From c5657a262b672cb064b786d042034b2979ff9ac3 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: May 25 2006 17:01:36 +0000
Subject: add generic packet interfaces, and fix up unconfined handling


---

diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 4b47d23..15cb328 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1310,6 +1310,75 @@ interface(`corenet_non_ipsec_sendrecv',`
 
 ########################################
 ## <summary>
+##	Send generic packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_send_generic_packets',`
+	gen_require(`
+		type packet_t;
+	')
+
+	allow $1 packet_t:packet send;
+')
+
+########################################
+## <summary>
+##	Receive generic packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_receive_generic_packets',`
+	gen_require(`
+		type packet_t;
+	')
+
+	allow $1 packet_t:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive generic packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_sendrecv_generic_packets',`
+	corenet_send_generic_packets($1)
+	corenet_recveive_generic_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to the generic packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_generic_packets',`
+	gen_require(`
+		type packet_t;
+	')
+
+	allow $1 packet_t:packet relabelto;
+')
+
+########################################
+## <summary>
 ##	Send and receive unlabeled packets.
 ## </summary>
 ## <desc>
diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in
index 34e031c..cba356f 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.in
@@ -1,5 +1,5 @@
 
-policy_module(corenetwork,1.1.8)
+policy_module(corenetwork,1.1.9)
 
 ########################################
 #
@@ -198,6 +198,3 @@ allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
 # Bind to any network address.
 allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
 allow corenet_unconfined_type node_type:{ tcp_socket udp_socket } node_bind;
-
-corenet_non_ipsec_sendrecv(corenet_unconfined_type)
-corenet_sendrecv_unlabeled_packets(corenet_unconfined_type)
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 97ecfba..41bbc8d 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -1,5 +1,5 @@
 
-policy_module(kernel,1.3.6)
+policy_module(kernel,1.3.7)
 
 ########################################
 #
@@ -351,5 +351,6 @@ allow kern_unconfined kernel_t:system *;
 allow kern_unconfined unlabeled_t:dir_file_class_set *;
 allow kern_unconfined unlabeled_t:filesystem *;
 allow kern_unconfined unlabeled_t:association *;
+allow kern_unconfined unlabeled_t:packet *;
 
 kernel_rw_all_sysctls(kern_unconfined)