From 0e30bca6d9843f02791848ec8ccd724116fd2928 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 17 Jun 2010 08:23:20 -0400
Subject: [PATCH] Consoletype patch from Dan Walsh.

I am sick of every app in the known universe leaking socket descriptors.
  Dontaudit by default

consoletype is handed a write for hal log on resume from hibernate.
---
 policy/modules/admin/consoletype.if | 4 ++++
 policy/modules/admin/consoletype.te | 3 ++-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/policy/modules/admin/consoletype.if b/policy/modules/admin/consoletype.if
index bd8c9c90..52d7a7e3 100644
--- a/policy/modules/admin/consoletype.if
+++ b/policy/modules/admin/consoletype.if
@@ -19,6 +19,10 @@ interface(`consoletype_domtrans',`
 
 	corecmd_search_bin($1)
 	domtrans_pattern($1, consoletype_exec_t, consoletype_t)
+
+	ifdef(`hide_broken_symptoms', `
+		dontaudit consoletype_t $1:socket_class_set { read write };
+	')
 ')
 
 ########################################
diff --git a/policy/modules/admin/consoletype.te b/policy/modules/admin/consoletype.te
index ae533681..2b12a37d 100644
--- a/policy/modules/admin/consoletype.te
+++ b/policy/modules/admin/consoletype.te
@@ -1,4 +1,4 @@
-policy_module(consoletype, 1.9.0)
+policy_module(consoletype, 1.9.1)
 
 ########################################
 #
@@ -84,6 +84,7 @@ optional_policy(`
 	hal_dontaudit_use_fds(consoletype_t)
 	hal_dontaudit_rw_pipes(consoletype_t)
 	hal_dontaudit_rw_dgram_sockets(consoletype_t)
+	hal_dontaudit_write_log(consoletype_t)
 ')
 
 optional_policy(`