From e51048a4e8409923505f141a1f06ff42c3880087 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 6 Jun 2006 17:51:24 +0000
Subject: [PATCH] fix execmod all files rule in wine

---
 refpolicy/policy/modules/apps/wine.te    |  5 ++--
 refpolicy/policy/modules/kernel/files.if | 31 ++++++++++++++++++++++++
 refpolicy/policy/modules/kernel/files.te |  2 +-
 3 files changed, 34 insertions(+), 4 deletions(-)

diff --git a/refpolicy/policy/modules/apps/wine.te b/refpolicy/policy/modules/apps/wine.te
index 21ac5b4e..b9cda469 100644
--- a/refpolicy/policy/modules/apps/wine.te
+++ b/refpolicy/policy/modules/apps/wine.te
@@ -1,5 +1,5 @@
 
-policy_module(wine,1.1.0)
+policy_module(wine,1.1.1)
 
 ########################################
 #
@@ -20,6 +20,5 @@ domain_entry_file(wine_t,wine_exec_t)
 ifdef(`targeted_policy',`
 	allow wine_t self:process { execstack execmem };
 	unconfined_domain_noaudit(wine_t)
-	role system_r types wine_t;
-	allow wine_t file_type:file execmod;
+	files_execmod_all_files(wine_t)
 ')
diff --git a/refpolicy/policy/modules/kernel/files.if b/refpolicy/policy/modules/kernel/files.if
index 1ec9f574..bae6158b 100644
--- a/refpolicy/policy/modules/kernel/files.if
+++ b/refpolicy/policy/modules/kernel/files.if
@@ -450,6 +450,37 @@ interface(`files_read_all_files',`
 	')
 ')
 
+########################################
+## <summary>
+##	Allow shared library text relocations in all files.
+## </summary>
+## <desc>
+##	<p>
+##	Allow shared library text relocations in all files.
+##	</p>
+##	<p>
+##	This is added to support WINE in the targeted
+##	policy.  It has no effect on the strict policy.
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`files_execmod_all_files',`
+	ifdef(`targeted_policy',`
+		gen_require(`
+			attribute file_type;
+		')
+
+		allow $1 file_type:file execmod;
+	',`
+		errprint(__file__:__line__:` $0($1) has no effect in strict policy.'__endline__)
+	')
+')
+
 ########################################
 ## <summary>
 ##	Read all non-security files.
diff --git a/refpolicy/policy/modules/kernel/files.te b/refpolicy/policy/modules/kernel/files.te
index 6a362d6a..942046aa 100644
--- a/refpolicy/policy/modules/kernel/files.te
+++ b/refpolicy/policy/modules/kernel/files.te
@@ -1,5 +1,5 @@
 
-policy_module(files,1.2.9)
+policy_module(files,1.2.10)
 
 ########################################
 #