fix execmod all files rule in wine

refpolicy/policy/modules/apps/wine.te

@@ -1,5 +1,5 @@
 
-policy_module(wine,1.1.0)
+policy_module(wine,1.1.1)
 
 ########################################
 #
@@ -20,6 +20,5 @@ domain_entry_file(wine_t,wine_exec_t)
 ifdef(`targeted_policy',`
 	allow wine_t self:process { execstack execmem };
 	unconfined_domain_noaudit(wine_t)
-	role system_r types wine_t;
-	allow wine_t file_type:file execmod;
+	files_execmod_all_files(wine_t)
 ')

refpolicy/policy/modules/kernel/files.if

@@ -450,6 +450,37 @@ interface(`files_read_all_files',`
 	')
 ')
 
+########################################
+## <summary>
+##	Allow shared library text relocations in all files.
+## </summary>
+## <desc>
+##	<p>
+##	Allow shared library text relocations in all files.
+##	</p>
+##	<p>
+##	This is added to support WINE in the targeted
+##	policy.  It has no effect on the strict policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_execmod_all_files',`
+	ifdef(`targeted_policy',`
+		gen_require(`
+			attribute file_type;
+		')
+
+		allow $1 file_type:file execmod;
+	',`
+		errprint(__file__:__line__:` $0($1) has no effect in strict policy.'__endline__)
+	')
+')
+
 ########################################
 ## <summary>
 ##	Read all non-security files.

refpolicy/policy/modules/kernel/files.te

@@ -1,5 +1,5 @@
 
-policy_module(files,1.2.9)
+policy_module(files,1.2.10)
 
 ########################################
 #