add audit_write and a little style cleanup.

refpolicy/policy/modules/system/clock.te

@@ -1,5 +1,5 @@
 
-policy_module(clock,1.0.0)
+policy_module(clock,1.0.1)
 
 ########################################
 #
@@ -19,16 +19,15 @@ role system_r types hwclock_t;
 # Local policy
 #
 
-allow hwclock_t self:process signal_perms;
-
 # Give hwclock the capabilities it requires.  dac_override is a surprise,
 # but hwclock does require it.
-allow hwclock_t self:capability { dac_override sys_rawio sys_time sys_tty_config };
+allow hwclock_t self:capability { dac_override sys_rawio sys_time sys_tty_config audit_write };
 dontaudit hwclock_t self:capability sys_tty_config;
+allow hwclock_t self:process signal_perms;
 allow hwclock_t self:netlink_audit_socket { create_netlink_socket_perms nlmsg_relay };
 
 # Allow hwclock to store & retrieve correction factors.
-allow hwclock_t adjtime_t:file { setattr ioctl read getattr lock write append };
+allow hwclock_t adjtime_t:file { rw_file_perms setattr };
 
 kernel_read_kernel_sysctls(hwclock_t)
 kernel_list_proc(hwclock_t)