From e166ec9ba4a8f9520e828d407c71492d99b4dafa Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Sep 21 2011 12:44:35 +0000
Subject: Add role attributes to ncftool.


---

diff --git a/ncftool.if b/ncftool.if
index 75ee31d..a648982 100644
--- a/ncftool.if
+++ b/ncftool.if
@@ -36,13 +36,9 @@ interface(`ncftool_domtrans',`
 #
 interface(`ncftool_run',`
 	gen_require(`
-		type ncftool_t;
+		attribute_role ncftool_roles;
 	')
 
 	ncftool_domtrans($1)
-	role $2 types ncftool_t;
-
-	optional_policy(`
-		brctl_run(ncftool_t, $2)
-	')
+	roleattribute $2 ncftool_roles;
 ')
diff --git a/ncftool.te b/ncftool.te
index ec29391..34de094 100644
--- a/ncftool.te
+++ b/ncftool.te
@@ -5,12 +5,15 @@ policy_module(ncftool, 1.0.0)
 # Declarations
 #
 
+attribute_role ncftool_roles;
+roleattribute system_r ncftool_roles;
+
 type ncftool_t;
 type ncftool_exec_t;
 application_domain(ncftool_t, ncftool_exec_t)
 domain_obj_id_change_exemption(ncftool_t)
 domain_system_change_exemption(ncftool_t)
-role system_r types ncftool_t;
+role ncftool_roles types ncftool_t;
 
 ########################################
 #
@@ -45,8 +48,8 @@ files_read_usr_files(ncftool_t)
 miscfiles_read_localization(ncftool_t)
 
 sysnet_delete_dhcpc_pid(ncftool_t)
-sysnet_domtrans_dhcpc(ncftool_t)
-sysnet_domtrans_ifconfig(ncftool_t)
+sysnet_run_dhcpc(ncftool_t, ncftool_roles)
+sysnet_run_ifconfig(ncftool_t, ncftool_roles)
 sysnet_etc_filetrans_config(ncftool_t)
 sysnet_manage_config(ncftool_t)
 sysnet_read_dhcpc_state(ncftool_t)
@@ -70,9 +73,9 @@ optional_policy(`
 
 optional_policy(`
 	modutils_read_module_config(ncftool_t)
-	modutils_domtrans_insmod(ncftool_t)
+	modutils_run_insmod(ncftool_t, ncftool_roles)
 ')
 
 optional_policy(`
-	netutils_domtrans(ncftool_t)
+	netutils_run(ncftool_t, ncftool_roles)
 ')