diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4 index 0475832..51908e2 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.if.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4 @@ -580,6 +580,8 @@ define(`create_port_attrib_interfaces',`create_port_interfaces($1,port,attribute # define(`network_port',` create_port_type_interfaces($*) +create_packet_interfaces($1_client) +create_packet_interfaces($1_server) ') # diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in index be2e87e..34e031c 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.in +++ b/refpolicy/policy/modules/kernel/corenetwork.te.in @@ -26,10 +26,15 @@ dev_node(tun_tap_device_t) ######################################## # -# Ports +# Ports and packets # # +# packet_t is the default type of IPv4 and IPv6 packets. +# +type packet_t, packet_type; + +# # port_t is the default type of INET port numbers. # type port_t, port_type; @@ -126,7 +131,7 @@ network_port(syslogd, udp,514,s0) network_port(telnetd, tcp,23,s0) network_port(tftp, udp,69,s0) network_port(tor, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0) -network_port(traceroute, udp,64000-64010,s0) +network_port(traceroute, udp,64000,s0, udp,64001,s0, udp,64002,s0, udp,64003,s0, udp,64004,s0, udp,64005,s0, udp,64006,s0, udp,64007,s0, udp,64008,s0, udp,64009,s0, udp,64010,s0) network_port(transproxy, tcp,8081,s0) type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon network_port(uucpd, tcp,540,s0) @@ -181,15 +186,6 @@ network_interface(lo, lo,s0 - s15:c0.c255) ######################################## # -# Network Packets -# - -network_packet(dns) -network_packet(ldap) -network_packet(portmap) - -######################################## -# # Unconfined access to this module # diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.m4 b/refpolicy/policy/modules/kernel/corenetwork.te.m4 index 65bb847..7085897 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4 @@ -60,6 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl # define(`network_port',` type $1_port_t, port_type; +type $1_client_packet_t, packet_type; +type $1_server_packet_t, packet_type; declare_ports($1_port_t,shift($*)) ')