From 9711c7bdb573d6476cad8269faac46ef266c9a51 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 11 Nov 2010 09:48:43 -0500
Subject: [PATCH] Add tun_socket ubac constraint and add tun_socket to
 socket_class_set.

---
 policy/constraints               | 1 +
 policy/support/obj_perm_sets.spt | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/constraints b/policy/constraints
index 155883b1c..130887155 100644
--- a/policy/constraints
+++ b/policy/constraints
@@ -154,6 +154,7 @@ exempted_ubac_constraint(netlink_dnrt_socket, ubacsock)
 exempted_ubac_constraint(netlink_kobject_uevent_socket, ubacsock)
 exempted_ubac_constraint(appletalk_socket, ubacsock)
 exempted_ubac_constraint(dccp_socket, ubacsock)
+exempted_ubac_constraint(tun_socket, ubacsock)
 
 constrain socket_class_set { create relabelto relabelfrom } 
 (
diff --git a/policy/support/obj_perm_sets.spt b/policy/support/obj_perm_sets.spt
index effb6c59a..f7380b3b5 100644
--- a/policy/support/obj_perm_sets.spt
+++ b/policy/support/obj_perm_sets.spt
@@ -28,7 +28,7 @@ define(`devfile_class_set', `{ chr_file blk_file }')
 #
 # All socket classes.
 #
-define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket }')
+define(`socket_class_set', `{ tcp_socket udp_socket rawip_socket netlink_socket packet_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_firewall_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_ip6fw_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket }')
 
 
 #