From 3915e56dbfbc3331900eb3feda6a8407cb204780 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Tue, 20 Dec 2011 16:27:43 +0000
Subject: [PATCH] Allow snmp to read all proc_type

---
 policy/modules/kernel/kernel.if | 18 ++++++++++++++++++
 policy/modules/services/snmp.te |  3 +--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/policy/modules/kernel/kernel.if b/policy/modules/kernel/kernel.if
index 34c68970..3bfb1f87 100644
--- a/policy/modules/kernel/kernel.if
+++ b/policy/modules/kernel/kernel.if
@@ -1457,6 +1457,24 @@ interface(`kernel_dontaudit_list_all_proc',`
 	dontaudit $1 proc_type:file getattr;
 ')
 
+########################################
+## <summary>
+##	Allow attempts to read all proc types.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`kernel_read_all_proc',`
+	gen_require(`
+		attribute proc_type;
+	')
+
+	read_files_pattern($1, proc_type, proc_type)
+')
+
 ########################################
 ## <summary>
 ##	Do not audit attempts by caller to search
diff --git a/policy/modules/services/snmp.te b/policy/modules/services/snmp.te
index 9c747d4a..1d22eed9 100644
--- a/policy/modules/services/snmp.te
+++ b/policy/modules/services/snmp.te
@@ -55,8 +55,7 @@ kernel_read_kernel_sysctls(snmpd_t)
 kernel_read_fs_sysctls(snmpd_t)
 kernel_read_net_sysctls(snmpd_t)
 kernel_read_proc_symlinks(snmpd_t)
-kernel_read_system_state(snmpd_t)
-kernel_read_network_state(snmpd_t)
+kernel_read_all_proc(snmpd_t)
 
 corecmd_exec_bin(snmpd_t)
 corecmd_exec_shell(snmpd_t)
-- 
2.47.3