diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in index 37a97d7..df59b53 100644 --- a/policy/modules/kernel/corenetwork.te.in +++ b/policy/modules/kernel/corenetwork.te.in @@ -1,5 +1,5 @@ -policy_module(corenetwork, 1.13.0) +policy_module(corenetwork, 1.13.1) ######################################## # @@ -75,7 +75,7 @@ network_port(amavisd_recv, tcp,10024,s0) network_port(amavisd_send, tcp,10025,s0) network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0) network_port(apcupsd, tcp,3551,s0, udp,3551,s0) -network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0) +network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0) network_port(audit, tcp,60,s0) network_port(auth, tcp,113,s0) network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0) @@ -172,6 +172,7 @@ network_port(rsh, tcp,514,s0) network_port(rsync, tcp,873,s0, udp,873,s0) network_port(rwho, udp,513,s0) network_port(sap, tcp,9875,s0, udp,9875,s0) +network_port(sip, tcp,5060,s0, udp,5060,s0, tcp,5061,s0, udp,5061,s0) network_port(smbd, tcp,137-139,s0, tcp,445,s0) network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0) network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0) diff --git a/policy/modules/services/asterisk.if b/policy/modules/services/asterisk.if index 85a7e27..0dea45d 100644 --- a/policy/modules/services/asterisk.if +++ b/policy/modules/services/asterisk.if @@ -1,8 +1,28 @@ ## Asterisk IP telephony server +##################################### +## +## Connect to asterisk over a unix domain +## stream socket. +## +## +## +## Domain allowed access. +## +## +# +interface(`asterisk_stream_connect',` + gen_require(` + type asterisk_t, asterisk_var_run_t; + ') + + files_search_pids($1) + stream_connect_pattern($1, asterisk_var_run_t, asterisk_var_run_t, asterisk_t) +') + ######################################## ## -## All of the rules required to administrate +## All of the rules required to administrate ## an asterisk environment ## ## diff --git a/policy/modules/services/asterisk.te b/policy/modules/services/asterisk.te index bddf662..5d023e4 100644 --- a/policy/modules/services/asterisk.te +++ b/policy/modules/services/asterisk.te @@ -1,5 +1,5 @@ -policy_module(asterisk, 1.7.0) +policy_module(asterisk, 1.7.1) ######################################## # @@ -97,6 +97,7 @@ corenet_tcp_bind_generic_node(asterisk_t) corenet_udp_bind_generic_node(asterisk_t) corenet_tcp_bind_asterisk_port(asterisk_t) corenet_udp_bind_asterisk_port(asterisk_t) +corenet_udp_bind_sip_port(asterisk_t) corenet_sendrecv_asterisk_server_packets(asterisk_t) # for VOIP voice channels. corenet_tcp_bind_generic_port(asterisk_t)