From 7417fe79593ea189c0a418a4469b6300dd7ab5df Mon Sep 17 00:00:00 2001
From: Miroslav Grepl <mgrepl@fedoraproject.org>
Date: Jan 13 2009 18:49:48 +0000
Subject: - Allow kismet read generic files in /usr

- Lots of fixes for munin

---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index 5b90434..2d187fe 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -1,12 +1,25 @@
+Binary files nsaserefpolicy/amavis.pp and serefpolicy-3.3.1/amavis.pp differ
+Binary files nsaserefpolicy/amtu.pp and serefpolicy-3.3.1/amtu.pp differ
+Binary files nsaserefpolicy/apcupsd.pp and serefpolicy-3.3.1/apcupsd.pp differ
+Binary files nsaserefpolicy/audioentropy.pp and serefpolicy-3.3.1/audioentropy.pp differ
+Binary files nsaserefpolicy/awstats.pp and serefpolicy-3.3.1/awstats.pp differ
+Binary files nsaserefpolicy/base.pp and serefpolicy-3.3.1/base.pp differ
+Binary files nsaserefpolicy/bitlbee.pp and serefpolicy-3.3.1/bitlbee.pp differ
+Binary files nsaserefpolicy/calamaris.pp and serefpolicy-3.3.1/calamaris.pp differ
+Binary files nsaserefpolicy/ccs.pp and serefpolicy-3.3.1/ccs.pp differ
+Binary files nsaserefpolicy/cdrecord.pp and serefpolicy-3.3.1/cdrecord.pp differ
+Binary files nsaserefpolicy/certwatch.pp and serefpolicy-3.3.1/certwatch.pp differ
+Binary files nsaserefpolicy/cipe.pp and serefpolicy-3.3.1/cipe.pp differ
+Binary files nsaserefpolicy/clamav.pp and serefpolicy-3.3.1/clamav.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/failsafe_context serefpolicy-3.3.1/config/appconfig-mcs/failsafe_context
 --- nsaserefpolicy/config/appconfig-mcs/failsafe_context	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/failsafe_context	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/failsafe_context	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1 @@
 -sysadm_r:sysadm_t:s0
 +system_r:unconfined_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/guest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/guest_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/guest_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,6 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -16,7 +29,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/guest_u
 +guest_r:guest_t:s0		guest_r:guest_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/root_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/root_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/root_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/root_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -1,11 +1,7 @@
  system_r:crond_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_crond_t:s0 staff_r:staff_crond_t:s0 user_r:user_crond_t:s0
  system_r:local_login_t:s0	unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
@@ -32,7 +45,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/root_de
 +system_r:sshd_t:s0		unconfined_r:unconfined_t:s0 sysadm_r:sysadm_t:s0 staff_r:staff_t:s0 user_r:user_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/staff_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/staff_u_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/staff_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/staff_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -5,6 +5,8 @@
  system_r:xdm_t:s0		staff_r:staff_t:s0
  staff_r:staff_su_t:s0		staff_r:staff_t:s0
@@ -44,7 +57,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/staff_u
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/unconfined_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/unconfined_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/unconfined_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/unconfined_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,11 @@
 +system_r:crond_t:s0		unconfined_r:unconfined_t:s0
 +system_r:initrc_t:s0		unconfined_r:unconfined_t:s0
@@ -59,13 +72,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/unconfi
 +system_r:xdm_t:s0		unconfined_r:unconfined_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/userhelper_context serefpolicy-3.3.1/config/appconfig-mcs/userhelper_context
 --- nsaserefpolicy/config/appconfig-mcs/userhelper_context	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/userhelper_context	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/userhelper_context	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1 @@
 -system_u:sysadm_r:sysadm_t:s0
 +system_u:system_r:unconfined_t:s0	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/user_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/user_u_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/user_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/user_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -5,4 +5,5 @@
