Ok, how about this instead - seems more useful

1. Renamed: user_trans -> allow_trans
2. Added role as a separate argument for flexibility
3. Remove boolean macro - declare boolean in the app .te file

#####################################################
#
# allow_trans(prefix, role_prefix, app_prefix)
#
# Transition user:$2_r:$1_t to user:$2_r:$1_$3_t
#

define(`allow_trans', `
role $2_r types $1_$3_t;
if (! disable_$1_$3_transition) {
domain_auto_trans($1_t, $3_exec_t, $1_$3_t) }
')

-- 
Ivan Gyurdiev <ivg2@cornell.edu>
Cornell University


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.