From Debian package 0.0.20080702-11

Create new interface crond_search_dir() and use it to allow crond_t to
search clamd_var_lib_t for amavis cron jobs

Needs amavisd/clamav merge to really achieve its aim

Index: policy/modules/services/cron.if
===================================================================
--- policy/modules/services/cron.if.orig
+++ policy/modules/services/cron.if
@@ -631,3 +631,22 @@
 
 	dontaudit $1 system_cronjob_tmp_t:file write_file_perms;
 ')
+
+########################################
+## <summary>
+##	Allow crond to search directories that are home directories for
+##	accounts used or parent directories of home directories.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Type of directory that crond_t may search.
+##	</summary>
+## </param>
+#
+interface(`crond_search_dir',`
+	gen_require(`
+		type crond_t;
+	')
+
+	allow crond_t $1:dir search;
+')
Index: policy/modules/services/clamav.te
===================================================================
--- policy/modules/services/clamav.te.orig
+++ policy/modules/services/clamav.te
@@ -142,6 +142,7 @@
 cron_use_fds(clamd_t)
 cron_use_system_job_fds(clamd_t)
 cron_rw_pipes(clamd_t)
+crond_search_dir(clamd_var_lib_t)
 
 mta_read_config(clamd_t)
 mta_send_mail(clamd_t)