  system_r:xdm_t:s0		user_r:user_t:s0
  user_r:user_su_t:s0		user_r:user_t:s0
@@ -75,7 +88,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/user_u_
 +user_r:user_t:s0		user_r:user_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/x_contexts serefpolicy-3.3.1/config/appconfig-mcs/x_contexts
 --- nsaserefpolicy/config/appconfig-mcs/x_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/x_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/x_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,188 @@
 +#
 +# Config file for XSELinux extension
@@ -267,7 +280,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/x_conte
 +event *					system_u:object_r:default_xevent_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts serefpolicy-3.3.1/config/appconfig-mcs/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mcs/xguest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mcs/xguest_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mcs/xguest_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,7 @@
 +system_r:local_login_t	xguest_r:xguest_t:s0
 +system_r:remote_login_t	xguest_r:xguest_t:s0
@@ -278,7 +291,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mcs/xguest_
 +xguest_r:xguest_t:s0	xguest_r:xguest_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts serefpolicy-3.3.1/config/appconfig-mls/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-mls/guest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mls/guest_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mls/guest_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,4 @@
 +system_r:local_login_t:s0	guest_r:guest_t:s0
 +system_r:remote_login_t:s0	guest_r:guest_t:s0
@@ -286,7 +299,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/guest_u
 +system_r:crond_t:s0		guest_r:guest_crond_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/x_contexts serefpolicy-3.3.1/config/appconfig-mls/x_contexts
 --- nsaserefpolicy/config/appconfig-mls/x_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-mls/x_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-mls/x_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,188 @@
 +#
 +# Config file for XSELinux extension
@@ -478,7 +491,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-mls/x_conte
 +event *					system_u:object_r:default_xevent_t:s0
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts serefpolicy-3.3.1/config/appconfig-standard/guest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/guest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/guest_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/guest_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,4 @@
 +system_r:local_login_t	guest_r:guest_t
 +system_r:remote_login_t	guest_r:guest_t
@@ -486,7 +499,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/gu
 +system_r:crond_t	guest_r:guest_crond_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/root_default_contexts serefpolicy-3.3.1/config/appconfig-standard/root_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/root_default_contexts	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/root_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/root_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -1,11 +1,7 @@
  system_r:crond_t	unconfined_r:unconfined_t sysadm_r:sysadm_crond_t staff_r:staff_crond_t user_r:user_crond_t
  system_r:local_login_t  unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
@@ -502,7 +515,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/ro
 +system_r:sshd_t	unconfined_r:unconfined_t sysadm_r:sysadm_t staff_r:staff_t user_r:user_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/x_contexts serefpolicy-3.3.1/config/appconfig-standard/x_contexts
 --- nsaserefpolicy/config/appconfig-standard/x_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/x_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/x_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,188 @@
 +#
 +# Config file for XSELinux extension
@@ -694,16 +707,196 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/x_
 +event *					system_u:object_r:default_xevent_t
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts serefpolicy-3.3.1/config/appconfig-standard/xguest_u_default_contexts
 --- nsaserefpolicy/config/appconfig-standard/xguest_u_default_contexts	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/config/appconfig-standard/xguest_u_default_contexts	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/config/appconfig-standard/xguest_u_default_contexts	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,5 @@
 +system_r:local_login_t	xguest_r:xguest_t
 +system_r:remote_login_t	xguest_r:xguest_t
 +system_r:sshd_t		xguest_r:xguest_t
