fix the object class in process transition interfaces

refpolicy/policy/modules/admin/consoletype.if

@@ -8,7 +8,7 @@ define(`consoletype_transition',`
 requires_block_template(`$0'_depend)
 allow $1 consoletype_exec_t:file { getattr read execute };
 allow $1 consoletype_t:process transition;
-type_transition $1 consoletype_exec_t:file consoletype_t;
+type_transition $1 consoletype_exec_t:process consoletype_t;
 dontaudit $1 consoletype_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/admin/rpm.if

@@ -17,7 +17,7 @@ define(`rpm_transition',`
 requires_block_template(`$0'_depend)
 allow $1 rpm_exec_t:file { getattr read execute };
 allow $1 rpm_t:process transition;
-type_transition $1 rpm_exec_t:file rpm_t;
+type_transition $1 rpm_exec_t:process rpm_t;
 dontaudit $1 rpm_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/kernel/bootloader.if

@@ -17,7 +17,7 @@ define(`bootloader_transition',`
 requires_block_template(`$0'_depend)
 allow $1 bootloader_exec_t:file { getattr read execute };
 allow $1 bootloader_t:process transition;
-type_transition $1 bootloader_exec_t:file bootloader_t;
+type_transition $1 bootloader_exec_t:process bootloader_t;
 dontaudit $1 bootloader_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/services/mta.if

@@ -35,7 +35,7 @@ allow $1_mail_t sendmail_exec_t:lnk_file { getattr read };
 allow $1_t sendmail_exec_t:file { getattr read execute execute_no_trans };
 allow $1_t sendmail_exec_t:lnk_file { getattr read };
 allow $1_t $1_mail_t:process transition;
-type_transition $1_t sendmail_exec_t:file $1_mail_t;
+type_transition $1_t sendmail_exec_t:process $1_mail_t;
 
 kernel_read_kernel_sysctl($1_mail_t)
 
@@ -172,7 +172,7 @@ requires_block_template(`$0'_depend)
 allow $1 sendmail_exec_t:lnk_file { getattr read };
 allow $1 sendmail_exec_t:file { getattr read execute };
 allow $1 system_mail_t:process transition;
-type_transition $1 sendmail_exec_t:file system_mail_t;
+type_transition $1 sendmail_exec_t:process system_mail_t;
 dontaudit $1 system_mail_t:process { noatsecure siginh rlimitinh };
 
 allow $1 system_mail_t:fd use;

refpolicy/policy/modules/system/authlogin.if

@@ -100,6 +100,35 @@ type login_exec_t;
 domain_make_entrypoint_file_depend
 ')
 
+########################################
+## <interface name="authlogin_login_program_transition">
+##	<description>
+##		Execute a login_program in the target domain.
+##	</description>
+##	<parameter name="domain">
+##		The type of the process performing this action.
+##	</parameter>
+##	<parameter name="target_domain">
+##		The type of the login_program process.
+##	</parameter>
+##	<infoflow type="write" weight="10"/>
+## </interface>
+#
+define(`authlogin_login_program_transition',`
+requires_block_template(`$0'_depend)
+# FIXME: search bin_t
+allow $1 login_exec_t:file { getattr read execute };
+allow $1 $2:process transition;
+type_transition $1 login_exec_t:process $2;
+dontaudit $1 $2:process { noatsecure siginh rlimitinh };
+')
+
+define(`authlogin_login_program_transition_depend',`
+type login_exec_t;
+class file { getattr read execute };
+class process { transition noatsecure siginh rlimitinh };
+')
+
 #######################################
 #
 # authlogin_check_password_transition(domain)
@@ -266,7 +295,7 @@ define(`authlogin_pam_transition',`
 requires_block_template(`$0'_depend)
 allow $1 pam_exec_t:file { getattr read execute };
 allow $1 pam_t:process transition;
-type_transition $1 pam_exec_t:file pam_t;
+type_transition $1 pam_exec_t:process pam_t;
 dontaudit $1 pam_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -363,7 +392,7 @@ define(`authlogin_pam_console_transition',`
 requires_block_template(`$0'_depend)
 allow $1 pam_console_exec_t:file { getattr read execute };
 allow $1 pam_console_t:process transition;
-type_transition $1 pam_console_exec_t:file pam_console_t;
+type_transition $1 pam_console_exec_t:process pam_console_t;
 dontaudit $1 pam_console_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -426,7 +455,7 @@ define(`authlogin_utempter_transition',`
 requires_block_template(`$0'_depend)
 allow $1 utempter_exec_t:file { getattr read execute };
 allow $1 utempter_t:process transition;
-type_transition $1 utempter_exec_t:file utempter_t;
+type_transition $1 utempter_exec_t:process utempter_t;
 dontaudit $1 utempter_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/clock.if

