[selinux-policy: 1544/3172] remove setbool auditallow, except for distro_rhel4.

[Daniel J Walsh]

commit 133000c2860d49d04941db20773e6bcbf4f3bd98
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu Jul 13 14:22:21 2006 +0000

    remove setbool auditallow, except for distro_rhel4.

 Changelog                        |    1 +
 policy/modules/kernel/selinux.if |    6 +++++-
 policy/modules/kernel/selinux.te |    7 ++++++-
 3 files changed, 12 insertions(+), 2 deletions(-)
---
diff --git a/Changelog b/Changelog
index c79ac18..8c4b73f 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,4 @@
+- Remove setbool auditallow, except for RHEL4.
 - Change eventpollfs to task SID labeling.
 - Add key support from Michael LeMay.
 - Add ftpdctl domain to ftp, from Paul Howarth.
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index 08c2907..f080e2a 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -214,7 +214,11 @@ interface(`selinux_set_boolean',`
 
 	if(!secure_mode_policyload) {
 		allow $1 security_t:security setbool;
-		auditallow $1 security_t:security setbool;
+
+		ifdef(`distro_rhel4',`
+			# needed for systems without audit support
+			auditallow $1 security_t:security setbool;
+		')
 	}
 ')
 
diff --git a/policy/modules/kernel/selinux.te b/policy/modules/kernel/selinux.te
index 5d60938..b62940e 100644
--- a/policy/modules/kernel/selinux.te
+++ b/policy/modules/kernel/selinux.te
@@ -40,5 +40,10 @@ allow selinux_unconfined_type security_t:security ~{ load_policy setenforce setb
 
 if(!secure_mode_policyload) {
 	allow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
-	auditallow selinux_unconfined_type security_t:security { load_policy setenforce setbool };
+	auditallow selinux_unconfined_type security_t:security { load_policy setenforce };
+
+	ifdef(`distro_rhel4',`
+		# needed for systems without audit support
+		auditallow selinux_unconfined_type security_t:security setbool;
+	')
 }