 +system_r:crond_t	xguest_r:xguest_crond_t
 +system_r:xdm_t		xguest_r:xguest_t
+Binary files nsaserefpolicy/consolekit.pp and serefpolicy-3.3.1/consolekit.pp differ
+Binary files nsaserefpolicy/courier.pp and serefpolicy-3.3.1/courier.pp differ
+Binary files nsaserefpolicy/cyphesis.pp and serefpolicy-3.3.1/cyphesis.pp differ
+Binary files nsaserefpolicy/daemontools.pp and serefpolicy-3.3.1/daemontools.pp differ
+Binary files nsaserefpolicy/dcc.pp and serefpolicy-3.3.1/dcc.pp differ
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/global_booleans.xml serefpolicy-3.3.1/doc/global_booleans.xml
+--- nsaserefpolicy/doc/global_booleans.xml	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.3.1/doc/global_booleans.xml	2009-01-13 19:18:38.000000000 +0100
+@@ -0,0 +1,25 @@
++<bool name="secure_mode" dftval="false">
++<desc>
++<p>
++Enabling secure mode disallows programs, such as
++newrole, from transitioning to administrative
++user domains.
++</p>
++</desc>
++</bool>
++<bool name="secure_mode_insmod" dftval="false">
++<desc>
++<p>
++Disable transitions to insmod.
++</p>
++</desc>
++</bool>
++<bool name="secure_mode_policyload" dftval="false">
++<desc>
++<p>
++boolean to determine whether the system permits loading policy, setting
++enforcing mode, and changing boolean values.  Set this to true and you
++have to reboot to set it back
++</p>
++</desc>
++</bool>
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/doc/global_tunables.xml serefpolicy-3.3.1/doc/global_tunables.xml
+--- nsaserefpolicy/doc/global_tunables.xml	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.3.1/doc/global_tunables.xml	2009-01-13 19:18:38.000000000 +0100
+@@ -0,0 +1,124 @@
++<tunable name="allow_execheap" dftval="false">
++<desc>
++<p>
++Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
++</p>
++</desc>
++</tunable>
++<tunable name="allow_execmem" dftval="false">
++<desc>
++<p>
++Allow unconfined executables to map a memory region as both executable and writable, this is dangerous and the executable should be reported in bugzilla")
++</p>
++</desc>
++</tunable>
++<tunable name="allow_execmod" dftval="false">
++<desc>
++<p>
++Allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t")
++</p>
++</desc>
++</tunable>
++<tunable name="allow_execstack" dftval="false">
++<desc>
++<p>
++Allow unconfined executables to make their stack executable.  This should never, ever be necessary. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla")
++</p>
++</desc>
++</tunable>
++<tunable name="allow_polyinstantiation" dftval="false">
++<desc>
++<p>
++Allow login programs to use polyinstantiated directories.
++</p>
++</desc>
++</tunable>
++<tunable name="allow_ypbind" dftval="false">
++<desc>
++<p>
++Allow system to run with NIS
++</p>
++</desc>
++</tunable>
++<tunable name="global_ssp" dftval="false">
++<desc>
++<p>
++Enable reading of urandom for all domains.
++</p>
++<p>
++This should be enabled when all programs
++are compiled with ProPolice/SSP
++stack smashing protection.  All domains will
++be allowed to read from /dev/urandom.
++</p>
++</desc>
++</tunable>
++<tunable name="nfs_export_all_rw" dftval="false">
++<desc>
++<p>
++Allow any files/directories to be exported read/write via NFS.
++</p>
++</desc>
++</tunable>
++<tunable name="nfs_export_all_ro" dftval="false">
++<desc>
++<p>
++Allow any files/directories to be exported read/only via NFS.
++</p>
++</desc>
++</tunable>
++<tunable name="read_default_t" dftval="false">
++<desc>
++<p>
++Allow reading of default_t files.
++</p>
++</desc>
++</tunable>
++<tunable name="read_untrusted_content" dftval="false">
++<desc>
++<p>
++Allow applications to read untrusted content
++If this is disallowed, Internet content has
++to be manually relabeled for read access to be granted
++</p>
++</desc>
++</tunable>
++<tunable name="use_nfs_home_dirs" dftval="false">
++<desc>
++<p>
++Support NFS home directories
++</p>
++</desc>
++</tunable>
++<tunable name="use_samba_home_dirs" dftval="false">
++<desc>
++<p>
++Support SAMBA home directories
++</p>
++</desc>
++</tunable>
++<tunable name="user_tcp_server" dftval="false">
++<desc>
++<p>
++Allow users to run TCP servers (bind to ports and accept connection from
++the same domain and outside users)  disabling this forces FTP passive mode
++and may change other protocols.
++</p>
++</desc>
++</tunable>
++<tunable name="write_untrusted_content" dftval="false">
++<desc>
++<p>
++Allow applications to write untrusted content
++If this is disallowed, no Internet content
++will be stored.
++</p>
++</desc>
++</tunable>
++<tunable name="allow_console_login" dftval="false">
++<desc>
++<p>
++Allow direct login to the console device. Required for System 390