@@ -15,7 +15,7 @@ define(`clock_transition',`
 requires_block_template(`$0'_depend)
 allow $1 hwclock_exec_t:file { getattr read execute };
 allow $1 hwclock_t:process transition;
-type_transition $1 hwclock_exec_t:file hwclock_t;
+type_transition $1 hwclock_exec_t:process hwclock_t;
 dontaudit $1 hwclock_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/corecommands.if

@@ -148,7 +148,7 @@ allow $1 bin_t:dir { getattr search read };
 allow $1 bin_t:lnk_file { getattr read };
 allow $1 shell_exec_t:file { getattr read execute };
 allow $1 $2:process transition;
-type_transition $1 shell_exec_t:file $2;
+type_transition $1 shell_exec_t:process $2;
 dontaudit $1 $2:process { noatsecure siginh rlimitinh };
 ')
 
@@ -157,6 +157,7 @@ type bin_t, shell_exec_t;
 class dir { getattr search read };
 class lnk_file { getattr read };
 class file { getattr read execute };
+class process { transition noatsecure siginh rlimitinh };
 ')
 
 ########################################

refpolicy/policy/modules/system/getty.if

@@ -8,7 +8,7 @@ define(`getty_transition',`
 requires_block_template(`$0'_depend)
 allow $1 getty_exec_t:file { getattr read execute };
 allow $1 getty_t:process transition;
-type_transition $1 getty_exec_t:file getty_t;
+type_transition $1 getty_exec_t:process getty_t;
 dontaudit $1 getty_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/hostname.if

@@ -8,7 +8,7 @@ define(`hostname_transition',`
 requires_block_template(`$0'_depend)
 allow $1 hostname_exec_t:file { getattr read execute };
 allow $1 hostname_t:process transition;
-type_transition $1 hostname_exec_t:file hostname_t;
+type_transition $1 hostname_exec_t:process hostname_t;
 dontaudit $1 hostname_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/hotplug.if

@@ -8,7 +8,7 @@ define(`hotplug_transition',`
 requires_block_template(`$0'_depend)
 allow $1 hotplug_exec_t:file { getattr read execute };
 allow $1 hotplug_t:process transition;
-type_transition $1 hotplug_exec_t:file hotplug_t;
+type_transition $1 hotplug_exec_t:process hotplug_t;
 dontaudit $1 hotplug_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/init.if

@@ -71,7 +71,6 @@ class process { transition noatsecure siginh rlimitinh };
 role system_r;
 ')
 
-
 ########################################
 #
 # init_transition(domain)
@@ -80,7 +79,7 @@ define(`init_transition',`
 requires_block_template(`$0'_depend)
 allow $1 init_exec_t:file { getattr read execute };
 allow $1 init_t:process transition;
-type_transition $1 init_exec_t:file init_t;
+type_transition $1 init_exec_t:process init_t;
 dontaudit $1 init_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/init.te

