[selinux-policy: 2338/3172] asterisk patch from Dan Walsh.

[Daniel J Walsh]

commit 32f27a74893eb2a945c235fe4c688e1b35195e96
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri Dec 18 10:37:52 2009 -0500

    asterisk patch from Dan Walsh.

 policy/modules/kernel/corenetwork.te.in |    5 +++--
 policy/modules/services/asterisk.if     |   22 +++++++++++++++++++++-
 policy/modules/services/asterisk.te     |    3 ++-
 3 files changed, 26 insertions(+), 4 deletions(-)
---
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 37a97d7..df59b53 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
 
-policy_module(corenetwork, 1.13.0)
+policy_module(corenetwork, 1.13.1)
 
 ########################################
 #
@@ -75,7 +75,7 @@ network_port(amavisd_recv, tcp,10024,s0)
 network_port(amavisd_send, tcp,10025,s0)
 network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0) 
 network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
-network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0)
+network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
 network_port(audit, tcp,60,s0)
 network_port(auth, tcp,113,s0)
 network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
@@ -172,6 +172,7 @@ network_port(rsh, tcp,514,s0)
 network_port(rsync, tcp,873,s0, udp,873,s0)
 network_port(rwho, udp,513,s0)
 network_port(sap, tcp,9875,s0, udp,9875,s0)
+network_port(sip, tcp,5060,s0, udp,5060,s0, tcp,5061,s0, udp,5061,s0)
 network_port(smbd, tcp,137-139,s0, tcp,445,s0)
 network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
 network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
diff --git a/policy/modules/services/asterisk.if b/policy/modules/services/asterisk.if
index 85a7e27..0dea45d 100644
--- a/policy/modules/services/asterisk.if
+++ b/policy/modules/services/asterisk.if
@@ -1,8 +1,28 @@
 ## <summary>Asterisk IP telephony server</summary>
 
+#####################################
+## <summary>
+##	Connect to asterisk over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`asterisk_stream_connect',`
+	gen_require(`
+		type asterisk_t, asterisk_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, asterisk_var_run_t, asterisk_var_run_t, asterisk_t)
+')
+
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an asterisk environment
 ## </summary>
 ## <param name="domain">
diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te
index bddf662..5d023e4 100644
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@@ -1,5 +1,5 @@
 
-policy_module(asterisk, 1.7.0)
+policy_module(asterisk, 1.7.1)
 
 ########################################
 #
@@ -97,6 +97,7 @@ corenet_tcp_bind_generic_node(asterisk_t)
 corenet_udp_bind_generic_node(asterisk_t)
 corenet_tcp_bind_asterisk_port(asterisk_t)
 corenet_udp_bind_asterisk_port(asterisk_t)
+corenet_udp_bind_sip_port(asterisk_t)
 corenet_sendrecv_asterisk_server_packets(asterisk_t)
 # for VOIP voice channels.
 corenet_tcp_bind_generic_port(asterisk_t)