From 29f3bfa464fee4f777758e7860b4a773236cbc36 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Tue, 13 Jul 2010 08:39:54 -0400
Subject: [PATCH] Fix JIT usage for freshclam.

http://marc.info/?l=selinux&m=127893898208934&w=2
---
 Changelog                         |  1 +
 policy/modules/services/clamav.te | 20 +++++++++++++-------
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/Changelog b/Changelog
index 34cf320c..7f596767 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Add JIT usage for freshclam.
 - Remove ethereal module since the application was renamed to wireshark.
 - Remove duplicate/redundant rules, from Russell Coker.
 - Increased default number of categories to 1024, from Russell Coker.
diff --git a/policy/modules/services/clamav.te b/policy/modules/services/clamav.te
index 33621bbd..8c360277 100644
--- a/policy/modules/services/clamav.te
+++ b/policy/modules/services/clamav.te
@@ -1,4 +1,4 @@
-policy_module(clamav, 1.8.0)
+policy_module(clamav, 1.8.1)
 
 ## <desc>
 ## <p>
@@ -145,6 +145,12 @@ optional_policy(`
 	exim_read_spool_files(clamd_t)
 ')
 
+tunable_policy(`clamd_use_jit',`
+	allow clamd_t self:process execmem;
+', `
+	dontaudit clamd_t self:process execmem;
+')
+
 ########################################
 #
 # Freshclam local policy
@@ -205,6 +211,12 @@ optional_policy(`
 	cron_system_entry(freshclam_t, freshclam_exec_t)
 ')
 
+tunable_policy(`clamd_use_jit',`
+	allow freshclam_t self:process execmem;
+', `
+	dontaudit freshclam_t self:process execmem;
+')
+
 ########################################
 #
 # clamscam local policy
@@ -254,12 +266,6 @@ clamav_stream_connect(clamscan_t)
 
 mta_send_mail(clamscan_t)
 
-tunable_policy(`clamd_use_jit',`
-	allow clamd_t self:process execmem;
-', `
-	dontaudit clamd_t self:process execmem;
-')
-
 optional_policy(`
 	amavis_read_spool_files(clamscan_t)
 ')