yet another little patch

This should all be obvious.

Signed-off-by: Jason Zaman <jason@perfinion.com>

3 files changed, 4 insertions, 0 deletions

diff --git a/policy/modules/services/devicekit.te b/policy/modules/services/devicekit.te
index ca9de7cc8..941880eff 100644
--- a/policy/modules/services/devicekit.te
+++ b/policy/modules/services/devicekit.te
@@ -91,6 +91,7 @@ files_pid_filetrans(devicekit_disk_t, devicekit_var_run_t, { dir file })
 kernel_getattr_message_if(devicekit_disk_t)
 kernel_list_unlabeled(devicekit_disk_t)
 kernel_dontaudit_getattr_unlabeled_files(devicekit_disk_t)
+kernel_read_crypto_sysctls(devicekit_disk_t)
 kernel_read_fs_sysctls(devicekit_disk_t)
 kernel_read_network_state(devicekit_disk_t)
 kernel_read_software_raid_state(devicekit_disk_t)
@@ -108,6 +109,7 @@ dev_getattr_all_chr_files(devicekit_disk_t)
 dev_getattr_mtrr_dev(devicekit_disk_t)
 dev_getattr_usbfs_dirs(devicekit_disk_t)
 dev_manage_generic_files(devicekit_disk_t)
+dev_read_rand(devicekit_disk_t)
 dev_read_urand(devicekit_disk_t)
 dev_rw_sysfs(devicekit_disk_t)
 
diff --git a/policy/modules/system/lvm.te b/policy/modules/system/lvm.te
index f4999e1bc..bff2baa7a 100644
--- a/policy/modules/system/lvm.te
+++ b/policy/modules/system/lvm.te
@@ -308,6 +308,7 @@ init_use_fds(lvm_t)
 init_dontaudit_getattr_initctl(lvm_t)
 init_use_script_ptys(lvm_t)
 init_read_script_state(lvm_t)
+init_read_script_tmp_files(lvm_t)
 # for systemd-cryptsetup to talk to /run/systemd/journal/socket
 init_stream_connect(lvm_t)
 
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 08f62ccd1..ece5a3017 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -375,6 +375,7 @@ ifdef(`hide_broken_symptoms',`
 
 optional_policy(`
 	devicekit_read_pid_files(ifconfig_t)
+	devicekit_append_inherited_log_files(ifconfig_t)
 ')
 
 optional_policy(`