@@ -74,6 +74,7 @@ files_create_daemon_runtime_data(init_t,init_var_run_t)
 # is also in this module
 allow init_t initrc_t:process transition;
 allow init_t initrc_exec_t:file { getattr read execute };
+type_transition init_t initrc_exec_t:process initrc_t;
 
 allow init_t self:fifo_file { read write ioctl };
 

refpolicy/policy/modules/system/iptables.if

@@ -15,7 +15,7 @@ define(`iptables_transition',`
 requires_block_template(`$0'_depend)
 allow $1 iptables_exec_t:file { getattr read execute };
 allow $1 iptables_t:process transition;
-type_transition $1 iptables_exec_t:file iptables_t;
+type_transition $1 iptables_exec_t:process iptables_t;
 dontaudit $1 iptables_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/libraries.if

@@ -17,7 +17,7 @@ define(`libraries_ldconfig_transition',`
 requires_block_template(`$0'_depend)
 allow $1 ldconfig_exec_t:file { getattr read execute };
 allow $1 ldconfig_t:process transition;
-type_transition $1 ldconfig_exec_t:file ldconfig_t;
+type_transition $1 ldconfig_exec_t:process ldconfig_t;
 dontaudit $1 ldconfig_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/locallogin.if

@@ -6,16 +6,11 @@
 #
 define(`locallogin_transition',`
 requires_block_template(`$0'_depend)
-allow $1 login_exec_t:file { getattr read execute };
-allow $1 local_login_t:process transition;
-type_transition $1 login_exec_t:file local_login_t;
-dontaudit $1 local_login_t:process { noatsecure siginh rlimitinh };
+authlogin_login_program_transition($1,local_login_t)
 ')
 
 define(`locallogin_transition_depend',`
-type local_login_t, login_exec_t;
-class file { getattr read execute };
-class process { transition noatsecure siginh rlimitinh };
+type local_login_t;
 ')
 
 ########################################

refpolicy/policy/modules/system/lvm.if

@@ -15,7 +15,7 @@ define(`lvm_transition',`
 requires_block_template(`$0'_depend)
 allow $1 lvm_exec_t:file { getattr read execute };
 allow $1 lvm_t:process transition;
-type_transition $1 lvm_exec_t:file lvm_t;
+type_transition $1 lvm_exec_t:process lvm_t;
 dontaudit $1 lvm_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/modutils.if

@@ -63,7 +63,7 @@ define(`modutils_insmod_transition',`
 requires_block_template(`$0'_depend)
 allow $1 insmod_exec_t:file { getattr read execute };
 allow $1 insmod_t:process transition;
-type_transition $1 insmod_exec_t:file insmod_t;
+type_transition $1 insmod_exec_t:process insmod_t;
 dontaudit $1 insmod_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -133,7 +133,7 @@ define(`modutils_depmod_transition',`
 requires_block_template(`$0'_depend)
 allow $1 depmod_exec_t:file { getattr read execute };
 allow $1 depmod_t:process transition;
-type_transition $1 depmod_exec_t:file depmod_t;
+type_transition $1 depmod_exec_t:process depmod_t;
 dontaudit $1 depmod_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -201,7 +201,7 @@ define(`modutils_update_modules_transition',`
 requires_block_template(`$0'_depend)
 allow $1 update_modules_exec_t:file { getattr read execute };
 allow $1 update_modules_t:process transition;
-type_transition $1 update_modules_exec_t:file update_modules_t;
+type_transition $1 update_modules_exec_t:process update_modules_t;
 dontaudit $1 update_modules_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/mount.if

@@ -15,7 +15,7 @@ define(`mount_transition',`
 requires_block_template(`$0'_depend)
 allow $1 mount_exec_t:file { getattr read execute };
 allow $1 mount_t:process transition;
-type_transition $1 mount_exec_t:file mount_t;
+type_transition $1 mount_exec_t:process mount_t;
 dontaudit $1 mount_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/selinux.if

