[selinux-policy: 1474/3172] initial packet rules

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:12:46 UTC 2010 

commit 378d5cda0551cc6f190f4119d516a53e97b10d25
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Thu May 25 17:56:07 2006 +0000

    initial packet rules

 refpolicy/policy/modules/services/avahi.te   |    4 +++-
 refpolicy/policy/modules/services/cups.te    |    5 ++++-
 refpolicy/policy/modules/services/portmap.te |    8 ++++----
 refpolicy/policy/modules/services/rpc.if     |    5 ++---
 refpolicy/policy/modules/services/rpc.te     |    2 +-
 5 files changed, 14 insertions(+), 10 deletions(-)
---
diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index 90aa110..86a2b04 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
 
-policy_module(avahi,1.2.2)
+policy_module(avahi,1.2.3)
 
 ########################################
 #
@@ -49,6 +49,8 @@ corenet_tcp_bind_all_nodes(avahi_t)
 corenet_udp_bind_all_nodes(avahi_t)
 corenet_tcp_bind_howl_port(avahi_t)
 corenet_udp_bind_howl_port(avahi_t)
+corenet_send_howl_client_packets(avahi_t)
+corenet_receive_howl_server_packets(avahi_t)
 
 dev_read_sysfs(avahi_t)
 dev_read_urand(avahi_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 37c3f43..fd28c56 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -1,5 +1,5 @@
 
-policy_module(cups,1.3.4)
+policy_module(cups,1.3.5)
 
 ########################################
 #
@@ -144,6 +144,7 @@ corenet_udp_bind_ipp_port(cupsd_t)
 corenet_tcp_bind_reserved_port(cupsd_t)
 corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
 corenet_tcp_connect_all_ports(cupsd_t)
+corenet_sendrecv_hplip_client_packets(cupsd_t)
 
 dev_rw_printer(cupsd_t)
 dev_read_urand(cupsd_t)
@@ -419,6 +420,8 @@ corenet_udp_bind_all_nodes(hplip_t)
 corenet_tcp_bind_hplip_port(hplip_t)
 corenet_tcp_connect_hplip_port(hplip_t)
 corenet_tcp_connect_ipp_port(hplip_t)
+corenet_sendrecv_hplip_client_packets(hplip_t)
+corenet_receive_hplip_client_packets(hplip_t)
 
 dev_read_sysfs(hplip_t)
 dev_rw_printer(hplip_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 113f921..803db19 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
 
-policy_module(portmap,1.2.1)
+policy_module(portmap,1.2.2)
 
 ########################################
 #
@@ -47,20 +47,20 @@ kernel_list_proc(portmap_t)
 kernel_read_proc_symlinks(portmap_t)
 kernel_tcp_recvfrom(portmap_t) 
 
+corenet_non_ipsec_sendrecv(portmap_t)
 corenet_tcp_sendrecv_all_if(portmap_t)
 corenet_udp_sendrecv_all_if(portmap_t)
-corenet_raw_sendrecv_all_if(portmap_t)
 corenet_tcp_sendrecv_all_nodes(portmap_t)
 corenet_udp_sendrecv_all_nodes(portmap_t)
-corenet_raw_sendrecv_all_nodes(portmap_t)
 corenet_tcp_sendrecv_all_ports(portmap_t)
 corenet_udp_sendrecv_all_ports(portmap_t)
-corenet_non_ipsec_sendrecv(portmap_t)
 corenet_tcp_bind_all_nodes(portmap_t)
 corenet_udp_bind_all_nodes(portmap_t)
 corenet_tcp_bind_portmap_port(portmap_t)
 corenet_udp_bind_portmap_port(portmap_t)
 corenet_tcp_connect_all_ports(portmap_t)
+corenet_sendrecv_portmap_client_packets(portmap_t)
+corenet_receive_portmap_server_packets(portmap_t)
 # portmap binds to arbitary ports
 corenet_tcp_bind_generic_port(portmap_t)
 corenet_udp_bind_generic_port(portmap_t)
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index bd069ad..e68cc84 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -52,20 +52,19 @@ template(`rpc_domain_template', `
 
 	dev_read_sysfs($1_t)
 
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_sendrecv_all_if($1_t)
 	corenet_udp_sendrecv_all_if($1_t)
-	corenet_raw_sendrecv_all_if($1_t)
 	corenet_tcp_sendrecv_all_nodes($1_t)
 	corenet_udp_sendrecv_all_nodes($1_t)
-	corenet_raw_sendrecv_all_nodes($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
-	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_tcp_bind_reserved_port($1_t)
 	corenet_tcp_bind_reserved_port($1_t)
 	corenet_tcp_connect_all_ports($1_t)
+	corenet_sendrecv_portmap_client_packets($1_t)
 	# do not log when it tries to bind to a port belonging to another domain
 	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
 	corenet_dontaudit_udp_bind_all_reserved_ports($1_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index f8403b7..efb242f 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
 
-policy_module(rpc,1.2.4)
+policy_module(rpc,1.2.5)
 
 ########################################
 #

More information about the scm-commits mailing list