Add system interfaces to qarshd policy

This allows qarshd to make any system interface transition.
Tested against selinux-policy-3.6.32-41.fc12.noarch.

2 files changed, 8 insertions, 1 deletions

diff --git a/SELinux/Makefile b/SELinux/Makefile
index c810efb..8b978d7 100644
--- a/SELinux/Makefile
+++ b/SELinux/Makefile
@@ -10,7 +10,7 @@ qarshd.te: qarshd.te.in qarshd.te.trans
 
 # Pull all interfaces listed in policy.xml from the services or apps layer
 # which have one parameter named domains and whose name contains domtrans
-allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml)
+allinterfaces := $(shell gxpp '//layer[@name = "services" or @name = "apps" or @name = "system"]//interface[param/@name="domain" and count(param) = 1 and contains(@name, "domtrans")]/@name' $(selinux_devel)/policy.xml)
 badinterfaces := $(shell cat qarshd.bad-interfaces)
 
 # Filter out interfaces which break policy building or loading.
diff --git a/SELinux/qarshd.bad-interfaces b/SELinux/qarshd.bad-interfaces
index 72c5736..3139085 100644
--- a/SELinux/qarshd.bad-interfaces
+++ b/SELinux/qarshd.bad-interfaces
@@ -7,6 +7,10 @@ bluetooth_domtrans_helper
 clockspeed_domtrans_cli
 ddclient_domtrans
 ifplugd_domtrans
+locallogin_domtrans
+locallogin_domtrans_sulogin
+modutils_domtrans_insmod
+mount_domtrans
 oav_domtrans_update
 openca_domtrans
 pki_ca_script_domtrans
@@ -20,6 +24,9 @@ qemu_domtrans
 rgmanager_domtrans
 samba_domtrans_net
 sendmail_domtrans
+seutil_domtrans_restorecon
+seutil_domtrans_setfiles_mac
+seutil_init_script_domtrans_runinit
 thunderbird_domtrans
 uwimap_domtrans
 wireshark_domtrans