From 25d81d265525f8ce80946ca48c76c59196511ade Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Mar 29 2010 18:30:52 +0000
Subject: Tor patch from Dan Walsh.


---

diff --git a/policy/modules/services/tor.fc b/policy/modules/services/tor.fc
index 4e786ae..e2e06b2 100644
--- a/policy/modules/services/tor.fc
+++ b/policy/modules/services/tor.fc
@@ -5,5 +5,8 @@
 /usr/sbin/tor		--	gen_context(system_u:object_r:tor_exec_t,s0)
 
 /var/lib/tor(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
+/var/lib/tor-data(/.*)?		gen_context(system_u:object_r:tor_var_lib_t,s0)
+
 /var/log/tor(/.*)?		gen_context(system_u:object_r:tor_var_log_t,s0)
+
 /var/run/tor(/.*)?		gen_context(system_u:object_r:tor_var_run_t,s0)
diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
index a5415aa..0dbc80b 100644
--- a/policy/modules/services/tor.te
+++ b/policy/modules/services/tor.te
@@ -1,11 +1,19 @@
 
-policy_module(tor, 1.6.0)
+policy_module(tor, 1.6.1)
 
 ########################################
 #
 # Declarations
 #
 
+## <desc>
+## <p>
+## Allow tor daemon to bind
+## tcp sockets to all unreserved ports.
+## </p>
+## </desc>
+gen_tunable(tor_bind_all_unreserved_ports, false)
+
 type tor_t;
 type tor_exec_t;
 init_daemon_domain(tor_t, tor_exec_t)
@@ -89,11 +97,16 @@ domain_use_interactive_fds(tor_t)
 
 files_read_etc_files(tor_t)
 files_read_etc_runtime_files(tor_t)
+files_read_usr_files(tor_t)
 
 auth_use_nsswitch(tor_t)
 
 miscfiles_read_localization(tor_t)
 
+tunable_policy(`tor_bind_all_unreserved_ports', `
+	corenet_tcp_bind_all_unreserved_ports(tor_t)
+')
+
 optional_policy(`
 	seutil_sigchld_newrole(tor_t)
 ')