
+##	Make the specified type usable as an application domain.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used as a domain type.
+##	</summary>
+## </param>
+#
+interface(`application_type',`
+	gen_require(`
+		attribute application_domain_type;
+	')
+
+	typeattribute $1 application_domain_type;
+
+	# start with basic domain
+	domain_type($1)
+')
+
+########################################
+## <summary>
+##	Make the specified type usable for files
+##	that are exectuables, such as binary programs.
+##	This does not include shared libraries.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Type to be used for files.
+##	</summary>
+## </param>
+#
+interface(`application_executable_file',`
+	gen_require(`
+		attribute application_exec_type;
+	')
+
+	typeattribute $1 application_exec_type;
+
+	corecmd_executable_file($1)
+')
+
+########################################
+## <summary>
+## Execute application executables in the caller domain.
+## </summary>
+## <param name="type">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`application_exec',`
+	gen_require(`
+		attribute application_exec_type;
+	')
+
+	can_exec($1, application_exec_type)
+')
+
+########################################
+## <summary>
+##	Create a domain which can be started by users
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type to be used as a domain.
+##	</summary>
+## </param>
+## <param name="entry_point">
+##	<summary>
+##	Type of the program to be used as an entry point to this domain.
+##	</summary>
+## </param>
+#
+interface(`application_domain',`
+	application_type($1)
+	application_executable_file($2)
+	domain_entry_file($1,$2)
+')

policy/modules/system/application.te

@@ -0,0 +1,14 @@
+
+policy_module(application,1.0.0)
+
+# Attribute of user applications
+attribute application_domain_type;
+
+# Executables to be run by user
+attribute application_exec_type;
+
+optional_policy(`
+	ssh_sigchld(application_domain_type)
+	ssh_rw_stream_sockets(application_domain_type)
+')
+

policy/modules/system/authlogin.if

@@ -24,8 +24,7 @@ template(`authlogin_common_auth_domain_template',`
 	')
 
 	type $1_chkpwd_t, can_read_shadow_passwords;
-	domain_type($1_chkpwd_t)
-	domain_entry_file($1_chkpwd_t,chkpwd_exec_t)
+	application_domain($1_chkpwd_t,chkpwd_exec_t)
 
 	allow $1_chkpwd_t self:capability { audit_control setuid };
 	allow $1_chkpwd_t self:process getattr;

policy/modules/system/authlogin.te

@@ -1,5 +1,5 @@
 
-policy_module(authlogin,1.7.0)
+policy_module(authlogin,1.7.1)
 
 ########################################
 #
@@ -11,7 +11,7 @@ attribute can_write_shadow_passwords;
 attribute can_relabelto_shadow_passwords;
 
 type chkpwd_exec_t;
-corecmd_executable_file(chkpwd_exec_t)
+application_executable_file(chkpwd_exec_t)
 
 type faillog_t;
 logging_log_file(faillog_t)
@@ -20,7 +20,7 @@ type lastlog_t;
 logging_log_file(lastlog_t)
 
 type login_exec_t;
-corecmd_executable_file(login_exec_t)
+application_executable_file(login_exec_t)
 
 type pam_console_t;
 type pam_console_exec_t;
@@ -50,10 +50,8 @@ neverallow ~can_write_shadow_passwords shadow_t:file { create write };
 neverallow ~can_relabelto_shadow_passwords shadow_t:file relabelto;
 
 type utempter_t;
-domain_type(utempter_t)
-
 type utempter_exec_t;
-domain_entry_file(utempter_t,utempter_exec_t)
+application_domain(utempter_t,utempter_exec_t)
 
 #
 # var_auth_t is the type of /var/lib/auth, usually

policy/modules/system/daemontools.te

@@ -1,5 +1,5 @@
 
-policy_module(daemontools,1.1.0)
+policy_module(daemontools,1.1.1)
 
 ########################################
 #
@@ -14,14 +14,12 @@ files_type(svc_log_t)
 
 type svc_multilog_t;
 type svc_multilog_exec_t;
-domain_type(svc_multilog_t)
-domain_entry_file(svc_multilog_t,svc_multilog_exec_t)
+application_domain(svc_multilog_t,svc_multilog_exec_t)
 role system_r types svc_multilog_t;
 
 type svc_run_t;
 type svc_run_exec_t;
-domain_type(svc_run_t)
-domain_entry_file(svc_run_t,svc_run_exec_t)
+application_domain(svc_run_t,svc_run_exec_t)
 role system_r types svc_run_t;
 
 type svc_start_t;

policy/modules/system/init.if

@@ -196,8 +196,7 @@ interface(`init_system_domain',`
 		role system_r;
 	')
 
-	domain_type($1)
-	domain_entry_file($1,$2)
+	application_domain($1,$2)
 
 	role system_r types $1;
 

policy/modules/system/init.te

@@ -1,5 +1,5 @@
 
-policy_module(init,1.7.0)
+policy_module(init,1.7.1)
 
 gen_require(`
 	class passwd rootok;
@@ -642,6 +642,11 @@ optional_policy(`
 	loadkeys_exec(initrc_t)
 ')
 
