From mboxrd@z Thu Jan  1 00:00:00 1970
From: guido@trentalancia.net (Guido Trentalancia)
Date: Wed, 14 Dec 2016 01:48:51 +0100
Subject: [refpolicy] [PATCH 2/5] userdomain: separate optional conditionals
 for gnome and wm role templates
In-Reply-To: <1481322107.2989.1.camel@trentalancia.net>
References: <1481130053.3300.9.camel@trentalancia.net>
	<1481217618.20182.8.camel@trentalancia.net>
	<1481322107.2989.1.camel@trentalancia.net>
Message-ID: <1481676531.17446.10.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Since the window managers are not limited by gnome-shell, the
userdomain module is modified by this patch in order to use
separate optional conditionals for the gnome and wm role templates.

Signed-off-by: Guido Trentalancia <guido@trentalancia.net>
---
 policy/modules/system/userdomain.if |    7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff -pruN refpolicy-git-07122016-orig/policy/modules/system/userdomain.if refpolicy-git-07122016/policy/modules/system/userdomain.if
--- refpolicy-git-07122016-orig/policy/modules/system/userdomain.if	2016-12-07 13:39:08.672449330 +0100
+++ refpolicy-git-07122016/policy/modules/system/userdomain.if	2016-12-14 00:57:22.948430919 +0100
@@ -1003,11 +1003,10 @@ template(`userdom_restricted_xwindows_us
 
 		optional_policy(`
 			gnome_role_template($1, $1_r, $1_t)
-			wm_role_template($1, $1_r, $1_t)
 		')
 
 		optional_policy(`
-			pulseaudio_role($1_r, $1_t)
+			wm_role_template($1, $1_r, $1_t)
 		')
 	')
 
@@ -1016,6 +1015,10 @@ template(`userdom_restricted_xwindows_us
 	')
 
 	optional_policy(`
+		pulseaudio_role($1_r, $1_t)
+	')
+
+	optional_policy(`
 		setroubleshoot_dontaudit_stream_connect($1_t)
 	')
 ')