fix temporary rules in portmap, bug 1467

refpolicy/Changelog

@@ -1,3 +1,4 @@
+- Fix temporary rules at the bottom of portmap.
 - Updated comments in mls file from Chad Hanson.
 - Added modules:
 	amavis (Erich Schubert)

refpolicy/policy/modules/services/portmap.te

@@ -1,5 +1,5 @@
 
-policy_module(portmap,1.2.0)
+policy_module(portmap,1.2.1)
 
 ########################################
 #
@@ -209,12 +209,3 @@ optional_policy(`mount',`
 optional_policy(`nis',`
 	nis_use_ypbind(portmap_helper_t)
 ')
-
-# temporary:
-gen_require(`
-	type rpcd_t, nfsd_t;
-')
-# rpcd_t needs to talk to the portmap_t domain
-portmap_udp_chat(rpcd_t) 
-portmap_tcp_connect(nfsd_t) 
-portmap_udp_chat(nfsd_t)

refpolicy/policy/modules/services/rpc.te

@@ -1,5 +1,5 @@
 
-policy_module(rpc,1.2.0)
+policy_module(rpc,1.2.1)
 
 ########################################
 #
@@ -63,6 +63,8 @@ files_manage_mounttab(rpcd_t)
 
 seutil_dontaudit_search_config(rpcd_t)
 
+portmap_udp_chat(rpcd_t) 
+
 ifdef(`distro_redhat',`
 	allow rpcd_t self:capability { chown dac_override setgid setuid };
 ')
@@ -104,6 +106,9 @@ files_getattr_tmp_dirs(nfsd_t)
 # cjp: this should really have its own type
 files_manage_mounttab(rpcd_t)
 
+portmap_tcp_connect(nfsd_t) 
+portmap_udp_chat(nfsd_t)
+
 tunable_policy(`nfs_export_all_rw',`
 	auth_read_all_dirs_except_shadow(nfsd_t) 
 	fs_read_noxattr_fs_files(nfsd_t)