++</p>
++</desc>
++</tunable>
+Binary files nsaserefpolicy/ethereal.pp and serefpolicy-3.3.1/ethereal.pp differ
+Binary files nsaserefpolicy/exim.pp and serefpolicy-3.3.1/exim.pp differ
+Binary files nsaserefpolicy/fail2ban.pp and serefpolicy-3.3.1/fail2ban.pp differ
+Binary files nsaserefpolicy/games.pp and serefpolicy-3.3.1/games.pp differ
+Binary files nsaserefpolicy/gamin.pp and serefpolicy-3.3.1/gamin.pp differ
+Binary files nsaserefpolicy/gnomeclock.pp and serefpolicy-3.3.1/gnomeclock.pp differ
+Binary files nsaserefpolicy/gnome.pp and serefpolicy-3.3.1/gnome.pp differ
+Binary files nsaserefpolicy/gpg.pp and serefpolicy-3.3.1/gpg.pp differ
+Binary files nsaserefpolicy/guest.pp and serefpolicy-3.3.1/guest.pp differ
+Binary files nsaserefpolicy/hal.pp and serefpolicy-3.3.1/hal.pp differ
+Binary files nsaserefpolicy/ipsec.pp and serefpolicy-3.3.1/ipsec.pp differ
+Binary files nsaserefpolicy/irc.pp and serefpolicy-3.3.1/irc.pp differ
+Binary files nsaserefpolicy/iscsi.pp and serefpolicy-3.3.1/iscsi.pp differ
+Binary files nsaserefpolicy/kerneloops.pp and serefpolicy-3.3.1/kerneloops.pp differ
+Binary files nsaserefpolicy/kismet.pp and serefpolicy-3.3.1/kismet.pp differ
+Binary files nsaserefpolicy/lockdev.pp and serefpolicy-3.3.1/lockdev.pp differ
+Binary files nsaserefpolicy/logadm.pp and serefpolicy-3.3.1/logadm.pp differ
+Binary files nsaserefpolicy/mailscanner.pp and serefpolicy-3.3.1/mailscanner.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.3.1/Makefile
 --- nsaserefpolicy/Makefile	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/Makefile	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/Makefile	2009-01-13 19:18:30.000000000 +0100
 @@ -235,7 +235,7 @@
  appdir := $(contextpath)
  user_default_contexts := $(wildcard config/appconfig-$(TYPE)/*_default_contexts)
@@ -759,7 +952,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Makefile serefpolicy-3.3.1/M
  	$(verbose) $(INSTALL) -m 644 $< $@
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 serefpolicy-3.3.1/man/man8/ftpd_selinux.8
 --- nsaserefpolicy/man/man8/ftpd_selinux.8	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/man/man8/ftpd_selinux.8	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/man/man8/ftpd_selinux.8	2009-01-13 19:18:30.000000000 +0100
 @@ -1,52 +1,65 @@
 -.TH  "ftpd_selinux"  "8"  "17 Jan 2005" "dwalsh@redhat.com" "ftpd Selinux Policy documentation"
 +.TH  "ftpd_selinux"  "8"  "17 Jan 2005" "dwalsh@redhat.com" "ftpd SELinux policy documentation"
@@ -867,7 +1060,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/ftpd_selinux.8 sere
 +selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 serefpolicy-3.3.1/man/man8/httpd_selinux.8
 --- nsaserefpolicy/man/man8/httpd_selinux.8	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/man/man8/httpd_selinux.8	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/man/man8/httpd_selinux.8	2009-01-13 19:18:30.000000000 +0100
 @@ -22,23 +22,19 @@
  .EX
  httpd_sys_content_t 
@@ -897,9 +1090,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/man/man8/httpd_selinux.8 ser
  .EX
  httpd_unconfined_script_exec_t  
  .EE 
+Binary files nsaserefpolicy/mozilla.pp and serefpolicy-3.3.1/mozilla.pp differ
+Binary files nsaserefpolicy/mplayer.pp and serefpolicy-3.3.1/mplayer.pp differ
+Binary files nsaserefpolicy/mrtg.pp and serefpolicy-3.3.1/mrtg.pp differ
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors serefpolicy-3.3.1/policy/flask/access_vectors
 --- nsaserefpolicy/policy/flask/access_vectors	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/flask/access_vectors	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/flask/access_vectors	2009-01-13 19:18:30.000000000 +0100
 @@ -125,6 +125,7 @@
  	reparent
  	search
@@ -1186,7 +1382,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/access_vectors 
 +}
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classes serefpolicy-3.3.1/policy/flask/security_classes
 --- nsaserefpolicy/policy/flask/security_classes	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/flask/security_classes	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/flask/security_classes	2009-01-13 19:18:30.000000000 +0100
 @@ -50,21 +50,19 @@
  # passwd/chfn/chsh
  class passwd			# userspace
@@ -1235,7 +1431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/flask/security_classe
  # FLASK
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables serefpolicy-3.3.1/policy/global_tunables
 --- nsaserefpolicy/policy/global_tunables	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/global_tunables	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/global_tunables	2009-01-13 19:18:30.000000000 +0100
 @@ -34,7 +34,7 @@
  
