Fix JIT usage for freshclam.

http://marc.info/?l=selinux&m=127893898208934&w=2

Changelog

@@ -1,3 +1,4 @@
+- Add JIT usage for freshclam.
 - Remove ethereal module since the application was renamed to wireshark.
 - Remove duplicate/redundant rules, from Russell Coker.
 - Increased default number of categories to 1024, from Russell Coker.

policy/modules/services/clamav.te

@@ -1,4 +1,4 @@
-policy_module(clamav, 1.8.0)
+policy_module(clamav, 1.8.1)
 
 ## <desc>
 ## <p>
@@ -145,6 +145,12 @@ optional_policy(`
 	exim_read_spool_files(clamd_t)
 ')
 
+tunable_policy(`clamd_use_jit',`
+	allow clamd_t self:process execmem;
+', `
+	dontaudit clamd_t self:process execmem;
+')
+
 ########################################
 #
 # Freshclam local policy
@@ -205,6 +211,12 @@ optional_policy(`
 	cron_system_entry(freshclam_t, freshclam_exec_t)
 ')
 
+tunable_policy(`clamd_use_jit',`
+	allow freshclam_t self:process execmem;
+', `
+	dontaudit freshclam_t self:process execmem;
+')
+
 ########################################
 #
 # clamscam local policy
@@ -254,12 +266,6 @@ clamav_stream_connect(clamscan_t)
 
 mta_send_mail(clamscan_t)
 
-tunable_policy(`clamd_use_jit',`
-	allow clamd_t self:process execmem;
-', `
-	dontaudit clamd_t self:process execmem;
-')
-
 optional_policy(`
 	amavis_read_spool_files(clamscan_t)
 ')