@@ -17,7 +17,7 @@ define(`selinux_checkpolicy_transition',`
 requires_block_template(`$0'_depend)
 allow $1 checkpolicy_exec_t:file { getattr read execute };
 allow $1 checkpolicy_t:process transition;
-type_transition $1 checkpolicy_exec_t:file checkpolicy_t;
+type_transition $1 checkpolicy_exec_t:process checkpolicy_t;
 dontaudit $1 checkpolicy_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -87,7 +87,7 @@ define(`selinux_load_policy_transition',`
 requires_block_template(`$0'_depend)
 allow $1 load_policy_exec_t:file { getattr read execute };
 allow $1 load_policy_t:process transition;
-type_transition $1 load_policy_exec_t:file load_policy_t;
+type_transition $1 load_policy_exec_t:process load_policy_t;
 dontaudit $1 load_policy_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -171,7 +171,7 @@ define(`selinux_newrole_transition',`
 requires_block_template(`$0'_depend)
 allow $1 newrole_exec_t:file { getattr read execute };
 allow $1 newrole_t:process transition;
-type_transition $1 newrole_exec_t:file newrole_t;
+type_transition $1 newrole_exec_t:process newrole_t;
 dontaudit $1 newrole_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -291,7 +291,7 @@ define(`selinux_restorecon_transition',`
 requires_block_template(`$0'_depend)
 allow $1 restorecon_exec_t:file { getattr read execute };
 allow $1 restorecon_t:process transition;
-type_transition $1 restorecon_exec_t:file restorecon_t;
+type_transition $1 restorecon_exec_t:process restorecon_t;
 dontaudit $1 restorecon_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -361,7 +361,7 @@ define(`selinux_run_init_transition',`
 requires_block_template(`$0'_depend)
 allow $1 run_init_exec_t:file { getattr read execute };
 allow $1 run_init_t:process transition;
-type_transition $1 run_init_exec_t:file run_init_t;
+type_transition $1 run_init_exec_t:process run_init_t;
 dontaudit $1 run_init_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -431,7 +431,7 @@ define(`selinux_setfiles_transition',`
 requires_block_template(`$0'_depend)
 allow $1 setfiles_exec_t:file { getattr read execute };
 allow $1 setfiles_t:process transition;
-type_transition $1 setfiles_exec_t:file setfiles_t;
+type_transition $1 setfiles_exec_t:process setfiles_t;
 dontaudit $1 setfiles_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/selinuxutil.if

@@ -17,7 +17,7 @@ define(`selinux_checkpolicy_transition',`
 requires_block_template(`$0'_depend)
 allow $1 checkpolicy_exec_t:file { getattr read execute };
 allow $1 checkpolicy_t:process transition;
-type_transition $1 checkpolicy_exec_t:file checkpolicy_t;
+type_transition $1 checkpolicy_exec_t:process checkpolicy_t;
 dontaudit $1 checkpolicy_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -87,7 +87,7 @@ define(`selinux_load_policy_transition',`
 requires_block_template(`$0'_depend)
 allow $1 load_policy_exec_t:file { getattr read execute };
 allow $1 load_policy_t:process transition;
-type_transition $1 load_policy_exec_t:file load_policy_t;
+type_transition $1 load_policy_exec_t:process load_policy_t;
 dontaudit $1 load_policy_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -171,7 +171,7 @@ define(`selinux_newrole_transition',`
 requires_block_template(`$0'_depend)
 allow $1 newrole_exec_t:file { getattr read execute };
 allow $1 newrole_t:process transition;
-type_transition $1 newrole_exec_t:file newrole_t;
+type_transition $1 newrole_exec_t:process newrole_t;
 dontaudit $1 newrole_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -291,7 +291,7 @@ define(`selinux_restorecon_transition',`
 requires_block_template(`$0'_depend)
 allow $1 restorecon_exec_t:file { getattr read execute };
 allow $1 restorecon_t:process transition;
-type_transition $1 restorecon_exec_t:file restorecon_t;
+type_transition $1 restorecon_exec_t:process restorecon_t;
 dontaudit $1 restorecon_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -361,7 +361,7 @@ define(`selinux_run_init_transition',`
 requires_block_template(`$0'_depend)
 allow $1 run_init_exec_t:file { getattr read execute };
 allow $1 run_init_t:process transition;
-type_transition $1 run_init_exec_t:file run_init_t;
+type_transition $1 run_init_exec_t:process run_init_t;
 dontaudit $1 run_init_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -431,7 +431,7 @@ define(`selinux_setfiles_transition',`
 requires_block_template(`$0'_depend)
 allow $1 setfiles_exec_t:file { getattr read execute };
 allow $1 setfiles_t:process transition;
-type_transition $1 setfiles_exec_t:file setfiles_t;
+type_transition $1 setfiles_exec_t:process setfiles_t;
 dontaudit $1 setfiles_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/sysnetwork.fc

