diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4 index 04758324c..51908e23b 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.if.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4 @@ -580,6 +580,8 @@ define(`create_port_attrib_interfaces',`create_port_interfaces($1,port,attribute # define(`network_port',` create_port_type_interfaces($*) +create_packet_interfaces($1_client) +create_packet_interfaces($1_server) ') # diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in index be2e87e55..34e031c93 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.in +++ b/refpolicy/policy/modules/kernel/corenetwork.te.in @@ -26,9 +26,14 @@ dev_node(tun_tap_device_t) ######################################## # -# Ports +# Ports and packets # +# +# packet_t is the default type of IPv4 and IPv6 packets. +# +type packet_t, packet_type; + # # port_t is the default type of INET port numbers. # @@ -126,7 +131,7 @@ network_port(syslogd, udp,514,s0) network_port(telnetd, tcp,23,s0) network_port(tftp, udp,69,s0) network_port(tor, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0) -network_port(traceroute, udp,64000-64010,s0) +network_port(traceroute, udp,64000,s0, udp,64001,s0, udp,64002,s0, udp,64003,s0, udp,64004,s0, udp,64005,s0, udp,64006,s0, udp,64007,s0, udp,64008,s0, udp,64009,s0, udp,64010,s0) network_port(transproxy, tcp,8081,s0) type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon network_port(uucpd, tcp,540,s0) @@ -179,15 +184,6 @@ ifdef(`enable_mls',` network_interface(lo, lo,s0 - s15:c0.c255) ') -######################################## -# -# Network Packets -# - -network_packet(dns) -network_packet(ldap) -network_packet(portmap) - ######################################## # # Unconfined access to this module diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.m4 b/refpolicy/policy/modules/kernel/corenetwork.te.m4 index 65bb84799..708589745 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4 @@ -60,6 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl # define(`network_port',` type $1_port_t, port_type; +type $1_client_packet_t, packet_type; +type $1_server_packet_t, packet_type; declare_ports($1_port_t,shift($*)) ')