From b0076a1413e9baf24b9ba9fd9719e88ac206594e Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mon, 3 May 2010 09:49:33 -0400
Subject: [PATCH] Arpwatch patch from Dan Walsh.

---
 policy/modules/services/arpwatch.te | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/policy/modules/services/arpwatch.te b/policy/modules/services/arpwatch.te
index b262132a..ab16467f 100644
--- a/policy/modules/services/arpwatch.te
+++ b/policy/modules/services/arpwatch.te
@@ -1,5 +1,5 @@
 
-policy_module(arpwatch, 1.8.1)
+policy_module(arpwatch, 1.8.2)
 
 ########################################
 #
@@ -34,6 +34,7 @@ allow arpwatch_t self:unix_stream_socket create_stream_socket_perms;
 allow arpwatch_t self:tcp_socket { connect create_stream_socket_perms };
 allow arpwatch_t self:udp_socket create_socket_perms;
 allow arpwatch_t self:packet_socket create_socket_perms;
+allow arpwatch_t self:socket create_socket_perms;
 
 manage_dirs_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
 manage_files_pattern(arpwatch_t, arpwatch_data_t, arpwatch_data_t)
@@ -46,6 +47,7 @@ files_tmp_filetrans(arpwatch_t, arpwatch_tmp_t, { file dir })
 manage_files_pattern(arpwatch_t, arpwatch_var_run_t, arpwatch_var_run_t)
 files_pid_filetrans(arpwatch_t, arpwatch_var_run_t, file)
 
+kernel_read_network_state(arpwatch_t)
 kernel_read_kernel_sysctls(arpwatch_t)
 kernel_list_proc(arpwatch_t)
 kernel_read_proc_symlinks(arpwatch_t)
@@ -62,6 +64,7 @@ corenet_tcp_sendrecv_all_ports(arpwatch_t)
 corenet_udp_sendrecv_all_ports(arpwatch_t)
 
 dev_read_sysfs(arpwatch_t)
+dev_rw_generic_usb_dev(arpwatch_t)
 
 fs_getattr_all_fs(arpwatch_t)
 fs_search_auto_mountpoints(arpwatch_t)