@@ -8,13 +8,13 @@
 #
 # /etc
 #
-/etc/dhclient.*conf	--	context_template(system_u:object_r:dhcp_etc_t,s0)
-/etc/dhclient-script	--	context_template(system_u:object_r:dhcp_etc_t,s0)
-/etc/dhcpc.*			context_template(system_u:object_r:dhcp_etc_t,s0)
+#/etc/dhclient.*conf	--	context_template(system_u:object_r:dhcp_etc_t,s0)
+#/etc/dhclient-script	--	context_template(system_u:object_r:dhcp_etc_t,s0)
+#/etc/dhcpc.*			context_template(system_u:object_r:dhcp_etc_t,s0)
 /etc/resolv\.conf.*	--	context_template(system_u:object_r:net_conf_t,s0)
 /etc/yp\.conf.*		--	context_template(system_u:object_r:net_conf_t,s0)
 
-/etc/dhcp3?/dhclient.*		context_template(system_u:object_r:dhcp_etc_t,s0)
+#/etc/dhcp3?/dhclient.*		context_template(system_u:object_r:dhcp_etc_t,s0)
 
 #
 # /sbin
@@ -40,7 +40,7 @@
 #
 # /var
 #
-/var/lib/dhcp3?		-d	context_template(system_u:object_r:dhcp_state_t,s0)
+#/var/lib/dhcp3?		-d	context_template(system_u:object_r:dhcp_state_t,s0)
 /var/lib/dhcp3?/dhclient.*	context_template(system_u:object_r:dhcpc_state_t,s0)
 
 /var/run/dhclient.*\.pid --	context_template(system_u:object_r:dhcpc_var_run_t,s0)

refpolicy/policy/modules/system/sysnetwork.if

@@ -8,7 +8,7 @@ define(`sysnetwork_dhcpc_transition',`
 requires_block_template(`$0'_depend)
 allow $1 dhcpc_exec_t:file { getattr read execute };
 allow $1 dhcpc_t:process transition;
-type_transition $1 dhcpc_exec_t:file dhcpc_t;
+type_transition $1 dhcpc_exec_t:process dhcpc_t;
 dontaudit $1 dhcpc_t:process { noatsecure siginh rlimitinh };
 ')
 
@@ -33,7 +33,7 @@ define(`sysnetwork_ifconfig_transition',`
 requires_block_template(`$0'_depend)
 allow $1 ifconfig_exec_t:file { getattr read execute };
 allow $1 ifconfig_t:process transition;
-type_transition $1 ifconfig_exec_t:file ifconfig_t;
+type_transition $1 ifconfig_exec_t:process ifconfig_t;
 dontaudit $1 ifconfig_t:process { noatsecure siginh rlimitinh };
 ')
 

refpolicy/policy/modules/system/udev.if

@@ -8,7 +8,7 @@ define(`udev_transition',`
 requires_block_template(`$0'_depend)
 allow $1 udev_exec_t:file { getattr read execute };
 allow $1 udev_t:process transition;
-type_transition $1 udev_exec_t:file udev_t;
+type_transition $1 udev_exec_t:process udev_t;
 dontaudit $1 udev_t:process { noatsecure siginh rlimitinh };
 ')