privoxy patch from Dan Walsh

"split out squid port from http_cache. Need to allow all places that connect to httpc_cache to connect to squid_port" Edits: - Removed tunable tabbing
2010-11-18 15:57:02 -05:00 · 2010-11-18 15:57:02 -05:00 · 4eef036424
parent aa28f9239a
commit 4eef036424
2 changed files with 5 additions and 4 deletions
--- a/policy/modules/services/privoxy.if
+++ b/policy/modules/services/privoxy.if
@ -2,7 +2,7 @@

 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an privoxy environment
 ## </summary>
 ## <param name="domain">
@ -19,12 +19,11 @@
 #
 interface(`privoxy_admin',`
 	gen_require(`
-		type privoxy_t, privoxy_log_t;
+		type privoxy_t, privoxy_log_t, privoxy_initrc_exec_t;
 		type privoxy_etc_rw_t, privoxy_var_run_t;
-		type privoxy_initrc_exec_t;
 	')

-	allow $1 privoxy_t:process { ptrace signal_perms getattr };
+	allow $1 privoxy_t:process { ptrace signal_perms };
 	ps_process_pattern($1, privoxy_t)

 	init_labeled_script_domtrans($1, privoxy_initrc_exec_t)
--- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te
@ -58,10 +58,12 @@ corenet_tcp_bind_generic_node(privoxy_t)
 corenet_tcp_bind_http_cache_port(privoxy_t)
 corenet_tcp_connect_http_port(privoxy_t)
 corenet_tcp_connect_http_cache_port(privoxy_t)
+corenet_tcp_connect_squid_port(privoxy_t)
 corenet_tcp_connect_ftp_port(privoxy_t)
 corenet_tcp_connect_pgpkeyserver_port(privoxy_t)
 corenet_tcp_connect_tor_port(privoxy_t)
 corenet_sendrecv_http_cache_client_packets(privoxy_t)
+corenet_sendrecv_squid_client_packets(privoxy_t)
 corenet_sendrecv_http_cache_server_packets(privoxy_t)
 corenet_sendrecv_http_client_packets(privoxy_t)
 corenet_sendrecv_ftp_client_packets(privoxy_t)