  ## <desc>
@@ -1276,7 +1472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.3.1/policy/mls
 --- nsaserefpolicy/policy/mls	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/mls	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/mls	2009-01-13 19:18:30.000000000 +0100
 @@ -371,78 +371,53 @@
  
  
@@ -1558,7 +1754,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.3.1
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.3.1/policy/modules/admin/alsa.te
 --- nsaserefpolicy/policy/modules/admin/alsa.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/alsa.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/alsa.te	2009-01-13 19:18:30.000000000 +0100
 @@ -48,6 +48,7 @@
  
  files_search_home(alsa_t)
@@ -1569,7 +1765,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-3.3.1/policy/modules/admin/amanda.fc
 --- nsaserefpolicy/policy/modules/admin/amanda.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -3,6 +3,7 @@
  /etc/amanda/.*/tapelist(/.*)?		gen_context(system_u:object_r:amanda_data_t,s0)
  /etc/amandates				gen_context(system_u:object_r:amanda_amandates_t,s0)
@@ -1580,7 +1776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te
 --- nsaserefpolicy/policy/modules/admin/amanda.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te	2009-01-13 19:18:30.000000000 +0100
 @@ -82,8 +82,9 @@
  allow amanda_t amanda_config_t:file { getattr read };
  
@@ -1630,7 +1826,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
  libs_use_shared_libs(amanda_recover_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.3.1/policy/modules/admin/anaconda.te
 --- nsaserefpolicy/policy/modules/admin/anaconda.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/anaconda.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/anaconda.te	2009-01-13 19:18:30.000000000 +0100
 @@ -31,15 +31,14 @@
  modutils_domtrans_insmod(anaconda_t)
  
@@ -1653,7 +1849,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.if serefpolicy-3.3.1/policy/modules/admin/bootloader.if
 --- nsaserefpolicy/policy/modules/admin/bootloader.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/bootloader.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/bootloader.if	2009-01-13 19:18:30.000000000 +0100
 @@ -49,6 +49,10 @@
  
  	role $2 types bootloader_t;
@@ -1667,7 +1863,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-3.3.1/policy/modules/admin/bootloader.te
 --- nsaserefpolicy/policy/modules/admin/bootloader.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/bootloader.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/bootloader.te	2009-01-13 19:18:30.000000000 +0100
 @@ -215,3 +215,7 @@
  	userdom_dontaudit_search_staff_home_dirs(bootloader_t)
  	userdom_dontaudit_search_sysadm_home_dirs(bootloader_t)
@@ -1678,7 +1874,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.3.1/policy/modules/admin/brctl.te
 --- nsaserefpolicy/policy/modules/admin/brctl.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/brctl.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/brctl.te	2009-01-13 19:18:30.000000000 +0100
 @@ -33,6 +33,8 @@
  
  files_read_etc_files(brctl_t)
@@ -1690,7 +1886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.t
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.3.1/policy/modules/admin/certwatch.te
 --- nsaserefpolicy/policy/modules/admin/certwatch.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/certwatch.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/certwatch.te	2009-01-13 19:18:30.000000000 +0100
 @@ -18,6 +18,9 @@
  
  files_read_etc_files(certwatch_t)
@@ -1703,7 +1899,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.3.1/policy/modules/admin/consoletype.te
 --- nsaserefpolicy/policy/modules/admin/consoletype.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/consoletype.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/consoletype.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,9 +8,11 @@
  
  type consoletype_t;
@@ -1729,7 +1925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
  init_use_fds(consoletype_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-3.3.1/policy/modules/admin/firstboot.if
 --- nsaserefpolicy/policy/modules/admin/firstboot.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/firstboot.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/firstboot.if	2009-01-13 19:18:30.000000000 +0100
 @@ -141,4 +141,6 @@
  	')
  
