add ignore read system state

refpolicy/policy/modules/kernel/kernel.if

@@ -418,6 +418,20 @@ class lnk_file { getattr read };
 class file { getattr read };
 ')
 
+########################################
+#
+# kernel_ignore_read_system_state(domain)
+#
+define(`kernel_ignore_read_system_state',`
+requires_block_template(kernel_ignore_read_system_state_depend)
+allow $1 proc_t:file read;
+')
+
+ifdef(`kernel_ignore_read_system_state_depend',`
+type proc_t;
+class file read;
+')
+
 #######################################
 #
 # kernel_read_software_raid_state(domain,[`optional'])