From 29a0519186d0d80d4a664fd7c04b03f5d6a9a36e Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 25 May 2006 13:14:08 +0000
Subject: [PATCH] add compute_av for doing rootok check

---
 refpolicy/policy/modules/admin/su.if | 3 +++
 refpolicy/policy/modules/admin/su.te | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/refpolicy/policy/modules/admin/su.if b/refpolicy/policy/modules/admin/su.if
index e4ed9370..96fae337 100644
--- a/refpolicy/policy/modules/admin/su.if
+++ b/refpolicy/policy/modules/admin/su.if
@@ -71,6 +71,9 @@ template(`su_restricted_domain_template', `
 	files_search_var_lib($1_su_t)
 	files_dontaudit_getattr_tmp_dirs($1_su_t)
 
+	# for the rootok check
+	selinux_compute_access_vector($1_su_t)
+
 	auth_domtrans_chk_passwd($1_su_t)
 	auth_dontaudit_read_shadow($1_su_t)
 	auth_use_nsswitch($1_su_t)
diff --git a/refpolicy/policy/modules/admin/su.te b/refpolicy/policy/modules/admin/su.te
index 75b8d72b..d9ef86aa 100644
--- a/refpolicy/policy/modules/admin/su.te
+++ b/refpolicy/policy/modules/admin/su.te
@@ -1,5 +1,5 @@
 
-policy_module(su,1.3.2)
+policy_module(su,1.3.3)
 
 ########################################
 #