@@ -1739,7 +1935,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.3.1/policy/modules/admin/firstboot.te
 --- nsaserefpolicy/policy/modules/admin/firstboot.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/firstboot.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/firstboot.te	2009-01-13 19:18:30.000000000 +0100
 @@ -35,9 +35,6 @@
  
  allow firstboot_t firstboot_etc_t:file { getattr read };
@@ -1788,7 +1984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
  ') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.fc serefpolicy-3.3.1/policy/modules/admin/kismet.fc
 --- nsaserefpolicy/policy/modules/admin/kismet.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,4 @@
 +/usr/bin/kismet			--	gen_context(system_u:object_r:kismet_exec_t,s0)
 +/var/lib/kismet(/.*)?			gen_context(system_u:object_r:kismet_var_lib_t,s0)
@@ -1796,7 +1992,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +/var/run/kismet_server.pid	--	gen_context(system_u:object_r:kismet_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.3.1/policy/modules/admin/kismet.if
 --- nsaserefpolicy/policy/modules/admin/kismet.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,252 @@
 +## <summary>Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.</summary>
 +
@@ -2052,8 +2248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.3.1/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.te	2009-01-05 11:17:34.000000000 +0100
-@@ -0,0 +1,75 @@
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.te	2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,77 @@
 +
 +policy_module(kismet, 1.0.2)
 +
@@ -2117,6 +2313,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +
 +files_read_etc_files(kismet_t)
 +
++files_read_usr_files(kismet_t)
++
 +libs_use_ld_so(kismet_t)
 +libs_use_shared_libs(kismet_t)
 +
@@ -2131,7 +2329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.3.1/policy/modules/admin/kudzu.te
 --- nsaserefpolicy/policy/modules/admin/kudzu.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kudzu.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kudzu.te	2009-01-13 19:18:30.000000000 +0100
 @@ -21,8 +21,8 @@
  # Local policy
  #
@@ -2192,7 +2390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.3.1/policy/modules/admin/logrotate.te
 --- nsaserefpolicy/policy/modules/admin/logrotate.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te	2009-01-13 19:18:30.000000000 +0100
 @@ -96,9 +96,11 @@
  files_read_etc_files(logrotate_t)
  files_read_etc_runtime_files(logrotate_t)
@@ -2216,7 +2414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.3.1/policy/modules/admin/logwatch.te
 --- nsaserefpolicy/policy/modules/admin/logwatch.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/logwatch.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/logwatch.te	2009-01-13 19:18:30.000000000 +0100
 @@ -43,6 +43,8 @@
  kernel_read_fs_sysctls(logwatch_t)
  kernel_read_kernel_sysctls(logwatch_t)
@@ -2275,7 +2473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.3.1/policy/modules/admin/mrtg.te
 --- nsaserefpolicy/policy/modules/admin/mrtg.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te	2009-01-13 19:18:30.000000000 +0100
 @@ -78,6 +78,7 @@
  dev_read_urand(mrtg_t)
  
@@ -2341,7 +2539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.3.1/policy/modules/admin/netutils.if
 --- nsaserefpolicy/policy/modules/admin/netutils.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.if	2009-01-13 19:18:30.000000000 +0100
 @@ -124,6 +124,24 @@
  
  ########################################
@@ -2369,7 +2567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.3.1/policy/modules/admin/netutils.te
 --- nsaserefpolicy/policy/modules/admin/netutils.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.te	2009-01-13 19:18:30.000000000 +0100
 @@ -50,6 +50,7 @@
  files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
  
