Written by: Martin Orr

Minor issues for NetworkManager

Dontaudit NetworkManager loading modules - this is due to something inside
the kernel:
https://bugzilla.redhat.com/show_bug.cgi?id=684415
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8909c9ad8ff03611c9c96c9a92656213e4bb495b

Let wpa_cli use upower fds (the interface is added in 813_upower)

Allow wpa_cli to use the console - needed for ifupdown.sh, which should probably get its own type

Index: policy/modules/services/networkmanager.te
===================================================================
--- policy/modules/services/networkmanager.te.orig
+++ policy/modules/services/networkmanager.te
@@ -36,7 +36,7 @@
 # networkmanager will ptrace itself if gdb is installed
 # and it receives a unexpected signal (rh bug #204161)
 allow NetworkManager_t self:capability { chown fsetid kill setgid setuid sys_nice sys_ptrace dac_override net_admin net_raw net_bind_service ipc_lock };
-dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace };
+dontaudit NetworkManager_t self:capability { sys_tty_config sys_ptrace sys_module };
 allow NetworkManager_t self:process { ptrace getcap setcap setpgid getsched setsched signal_perms };
 allow NetworkManager_t self:fifo_file rw_fifo_file_perms;
 allow NetworkManager_t self:unix_dgram_socket { sendto create_socket_perms };
@@ -303,11 +303,15 @@
 
 miscfiles_read_localization(wpa_cli_t)
 
-term_dontaudit_use_console(wpa_cli_t)
+term_use_console(wpa_cli_t)
 
 networkmanager_domtrans(wpa_cli_t)
 
 optional_policy(`
+	devicekit_use_power_fds(wpa_cli_t)
+')
+
+optional_policy(`
 	hal_write_log(wpa_cli_t)
 	hal_dontaudit_read_pid_files(wpa_cli_t)
 ')