From 8f17f7c2ee6370064c5a134bad25fd910e9c1522 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 20 Jul 2009 15:40:57 -0400
Subject: [PATCH] dnsmasq patch from dan.

---
 policy/modules/services/dnsmasq.if | 19 +++++++++++++++++++
 policy/modules/services/dnsmasq.te |  9 ++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if
index 016d1918..28c0734d 100644
--- a/policy/modules/services/dnsmasq.if
+++ b/policy/modules/services/dnsmasq.if
@@ -20,6 +20,25 @@ interface(`dnsmasq_domtrans',`
 	domtrans_pattern($1, dnsmasq_exec_t, dnsmasq_t)
 ')
 
+########################################
+## <summary>
+##	Execute the dnsmasq init script in the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+interface(`dnsmasq_initrc_domtrans',`
+	gen_require(`
+		type dnsmasq_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
+')
+
 ########################################
 ## <summary>
 ##	Send dnsmasq a signal
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
index 3c3e624e..1329f4b6 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -1,5 +1,5 @@
 
-policy_module(dnsmasq, 1.7.2)
+policy_module(dnsmasq, 1.7.3)
 
 ########################################
 #
@@ -42,8 +42,7 @@ manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
 files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
 
 kernel_read_kernel_sysctls(dnsmasq_t)
-kernel_list_proc(dnsmasq_t)
-kernel_read_proc_symlinks(dnsmasq_t)
+kernel_read_system_state(dnsmasq_t)
 
 corenet_all_recvfrom_unlabeled(dnsmasq_t)
 corenet_all_recvfrom_netlabel(dnsmasq_t)
@@ -87,6 +86,10 @@ optional_policy(`
 	seutil_sigchld_newrole(dnsmasq_t)
 ')
 
+optional_policy(`
+	tftp_read_content(dnsmasq_t)
+')
+
 optional_policy(`
 	udev_read_db(dnsmasq_t)
 ')