@@ -2441,7 +2639,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  ifdef(`hide_broken_symptoms',`
  	init_dontaudit_use_fds(ping_t)
  ')
-@@ -143,11 +149,7 @@
+@@ -143,11 +149,8 @@
  ')
  
  optional_policy(`
@@ -2451,10 +2649,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
 -optional_policy(`
 -	nscd_socket_use(ping_t)
 +	munin_append_log(ping_t)
++	munin_dontaudit_rw_tcp_sockets(ping_t)
  ')
  
  optional_policy(`
-@@ -166,7 +168,6 @@
+@@ -166,7 +169,6 @@
  allow traceroute_t self:capability { net_admin net_raw setuid setgid };
  allow traceroute_t self:rawip_socket create_socket_perms;
  allow traceroute_t self:packet_socket create_socket_perms;
@@ -2462,7 +2661,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  allow traceroute_t self:udp_socket create_socket_perms;
  
  kernel_read_system_state(traceroute_t)
-@@ -200,6 +201,8 @@
+@@ -200,6 +202,8 @@
  
  init_use_fds(traceroute_t)
  
@@ -2471,7 +2670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
  libs_use_ld_so(traceroute_t)
  libs_use_shared_libs(traceroute_t)
  
-@@ -212,17 +215,7 @@
+@@ -212,17 +216,7 @@
  dev_read_urand(traceroute_t)
  files_read_usr_files(traceroute_t)
  
@@ -2491,7 +2690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.3.1/policy/modules/admin/prelink.te
 --- nsaserefpolicy/policy/modules/admin/prelink.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/prelink.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/prelink.te	2009-01-13 19:18:30.000000000 +0100
 @@ -26,7 +26,7 @@
  # Local policy
  #
@@ -2551,7 +2750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.3.1/policy/modules/admin/readahead.te
 --- nsaserefpolicy/policy/modules/admin/readahead.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/readahead.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/readahead.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,7 +22,7 @@
  # Local policy
  #
@@ -2563,7 +2762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.3.1/policy/modules/admin/rpm.fc
 --- nsaserefpolicy/policy/modules/admin/rpm.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,5 @@
  
 +/usr/bin/rpm 			--	gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -2600,7 +2799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc 
  ifdef(`distro_suse', `
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.3.1/policy/modules/admin/rpm.if
 --- nsaserefpolicy/policy/modules/admin/rpm.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.if	2009-01-13 19:18:30.000000000 +0100
 @@ -152,6 +152,24 @@
  
  ########################################
@@ -2890,7 +3089,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.3.1/policy/modules/admin/rpm.te
 --- nsaserefpolicy/policy/modules/admin/rpm.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -31,6 +31,9 @@
  files_type(rpm_var_lib_t)
  typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -3042,7 +3241,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te 
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.3.1/policy/modules/admin/sudo.if
 --- nsaserefpolicy/policy/modules/admin/sudo.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/sudo.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/sudo.if	2009-01-13 19:18:30.000000000 +0100
 @@ -55,7 +55,7 @@
  	#
  
@@ -3152,7 +3351,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.3.1/policy/modules/admin/su.if
 --- nsaserefpolicy/policy/modules/admin/su.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/su.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/su.if	2009-01-13 19:18:30.000000000 +0100
 @@ -41,15 +41,13 @@
  
  	allow $2 $1_su_t:process signal;
@@ -3313,7 +3512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
  #######################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
 --- nsaserefpolicy/policy/modules/admin/tmpreaper.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te	2009-01-13 19:18:30.000000000 +0100
 @@ -26,8 +26,12 @@
  files_read_etc_files(tmpreaper_t)
  files_read_var_lib_files(tmpreaper_t)
@@ -3364,7 +3563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.3.1/policy/modules/admin/usermanage.te
 --- nsaserefpolicy/policy/modules/admin/usermanage.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te	2009-01-13 19:18:30.000000000 +0100
 @@ -97,6 +97,7 @@
  
