From 66681e60aba582e24be06cf8ae03cff5e0a86116 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Sep 21 2011 12:44:07 +0000
Subject: Add role attributes to livecd.


---

diff --git a/livecd.if b/livecd.if
index b2e27ec..ae29d9f 100644
--- a/livecd.if
+++ b/livecd.if
@@ -36,15 +36,11 @@ interface(`livecd_domtrans',`
 #
 interface(`livecd_run',`
 	gen_require(`
-		type livecd_t;
+		attribute_role livecd_roles;
 	')
 
 	livecd_domtrans($1)
-	role $2 types livecd_t;
-
-	optional_policy(`
-		mount_run(livecd_t, $2)
-	')
+	roleattribute $2 livecd_roles;
 ')
 
 ########################################
diff --git a/livecd.te b/livecd.te
index e3c0aa0..f2c6af7 100644
--- a/livecd.te
+++ b/livecd.te
@@ -5,10 +5,13 @@ policy_module(livecd, 1.1.0)
 # Declarations
 #
 
+attribute_role livecd_roles;
+roleattribute system_r livecd_roles;
+
 type livecd_t;
 type livecd_exec_t;
 application_domain(livecd_t, livecd_exec_t)
-role system_r types livecd_t;
+role livecd_roles types livecd_t;
 
 type livecd_tmp_t;
 files_tmp_file(livecd_tmp_t)
@@ -27,9 +30,14 @@ manage_files_pattern(livecd_t, livecd_tmp_t, livecd_tmp_t)
 files_tmp_filetrans(livecd_t, livecd_tmp_t, { dir file })
 
 optional_policy(`
-	unconfined_domain(livecd_t)
+	mount_run(livecd_t, livecd_roles)
 ')
 
 optional_policy(`
 	hal_dbus_chat(livecd_t)
 ')
+
+optional_policy(`
+	unconfined_domain(livecd_t)
+')
+