[selinux-policy: 2154/3172] dnsmasq patch from dan.

[Daniel J Walsh]

commit 8f17f7c2ee6370064c5a134bad25fd910e9c1522
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Mon Jul 20 15:40:57 2009 -0400

    dnsmasq patch from dan.

 policy/modules/services/dnsmasq.if |   19 +++++++++++++++++++
 policy/modules/services/dnsmasq.te |    9 ++++++---
 2 files changed, 25 insertions(+), 3 deletions(-)
---
diff --git a/policy/modules/services/dnsmasq.if b/policy/modules/services/dnsmasq.if
index 016d191..28c0734 100644
--- a/policy/modules/services/dnsmasq.if
+++ b/policy/modules/services/dnsmasq.if
@@ -22,6 +22,25 @@ interface(`dnsmasq_domtrans',`
 
 ########################################
 ## <summary>
+##	Execute the dnsmasq init script in the init script domain.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+#
+interface(`dnsmasq_initrc_domtrans',`
+	gen_require(`
+		type dnsmasq_initrc_exec_t;
+	')
+
+	init_labeled_script_domtrans($1, dnsmasq_initrc_exec_t)
+')
+
+########################################
+## <summary>
 ##	Send dnsmasq a signal
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/services/dnsmasq.te b/policy/modules/services/dnsmasq.te
index 3c3e624..1329f4b 100644
--- a/policy/modules/services/dnsmasq.te
+++ b/policy/modules/services/dnsmasq.te
@@ -1,5 +1,5 @@
 
-policy_module(dnsmasq, 1.7.2)
+policy_module(dnsmasq, 1.7.3)
 
 ########################################
 #
@@ -42,8 +42,7 @@ manage_files_pattern(dnsmasq_t, dnsmasq_var_run_t, dnsmasq_var_run_t)
 files_pid_filetrans(dnsmasq_t, dnsmasq_var_run_t, file)
 
 kernel_read_kernel_sysctls(dnsmasq_t)
-kernel_list_proc(dnsmasq_t)
-kernel_read_proc_symlinks(dnsmasq_t)
+kernel_read_system_state(dnsmasq_t)
 
 corenet_all_recvfrom_unlabeled(dnsmasq_t)
 corenet_all_recvfrom_netlabel(dnsmasq_t)
@@ -88,6 +87,10 @@ optional_policy(`
 ')
 
 optional_policy(`
+	tftp_read_content(dnsmasq_t)
+')
+
+optional_policy(`
 	udev_read_db(dnsmasq_t)
 ')