+optional_policy(`
+	# in emergency/recovery situations use sulogin
+	locallogin_domtrans_sulogin(initrc_t)
+')
+
 optional_policy(`
 	# This is needed to permit chown to read /var/spool/lpd/lp.
 	# This is opens up security more than necessary; this means that ANYTHING

policy/modules/system/locallogin.if

@@ -111,3 +111,21 @@ interface(`locallogin_link_keys',`
 
 	allow $1 local_login_t:key link;
 ')
+
+########################################
+## <summary>
+##	Execute local logins in the local login domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`locallogin_domtrans_sulogin',`
+	gen_require(`
+		type sulogin_exec_t, sulogin_t;
+	')
+
+	domtrans_pattern($1,sulogin_exec_t,sulogin_t)
+')

policy/modules/system/locallogin.te

@@ -1,5 +1,5 @@
 
-policy_module(locallogin,1.4.0)
+policy_module(locallogin,1.4.1)
 
 ########################################
 #
@@ -25,7 +25,6 @@ domain_subj_id_change_exemption(sulogin_t)
 domain_role_change_exemption(sulogin_t)
 domain_interactive_fd(sulogin_t)
 init_domain(sulogin_t,sulogin_exec_t)
-init_system_domain(sulogin_t,sulogin_exec_t)
 role system_r types sulogin_t;
 
 ########################################

policy/modules/system/modutils.te

@@ -1,5 +1,5 @@
 
-policy_module(modutils,1.4.0)
+policy_module(modutils,1.4.1)
 
 gen_require(`
 	bool secure_mode_insmod;
@@ -20,8 +20,7 @@ files_type(modules_dep_t)
 
 type insmod_t;
 type insmod_exec_t;
-domain_type(insmod_t)
-domain_entry_file(insmod_t,insmod_exec_t)
+application_domain(insmod_t,insmod_exec_t)
 mls_file_write_down(insmod_t)
 role system_r types insmod_t;
 

policy/modules/system/mount.te

@@ -1,5 +1,5 @@
 
-policy_module(mount,1.7.0)
+policy_module(mount,1.7.1)
 
 ########################################
 #
@@ -28,8 +28,7 @@ files_tmp_file(mount_tmp_t)
 
 ifdef(`targeted_policy',`
 	type unconfined_mount_t;
-	domain_type(unconfined_mount_t)
-	domain_entry_file(unconfined_mount_t,mount_exec_t)
+	application_domain(unconfined_mount_t,mount_exec_t)
 ')
 
 ########################################

policy/modules/system/netlabel.te

@@ -1,5 +1,5 @@
 
-policy_module(netlabel,1.0.0)
+policy_module(netlabel,1.0.1)
 
 ########################################
 #
@@ -8,8 +8,7 @@ policy_module(netlabel,1.0.0)
 
 type netlabel_mgmt_t;
 type netlabel_mgmt_exec_t;
-domain_type(netlabel_mgmt_t)
-domain_entry_file(netlabel_mgmt_t,netlabel_mgmt_exec_t)
+application_domain(netlabel_mgmt_t,netlabel_mgmt_exec_t)
 
 ########################################
 #

policy/modules/system/pcmcia.te

@@ -1,5 +1,5 @@
 
-policy_module(pcmcia,1.2.0)
+policy_module(pcmcia,1.2.1)
 
 ########################################
 #
@@ -22,7 +22,7 @@ type cardmgr_var_run_t;
 files_pid_file(cardmgr_var_run_t)
 
 type cardctl_exec_t;
-domain_entry_file(cardmgr_t,cardctl_exec_t)
+application_domain(cardmgr_t,cardctl_exec_t)
 
 ########################################
 #

policy/modules/system/selinuxutil.te

@@ -1,5 +1,5 @@
 
-policy_module(selinuxutil,1.6.0)
+policy_module(selinuxutil,1.6.1)
 
 ifdef(`strict_policy',`
 	gen_require(`
@@ -26,11 +26,9 @@ type selinux_config_t;
 files_type(selinux_config_t)
 
 type checkpolicy_t, can_write_binary_policy;
-domain_type(checkpolicy_t)
-role system_r types checkpolicy_t;
-
 type checkpolicy_exec_t;
-domain_entry_file(checkpolicy_t,checkpolicy_exec_t)
+application_domain(checkpolicy_t, checkpolicy_exec_t)
+role system_r types checkpolicy_t;
 
 #
 # default_context_t is the type applied to
@@ -47,20 +45,17 @@ type file_context_t;
 files_type(file_context_t)
 
 type load_policy_t;
-domain_type(load_policy_t)
+type load_policy_exec_t;
+application_domain(load_policy_t,load_policy_exec_t)
 role system_r types load_policy_t;
 
-type load_policy_exec_t;
-domain_entry_file(load_policy_t,load_policy_exec_t)
-
 type newrole_t;
+type newrole_exec_t;
+application_domain(newrole_t,newrole_exec_t)
 domain_role_change_exemption(newrole_t)
 domain_obj_id_change_exemption(newrole_t)
-domain_type(newrole_t)
 domain_interactive_fd(newrole_t)
 
-type newrole_exec_t;
-domain_entry_file(newrole_t,newrole_exec_t)
 
 #
 # policy_config_t is the type of /etc/security/selinux/*
@@ -90,16 +85,15 @@ files_pid_file(restorecond_var_run_t)
 
 type run_init_t;
 type run_init_exec_t;
-domain_type(run_init_t)
-domain_entry_file(run_init_t,run_init_exec_t)
+application_domain(run_init_t,run_init_exec_t)
 domain_system_change_exemption(run_init_t)
+role system_r types run_init_t;
 
 type semanage_t;
-domain_type(semanage_t)
 domain_interactive_fd(semanage_t)
 
 type semanage_exec_t;
-domain_entry_file(semanage_t, semanage_exec_t)
+application_domain(semanage_t,semanage_exec_t)
 role system_r types semanage_t;
 
 type semanage_store_t;