mmap_file_perms was deprecated in refpolicy in 2017 and is removed
from Debian policy. mmap_exec_file_perms is recommended by refpolicy
but RHEL-7 defined it differently (including execute_no_trans) so we
cannot use it here unconditionally. Just open-code the necessary
permissions and use the existing allow_map() macro defined by the
testsuite to cover map permission if defined.
Signed-off-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
---
policy/test_execute_no_trans.te | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/policy/test_execute_no_trans.te b/policy/test_execute_no_trans.te
index 79ba868..2c0346a 100644
--- a/policy/test_execute_no_trans.te
+++ b/policy/test_execute_no_trans.te
@@ -24,4 +24,5 @@ userdom_sysadm_entry_spec_domtrans_to(test_execute_notrans_t)
#Allow test_execute_notrans permissions to the allowed type
can_exec(test_execute_notrans_t,test_execute_notrans_allowed_t)
-allow test_execute_notrans_t test_execute_notrans_denied_t:file mmap_file_perms;
+allow_map(test_execute_notrans_t, test_execute_notrans_denied_t, file)
+allow test_execute_notrans_t test_execute_notrans_denied_t:file { getattr open read };
--
2.23.1
