From 378d5cda0551cc6f190f4119d516a53e97b10d25 Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 25 May 2006 17:56:07 +0000
Subject: [PATCH] initial packet rules

---
 refpolicy/policy/modules/services/avahi.te   | 4 +++-
 refpolicy/policy/modules/services/cups.te    | 5 ++++-
 refpolicy/policy/modules/services/portmap.te | 8 ++++----
 refpolicy/policy/modules/services/rpc.if     | 5 ++---
 refpolicy/policy/modules/services/rpc.te     | 2 +-
 5 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/refpolicy/policy/modules/services/avahi.te b/refpolicy/policy/modules/services/avahi.te
index 90aa110a..86a2b046 100644
--- a/refpolicy/policy/modules/services/avahi.te
+++ b/refpolicy/policy/modules/services/avahi.te
@@ -1,5 +1,5 @@
 
-policy_module(avahi,1.2.2)
+policy_module(avahi,1.2.3)
 
 ########################################
 #
@@ -49,6 +49,8 @@ corenet_tcp_bind_all_nodes(avahi_t)
 corenet_udp_bind_all_nodes(avahi_t)
 corenet_tcp_bind_howl_port(avahi_t)
 corenet_udp_bind_howl_port(avahi_t)
+corenet_send_howl_client_packets(avahi_t)
+corenet_receive_howl_server_packets(avahi_t)
 
 dev_read_sysfs(avahi_t)
 dev_read_urand(avahi_t)
diff --git a/refpolicy/policy/modules/services/cups.te b/refpolicy/policy/modules/services/cups.te
index 37c3f43e..fd28c562 100644
--- a/refpolicy/policy/modules/services/cups.te
+++ b/refpolicy/policy/modules/services/cups.te
@@ -1,5 +1,5 @@
 
-policy_module(cups,1.3.4)
+policy_module(cups,1.3.5)
 
 ########################################
 #
@@ -144,6 +144,7 @@ corenet_udp_bind_ipp_port(cupsd_t)
 corenet_tcp_bind_reserved_port(cupsd_t)
 corenet_dontaudit_tcp_bind_all_reserved_ports(cupsd_t)
 corenet_tcp_connect_all_ports(cupsd_t)
+corenet_sendrecv_hplip_client_packets(cupsd_t)
 
 dev_rw_printer(cupsd_t)
 dev_read_urand(cupsd_t)
@@ -419,6 +420,8 @@ corenet_udp_bind_all_nodes(hplip_t)
 corenet_tcp_bind_hplip_port(hplip_t)
 corenet_tcp_connect_hplip_port(hplip_t)
 corenet_tcp_connect_ipp_port(hplip_t)
+corenet_sendrecv_hplip_client_packets(hplip_t)
+corenet_receive_hplip_client_packets(hplip_t)
 
 dev_read_sysfs(hplip_t)
 dev_rw_printer(hplip_t)
diff --git a/refpolicy/policy/modules/services/portmap.te b/refpolicy/policy/modules/services/portmap.te
index 113f9218..803db193 100644
--- a/refpolicy/policy/modules/services/portmap.te
+++ b/refpolicy/policy/modules/services/portmap.te
@@ -1,5 +1,5 @@
 
-policy_module(portmap,1.2.1)
+policy_module(portmap,1.2.2)
 
 ########################################
 #
@@ -47,20 +47,20 @@ kernel_list_proc(portmap_t)
 kernel_read_proc_symlinks(portmap_t)
 kernel_tcp_recvfrom(portmap_t) 
 
+corenet_non_ipsec_sendrecv(portmap_t)
 corenet_tcp_sendrecv_all_if(portmap_t)
 corenet_udp_sendrecv_all_if(portmap_t)
-corenet_raw_sendrecv_all_if(portmap_t)
 corenet_tcp_sendrecv_all_nodes(portmap_t)
 corenet_udp_sendrecv_all_nodes(portmap_t)
-corenet_raw_sendrecv_all_nodes(portmap_t)
 corenet_tcp_sendrecv_all_ports(portmap_t)
 corenet_udp_sendrecv_all_ports(portmap_t)
-corenet_non_ipsec_sendrecv(portmap_t)
 corenet_tcp_bind_all_nodes(portmap_t)
 corenet_udp_bind_all_nodes(portmap_t)
 corenet_tcp_bind_portmap_port(portmap_t)
 corenet_udp_bind_portmap_port(portmap_t)
 corenet_tcp_connect_all_ports(portmap_t)
+corenet_sendrecv_portmap_client_packets(portmap_t)
+corenet_receive_portmap_server_packets(portmap_t)
 # portmap binds to arbitary ports
 corenet_tcp_bind_generic_port(portmap_t)
 corenet_udp_bind_generic_port(portmap_t)
diff --git a/refpolicy/policy/modules/services/rpc.if b/refpolicy/policy/modules/services/rpc.if
index bd069add..e68cc84f 100644
--- a/refpolicy/policy/modules/services/rpc.if
+++ b/refpolicy/policy/modules/services/rpc.if
@@ -52,20 +52,19 @@ template(`rpc_domain_template', `
 
 	dev_read_sysfs($1_t)
 
+	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_sendrecv_all_if($1_t)
 	corenet_udp_sendrecv_all_if($1_t)
-	corenet_raw_sendrecv_all_if($1_t)
 	corenet_tcp_sendrecv_all_nodes($1_t)
 	corenet_udp_sendrecv_all_nodes($1_t)
-	corenet_raw_sendrecv_all_nodes($1_t)
 	corenet_tcp_sendrecv_all_ports($1_t)
 	corenet_udp_sendrecv_all_ports($1_t)
-	corenet_non_ipsec_sendrecv($1_t)
 	corenet_tcp_bind_all_nodes($1_t)
 	corenet_udp_bind_all_nodes($1_t)
 	corenet_tcp_bind_reserved_port($1_t)
 	corenet_tcp_bind_reserved_port($1_t)
 	corenet_tcp_connect_all_ports($1_t)
+	corenet_sendrecv_portmap_client_packets($1_t)
 	# do not log when it tries to bind to a port belonging to another domain
 	corenet_dontaudit_tcp_bind_all_reserved_ports($1_t)
 	corenet_dontaudit_udp_bind_all_reserved_ports($1_t)
diff --git a/refpolicy/policy/modules/services/rpc.te b/refpolicy/policy/modules/services/rpc.te
index f8403b7b..efb242fc 100644
--- a/refpolicy/policy/modules/services/rpc.te
+++ b/refpolicy/policy/modules/services/rpc.te
@@ -1,5 +1,5 @@
 
-policy_module(rpc,1.2.4)
+policy_module(rpc,1.2.5)
 
 ########################################
 #