vpn patch from Dan Walsh

fixed gen_require in vpn_relabelfrom_tun_socket interface (wrong type)
removed userdom_read_home_certs (not in refpolicy)

policy/modules/admin/vpn.if

@@ -110,7 +110,7 @@ interface(`vpn_signull',`
 ##	</summary>
 ## </param>
 #
-interface(`vpnc_dbus_chat',`
+interface(`vpn_dbus_chat',`
 	gen_require(`
 		type vpnc_t;
 		class dbus send_msg;
@@ -119,3 +119,21 @@ interface(`vpnc_dbus_chat',`
 	allow $1 vpnc_t:dbus send_msg;
 	allow vpnc_t $1:dbus send_msg;
 ')
+
+########################################
+## <summary>
+##	Relabelfrom from vpnc socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`vpn_relabelfrom_tun_socket',`
+	gen_require(`
+		type vpnc_t;
+	')
+
+	allow $1 vpnc_t:tun_socket relabelfrom;
+')

policy/modules/admin/vpn.te

@@ -30,7 +30,7 @@ allow vpnc_t self:udp_socket create_socket_perms;
 allow vpnc_t self:rawip_socket create_socket_perms;
 allow vpnc_t self:unix_dgram_socket create_socket_perms;
 allow vpnc_t self:unix_stream_socket create_socket_perms;
-allow vpnc_t self:tun_socket create_socket_perms;
+allow vpnc_t self:tun_socket { create_socket_perms relabelfrom };
 # cjp: this needs to be fixed
 allow vpnc_t self:socket create_socket_perms;