From 1ff703fc4adeac08a8c161d48acedf2821117844 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 22 Jun 2010 09:01:38 -0400
Subject: [PATCH] Podsleuth patch from Dan Walsh.

podsleuth asks the kernel to load modules
Reads/write removable blk device.

Reads user_tmpfs
---
 policy/modules/apps/podsleuth.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/policy/modules/apps/podsleuth.te b/policy/modules/apps/podsleuth.te
index 9db7114c8..690589eb4 100644
--- a/policy/modules/apps/podsleuth.te
+++ b/policy/modules/apps/podsleuth.te
@@ -1,4 +1,4 @@
-policy_module(podsleuth, 1.3.0)
+policy_module(podsleuth, 1.3.1)
 
 ########################################
 #
@@ -49,6 +49,7 @@ manage_lnk_files_pattern(podsleuth_t, podsleuth_tmpfs_t, podsleuth_tmpfs_t)
 fs_tmpfs_filetrans(podsleuth_t, podsleuth_tmpfs_t, { dir file lnk_file })
 
 kernel_read_system_state(podsleuth_t)
+kernel_request_load_module(podsleuth_t)
 
 corecmd_exec_bin(podsleuth_t)
 
@@ -65,12 +66,14 @@ fs_read_dos_files(podsleuth_t)
 fs_search_dos(podsleuth_t)
 fs_getattr_tmpfs(podsleuth_t)
 fs_list_tmpfs(podsleuth_t)
+fs_rw_removable_blk_files(podsleuth_t)
 
 miscfiles_read_localization(podsleuth_t)
 
 sysnet_dns_name_resolve(podsleuth_t)
 
 userdom_signal_unpriv_users(podsleuth_t)
+userdom_read_user_tmpfs_files(podsleuth_t)
 
 optional_policy(`
 	dbus_system_bus_client(podsleuth_t)