diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te index 90aa110..86a2b04 100644 --- a/refpolicy/policy/modules/services/avahi.te +++ b/refpolicy/policy/modules/services/avahi.te @@ -1,5 +1,5 @@ -policy_module(avahi,1.2.2) +policy_module(avahi,1.2.3) ######################################## # @@ -49,6 +49,8 @@ corenet_tcp_bind_all_nodes(avahi_t) corenet_udp_bind_all_nodes(avahi_t) corenet_tcp_bind_howl_port(avahi_t) corenet_udp_bind_howl_port(avahi_t) +corenet_send_howl_client_packets(avahi_t) +corenet_receive_howl_server_packets(avahi_t) dev_read_sysfs(avahi_t) dev_read_urand(avahi_t) diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te index 37c3f43..fd28c56 100644 --- a/refpolicy/policy/modules/services/cups.te +++ b/refpolicy/policy/modules/services/cups.te @@ -1,5 +1,5 @@ -policy_module(cups,1.3.4) +policy_module(cups,1.3.5) ######################################## # @@ -144,6 +144,7 @@ corenet_udp_bind_ipp_port(cupsd_t) corenet_tcp_bind_reserved_port(cupsd_t) corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t) corenet_tcp_connect_all_ports(cupsd_t) +corenet_sendrecv_hplip_client_packets(cupsd_t) dev_rw_printer(cupsd_t) dev_read_urand(cupsd_t) @@ -419,6 +420,8 @@ corenet_udp_bind_all_nodes(hplip_t) corenet_tcp_bind_hplip_port(hplip_t) corenet_tcp_connect_hplip_port(hplip_t) corenet_tcp_connect_ipp_port(hplip_t) +corenet_sendrecv_hplip_client_packets(hplip_t) +corenet_receive_hplip_client_packets(hplip_t) dev_read_sysfs(hplip_t) dev_rw_printer(hplip_t) diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te index 113f921..803db19 100644 --- a/refpolicy/policy/modules/services/portmap.te +++ b/refpolicy/policy/modules/services/portmap.te @@ -1,5 +1,5 @@ -policy_module(portmap,1.2.1) +policy_module(portmap,1.2.2) ######################################## # @@ -47,20 +47,20 @@ kernel_list_proc(portmap_t) kernel_read_proc_symlinks(portmap_t) kernel_tcp_recvfrom(portmap_t) +corenet_non_ipsec_sendrecv(portmap_t) corenet_tcp_sendrecv_all_if(portmap_t) corenet_udp_sendrecv_all_if(portmap_t) -corenet_raw_sendrecv_all_if(portmap_t) corenet_tcp_sendrecv_all_nodes(portmap_t) corenet_udp_sendrecv_all_nodes(portmap_t) -corenet_raw_sendrecv_all_nodes(portmap_t) corenet_tcp_sendrecv_all_ports(portmap_t) corenet_udp_sendrecv_all_ports(portmap_t) -corenet_non_ipsec_sendrecv(portmap_t) corenet_tcp_bind_all_nodes(portmap_t) corenet_udp_bind_all_nodes(portmap_t) corenet_tcp_bind_portmap_port(portmap_t) corenet_udp_bind_portmap_port(portmap_t) corenet_tcp_connect_all_ports(portmap_t) +corenet_sendrecv_portmap_client_packets(portmap_t) +corenet_receive_portmap_server_packets(portmap_t) # portmap binds to arbitary ports corenet_tcp_bind_generic_port(portmap_t) corenet_udp_bind_generic_port(portmap_t) diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if index bd069ad..e68cc84 100644 --- a/refpolicy/policy/modules/services/rpc.if +++ b/refpolicy/policy/modules/services/rpc.if @@ -52,20 +52,19 @@ template(`rpc_domain_template', ` dev_read_sysfs($1_t) + corenet_non_ipsec_sendrecv($1_t) corenet_tcp_sendrecv_all_if($1_t) corenet_udp_sendrecv_all_if($1_t) - corenet_raw_sendrecv_all_if($1_t) corenet_tcp_sendrecv_all_nodes($1_t) corenet_udp_sendrecv_all_nodes($1_t) - corenet_raw_sendrecv_all_nodes($1_t) corenet_tcp_sendrecv_all_ports($1_t) corenet_udp_sendrecv_all_ports($1_t) - corenet_non_ipsec_sendrecv($1_t) corenet_tcp_bind_all_nodes($1_t) corenet_udp_bind_all_nodes($1_t) corenet_tcp_bind_reserved_port($1_t) corenet_tcp_bind_reserved_port($1_t) corenet_tcp_connect_all_ports($1_t) + corenet_sendrecv_portmap_client_packets($1_t) # do not log when it tries to bind to a port belonging to another domain corenet_dontaudit_tcp_bind_all_reserved_ports($1_t) corenet_dontaudit_udp_bind_all_reserved_ports($1_t) diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te index f8403b7..efb242f 100644 --- a/refpolicy/policy/modules/services/rpc.te +++ b/refpolicy/policy/modules/services/rpc.te @@ -1,5 +1,5 @@ -policy_module(rpc,1.2.4) +policy_module(rpc,1.2.5) ######################################## #