asterisk patch from Dan Walsh.

2009-12-18 10:37:52 -05:00 · 2009-12-18 10:37:52 -05:00 · 32f27a7489
commit 32f27a7489
parent 7e81399d84
3 changed files with 26 additions and 4 deletions
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@ -1,5 +1,5 @@

-policy_module(corenetwork, 1.13.0)
+policy_module(corenetwork, 1.13.1)

 ########################################
 #
@ -75,7 +75,7 @@ network_port(amavisd_recv, tcp,10024,s0)
 network_port(amavisd_send, tcp,10025,s0)
 network_port(aol, udp,5190,s0, tcp,5190,s0, udp,5191,s0, tcp,5191,s0, udp,5192,s0, tcp,5192,s0, udp,5193,s0, tcp,5193,s0) 
 network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
-network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0, udp,5060,s0)
+network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
 network_port(audit, tcp,60,s0)
 network_port(auth, tcp,113,s0)
 network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
@ -172,6 +172,7 @@ network_port(rsh, tcp,514,s0)
 network_port(rsync, tcp,873,s0, udp,873,s0)
 network_port(rwho, udp,513,s0)
 network_port(sap, tcp,9875,s0, udp,9875,s0)
+network_port(sip, tcp,5060,s0, udp,5060,s0, tcp,5061,s0, udp,5061,s0)
 network_port(smbd, tcp,137-139,s0, tcp,445,s0)
 network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
 network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
--- a/policy/modules/services/asterisk.if
+++ b/policy/modules/services/asterisk.if
@ -1,8 +1,28 @@
 ## <summary>Asterisk IP telephony server</summary>

+#####################################
+## <summary>
+##	Connect to asterisk over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`asterisk_stream_connect',`
+	gen_require(`
+		type asterisk_t, asterisk_var_run_t;
+	')
+
+	files_search_pids($1)
+	stream_connect_pattern($1, asterisk_var_run_t, asterisk_var_run_t, asterisk_t)
+')
+
 ########################################
 ## <summary>
-##	All of the rules required to administrate 
+##	All of the rules required to administrate
 ##	an asterisk environment
 ## </summary>
 ## <param name="domain">
--- a/policy/modules/services/asterisk.te
+++ b/policy/modules/services/asterisk.te
@ -1,5 +1,5 @@

-policy_module(asterisk, 1.7.0)
+policy_module(asterisk, 1.7.1)

 ########################################
 #
@ -97,6 +97,7 @@ corenet_tcp_bind_generic_node(asterisk_t)
 corenet_udp_bind_generic_node(asterisk_t)
 corenet_tcp_bind_asterisk_port(asterisk_t)
 corenet_udp_bind_asterisk_port(asterisk_t)
+corenet_udp_bind_sip_port(asterisk_t)
 corenet_sendrecv_asterisk_server_packets(asterisk_t)
 # for VOIP voice channels.
 corenet_tcp_bind_generic_port(asterisk_t)