[selinux-policy: 2076/3172] trunk: su fixes from clip.

[Daniel J Walsh]

commit 9e7a3385091ab832c2f71e6954d28e638e9f499d
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Tue Jan 13 19:44:23 2009 +0000

    trunk: su fixes from clip.

 Changelog                  |    1 +
 policy/modules/admin/su.if |   18 ++++++++++++++++++
 policy/modules/admin/su.te |    2 +-
 3 files changed, 20 insertions(+), 1 deletions(-)
---
diff --git a/Changelog b/Changelog
index b453974..88188c3 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Several fixes from the CLIP project.
 - Add support for labeled Booleans.
 - Remove node definitions and change node usage to generic nodes.
 - Add kernel_service access vectors, from Stephen Smalley.
diff --git a/policy/modules/admin/su.if b/policy/modules/admin/su.if
index 36f2316..4be14a3 100644
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@@ -90,6 +90,15 @@ template(`su_restricted_domain_template', `
 
 	miscfiles_read_localization($1_su_t)
 
+	ifdef(`distro_redhat',`
+		# RHEL5 and possibly newer releases incl. Fedora
+		auth_domtrans_upd_passwd($1_su_t)
+
+		optional_policy(`
+			locallogin_search_keys($1_su_t)
+		')
+	')
+
 	ifdef(`distro_rhel4',`
 		domain_role_change_exemption($1_su_t)
 		domain_subj_id_change_exemption($1_su_t)
@@ -218,6 +227,15 @@ template(`su_role_template',`
 	userdom_use_user_terminals($1_su_t)
 	userdom_search_user_home_dirs($1_su_t)
 
+	ifdef(`distro_redhat',`
+		# RHEL5 and possibly newer releases incl. Fedora
+		auth_domtrans_upd_passwd($1_su_t)
+
+		optional_policy(`
+			locallogin_search_keys($1_su_t)
+		')
+	')
+
 	ifdef(`distro_rhel4',`
 		domain_role_change_exemption($1_su_t)
 		domain_subj_id_change_exemption($1_su_t)
diff --git a/policy/modules/admin/su.te b/policy/modules/admin/su.te
index 3db3a9e..ab532d3 100644
--- a/policy/modules/admin/su.te
+++ b/policy/modules/admin/su.te
@@ -1,5 +1,5 @@
 
-policy_module(su, 1.9.0)
+policy_module(su, 1.9.1)
 
 ########################################
 #