add generic packet interfaces, and fix up unconfined handling

refpolicy/policy/modules/kernel/corenetwork.if.in

@@ -1308,6 +1308,75 @@ interface(`corenet_non_ipsec_sendrecv',`
 	kernel_sendrecv_unlabeled_association($1)
 ')
 
+########################################
+## <summary>
+##	Send generic packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_send_generic_packets',`
+	gen_require(`
+		type packet_t;
+	')
+
+	allow $1 packet_t:packet send;
+')
+
+########################################
+## <summary>
+##	Receive generic packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_receive_generic_packets',`
+	gen_require(`
+		type packet_t;
+	')
+
+	allow $1 packet_t:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive generic packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_sendrecv_generic_packets',`
+	corenet_send_generic_packets($1)
+	corenet_recveive_generic_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to the generic packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_generic_packets',`
+	gen_require(`
+		type packet_t;
+	')
+
+	allow $1 packet_t:packet relabelto;
+')
+
 ########################################
 ## <summary>
 ##	Send and receive unlabeled packets.

refpolicy/policy/modules/kernel/corenetwork.te.in

@@ -1,5 +1,5 @@
 
-policy_module(corenetwork,1.1.8)
+policy_module(corenetwork,1.1.9)
 
 ########################################
 #
@@ -198,6 +198,3 @@ allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
 # Bind to any network address.
 allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
 allow corenet_unconfined_type node_type:{ tcp_socket udp_socket } node_bind;
-
-corenet_non_ipsec_sendrecv(corenet_unconfined_type)
-corenet_sendrecv_unlabeled_packets(corenet_unconfined_type)

refpolicy/policy/modules/kernel/kernel.te

@@ -1,5 +1,5 @@
 
-policy_module(kernel,1.3.6)
+policy_module(kernel,1.3.7)
 
 ########################################
 #
@@ -351,5 +351,6 @@ allow kern_unconfined kernel_t:system *;
 allow kern_unconfined unlabeled_t:dir_file_class_set *;
 allow kern_unconfined unlabeled_t:filesystem *;
 allow kern_unconfined unlabeled_t:association *;
+allow kern_unconfined unlabeled_t:packet *;
 
 kernel_rw_all_sysctls(kern_unconfined)