From 2260ef56f89ab27ac981d906e4d7d7f27c766bf0 Mon Sep 17 00:00:00 2001
From: Sven Vermeulen <sven.vermeulen@siphos.be>
Date: Thu, 22 Mar 2012 21:10:13 +0100
Subject: [PATCH] Adding dontaudit interfaces in sysnet

Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
---
 policy/modules/system/sysnetwork.if | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/policy/modules/system/sysnetwork.if b/policy/modules/system/sysnetwork.if
index 363e98d27..58a7d89c8 100644
--- a/policy/modules/system/sysnetwork.if
+++ b/policy/modules/system/sysnetwork.if
@@ -64,6 +64,25 @@ interface(`sysnet_dontaudit_use_dhcpc_fds',`
 	dontaudit $1 dhcpc_t:fd use;
 ')
 
+########################################
+## <summary>
+##	Do not audit attempts to read/write to the 
+##      dhcp unix stream socket descriptors.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`sysnet_dontaudit_rw_dhcpc_unix_stream_sockets',`
+	gen_require(`
+		type dhcpc_t;
+	')
+
+	dontaudit $1 dhcpc_t:unix_stream_socket { read write };
+')
+
 ########################################
 ## <summary>
 ##	Send a SIGCHLD signal to the dhcp client.