add rootfs dontaudits for use in init.te

refpolicy/policy/modules/system/files.if

@@ -67,6 +67,34 @@ type root_t;
 class dir { getattr search read write add_name };
 ')
 
+########################################
+#
+# files_ignore_modify_rootfs_file(domain,[`optional'])
+#
+define(`files_ignore_modify_rootfs_file',`
+requires_block_template(files_ignore_modify_rootfs_file_depend,$2)
+dontaudit $1 root_t:file { read write };
+')
+
+define(`files_ignore_modify_rootfs_file_depend',`
+type root_t;
+class file { read write };
+')
+
+########################################
+#
+# files_ignore_modify_rootfs_device(domain,[`optional'])
+#
+define(`files_ignore_modify_rootfs_device',`
+requires_block_template(files_ignore_modify_rootfs_device_depend,$2)
+dontaudit $1 root_t:chr_file { read write };
+')
+
+define(`files_ignore_modify_rootfs_device_depend',`
+type root_t;
+class chr_file { read write };
+')
+
 ########################################
 #
 # files_create_private_root_dir_entry(domain,privatetype,[class(es)],[`optional'])