selinux: Update policy file.

Failing to install the selinux policy file under RHEL9.1 with
error "Failed to resolve permission audit_write".
Checking online SELinux permissions, I found that those classes
don't support those permissions. So not sure how it's passing on
other distributions like RHEL8.2, maybe being ignored.
With this change I can install the policy file in RHEL8.2 and RHEL9.1.

Fixes: 84d2723 ("selinux: update policy to reflect non-root and dpdk support")
Signed-off-by: Roi Dayan <roid@nvidia.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
(cherry picked from commit 2c7e2d5)

selinux/openvswitch-custom.te.in

@@ -49,8 +49,8 @@ require {
         class fifo_file { getattr read write append ioctl lock open };
         class filesystem getattr;
         class lnk_file { read open };
-        class netlink_audit_socket { create nlmsg_relay audit_write read write };
-        class netlink_netfilter_socket { create nlmsg_relay audit_write read write };
+        class netlink_audit_socket { create nlmsg_relay read write };
+        class netlink_netfilter_socket { create read write };
 @begin_dpdk@
         class netlink_rdma_socket { setopt bind create };
 @end_dpdk@
@@ -79,8 +79,8 @@ domtrans_pattern(openvswitch_t, openvswitch_load_module_exec_t, openvswitch_load
 
 #============= openvswitch_t ==============
 allow openvswitch_t self:capability { dac_override audit_write net_broadcast net_raw };
-allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay audit_write read write };
-allow openvswitch_t self:netlink_netfilter_socket { create nlmsg_relay audit_write read write };
+allow openvswitch_t self:netlink_audit_socket { create nlmsg_relay read write };
+allow openvswitch_t self:netlink_netfilter_socket { create read write };
 @begin_dpdk@
 allow openvswitch_t self:netlink_rdma_socket { setopt bind create };
 @end_dpdk@