[selinux-policy: 2716/3172] Kernel patch from Dan Walsh.

[Daniel J Walsh]

commit 60f04fcb7adadd7969eaec59eff008d9ca7ee8ec
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Jun 7 11:08:35 2010 -0400

    Kernel patch from Dan Walsh.
    
    Add ability to dontaudit requiests to load kernel modules.  If you
    disable ipv6 every confined app that does ip, tries to get the kernel to
    load the module.
    
    Better handling of unlabeled files by the kernel interfaces

 policy/modules/kernel/kernel.if |   53 +++++++++++++++++++++++++++++++++++++++
 policy/modules/kernel/kernel.te |    2 +-
 2 files changed, 54 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 0352a19..814da80 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -534,6 +534,24 @@ interface(`kernel_request_load_module',`
 
 ########################################
 ## <summary>
+##	Do not audit requests to the kernel to load a module.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+#
+interface(`kernel_dontaudit_request_load_module',`
+	gen_require(`
+		type kernel_t;
+	')
+
+	dontaudit $1 kernel_t:system module_request;
+')
+
+########################################
+## <summary>
 ##	Get information on all System V IPC objects.
 ## </summary>
 ## <param name="domain">
@@ -2046,6 +2064,23 @@ interface(`kernel_mount_unlabeled',`
 	allow $1 unlabeled_t:filesystem mount;
 ')
 
+########################################
+## <summary>
+##	Unmount a kernel unlabeled filesystem.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_unmount_unlabeled',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:filesystem unmount;
+')
 
 ########################################
 ## <summary>
@@ -2195,6 +2230,24 @@ interface(`kernel_rw_unlabeled_dirs',`
 
 ########################################
 ## <summary>
+##	Read and write unlabeled files.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_rw_unlabeled_files',`
+	gen_require(`
+		type unlabeled_t;
+	')
+
+	allow $1 unlabeled_t:file rw_file_perms;
+')
+
+########################################
+## <summary>
 ##	Do not audit attempts by caller to get the
 ##	attributes of an unlabeled file.
 ## </summary>
diff --git a/policy/modules/kernel/kernel.te b/policy/modules/kernel/kernel.te
index 78fb6b2..b0b4617 100644
--- a/policy/modules/kernel/kernel.te
+++ b/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
 
-policy_module(kernel, 1.12.0)
+policy_module(kernel, 1.12.1)
 
 ########################################
 #