sudo: add tunable for HTTP connections

Signed-off-by: Kenton Groombridge <me@concord.sh>

policy/modules/admin/sudo.te

@@ -1,5 +1,16 @@
 policy_module(sudo, 1.15.0)
 
+## <desc>
+##	<p>
+##	Determine whether all sudo domains
+##	can connect to TCP HTTP ports. This
+##	is needed if an additional authentication
+##	mechanism via an HTTP server is
+##	required for users to use sudo.
+##	</p>
+## </desc>
+gen_tunable(sudo_all_tcp_connect_http_port, false)
+
 ########################################
 #
 # Declarations
@@ -7,3 +18,7 @@ attribute sudodomain;
 
 type sudo_exec_t;
 application_executable_file(sudo_exec_t)
+
+tunable_policy(`sudo_all_tcp_connect_http_port',`
+	corenet_tcp_connect_http_port(sudodomain)
+')