Make sure exec_type is assigned to all entrypoint types.

Some file types used as domain entrypoints were missing the
exec_type attribute.  Add it and add a neverallow rule to
keep it that way.

Change-Id: I7563f3e03940a27ae40ed4d6bb74181c26148849
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

5 files changed, 5 insertions, 5 deletions

diff --git a/ping.te b/ping.te
index 3c6254a..19f3a47 100644
--- a/ping.te
+++ b/ping.te
@@ -1,5 +1,5 @@
 type ping, domain;
 permissive ping;
-type ping_exec, file_type;
+type ping_exec, exec_type, file_type;
 domain_auto_trans(shell, ping_exec, ping)
 unconfined_domain(ping)
diff --git a/runas.te b/runas.te
index 50295a9..ec5e1c4 100644
--- a/runas.te
+++ b/runas.te
@@ -1,5 +1,5 @@
 type runas, domain;
-type runas_exec, file_type;
+type runas_exec, exec_type, file_type;
 permissive runas;
 unconfined_domain(runas)
 
diff --git a/shell.te b/shell.te
index 89bc9be..8b51003 100644
--- a/shell.te
+++ b/shell.te
@@ -1,6 +1,6 @@
 # Domain for shell processes spawned by ADB
 type shell, domain;
-type shell_exec, file_type;
+type shell_exec, exec_type, file_type;
 unconfined_domain(shell)
 
 # Run app_process.
diff --git a/su.te b/su.te
index ca9fcc2..c1f002f 100644
--- a/su.te
+++ b/su.te
@@ -1,6 +1,6 @@
 type su, domain;
 permissive su;
-type su_exec, file_type;
+type su_exec, exec_type, file_type;
 domain_auto_trans(shell, su_exec, su)
 
 # su is unconfined.
diff --git a/su_user.te b/su_user.te
index 77fc535..6f936a0 100644
--- a/su_user.te
+++ b/su_user.te
@@ -1,4 +1,4 @@
 # File types must be defined for file_contexts.
-type su_exec, file_type;
+type su_exec, exec_type, file_type;
 
 # No allow rules