Add MLS constraints for several network related access controls including
the new ingress/egress controls and the older Secmark controls. Based on
the following post to the SELinux Reference Policy mailing list:
* http://oss.tresys.com/pipermail/refpolicy/2009-February/000579.html
> We could add another 'or' on the above constraint:
>
> or ( (t2 == mlsfilewrite_in_range) and (l1 dom l2) and (h1 domby h2) )
>
> I believe that would be the constraint you were looking for. I don't
> like the name of that attribute, but I couldn't come up with a better
> one off the top of my head. :)
>
Attached is a patch which I've tested against selinux-policy-2.4.2-1
that implements this additional constraint. The name is still a bit
forced, but it works.
-matt <mra at hp dot com>