  # allow checking if a shell is executable
@@ -3441,7 +3640,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.3.1/policy/modules/admin/vbetool.te
 --- nsaserefpolicy/policy/modules/admin/vbetool.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te	2009-01-13 19:18:30.000000000 +0100
 @@ -23,6 +23,9 @@
  dev_rwx_zero(vbetool_t)
  dev_read_sysfs(vbetool_t)
@@ -3463,7 +3662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-3.3.1/policy/modules/admin/vpn.fc
 --- nsaserefpolicy/policy/modules/admin/vpn.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -6,6 +6,7 @@
  #
  # /usr
@@ -3474,7 +3673,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc 
  /var/run/vpnc(/.*)?		gen_context(system_u:object_r:vpnc_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.3.1/policy/modules/admin/vpn.if
 --- nsaserefpolicy/policy/modules/admin/vpn.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.if	2009-01-13 19:18:30.000000000 +0100
 @@ -15,7 +15,7 @@
  		type vpnc_t, vpnc_exec_t;
  	')
@@ -3539,7 +3738,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if 
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
 --- nsaserefpolicy/policy/modules/admin/vpn.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te	2009-01-13 19:18:30.000000000 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(vpn,1.7.1)
@@ -3580,7 +3779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te 
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.3.1/policy/modules/apps/ethereal.fc
 --- nsaserefpolicy/policy/modules/apps/ethereal.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.ethereal(/.*)? 		gen_context(system_u:object_r:ROLE_ethereal_home_t,s0)
 +HOME_DIR/\.ethereal(/.*)? 		gen_context(system_u:object_r:user_ethereal_home_t,s0)
@@ -3589,7 +3788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
  /usr/sbin/tethereal.*		--	gen_context(system_u:object_r:tethereal_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.if serefpolicy-3.3.1/policy/modules/apps/ethereal.if
 --- nsaserefpolicy/policy/modules/apps/ethereal.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`ethereal_per_role_template',`
  
@@ -3647,7 +3846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
  #######################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.te serefpolicy-3.3.1/policy/modules/apps/ethereal.te
 --- nsaserefpolicy/policy/modules/apps/ethereal.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,13 @@
  type tethereal_tmp_t;
  files_tmp_file(tethereal_tmp_t)
@@ -3664,7 +3863,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
  # Tethereal policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolution.fc serefpolicy-3.3.1/policy/modules/apps/evolution.fc
 --- nsaserefpolicy/policy/modules/apps/evolution.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/evolution.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/evolution.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -2,13 +2,13 @@
  # HOME_DIR/
  #
@@ -3684,7 +3883,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolutio
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolution.if serefpolicy-3.3.1/policy/modules/apps/evolution.if
 --- nsaserefpolicy/policy/modules/apps/evolution.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/evolution.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/evolution.if	2009-01-13 19:18:30.000000000 +0100
 @@ -247,7 +247,7 @@
  
  	mta_read_config($1_evolution_t)
@@ -3723,7 +3922,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolutio
  		nscd_socket_use($1_evolution_webcal_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.3.1/policy/modules/apps/games.if
 --- nsaserefpolicy/policy/modules/apps/games.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/games.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/games.if	2009-01-13 19:18:30.000000000 +0100
 @@ -146,7 +146,7 @@
  	')
  
@@ -3759,7 +3958,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.fc serefpolicy-3.3.1/policy/modules/apps/gift.fc
 --- nsaserefpolicy/policy/modules/apps/gift.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.giFT(/.*)?			gen_context(system_u:object_r:ROLE_gift_home_t,s0)
 +HOME_DIR/\.giFT(/.*)?			gen_context(system_u:object_r:user_gift_home_t,s0)
@@ -3768,7 +3967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.fc 
  /usr/(local/)?bin/giftd		--	gen_context(system_u:object_r:giftd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.if serefpolicy-3.3.1/policy/modules/apps/gift.if
 --- nsaserefpolicy/policy/modules/apps/gift.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.if	2009-01-13 19:18:30.000000000 +0100
 @@ -43,9 +43,9 @@
  	application_domain($1_gift_t,gift_exec_t)
  	role $3 types $1_gift_t;
@@ -3842,7 +4041,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.if 
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.te serefpolicy-3.3.1/policy/modules/apps/gift.te
 --- nsaserefpolicy/policy/modules/apps/gift.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.te	2009-01-13 19:18:30.000000000 +0100
 @@ -11,3 +11,7 @@
  
  type giftd_exec_t;
@@ -3853,7 +4052,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.te 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.3.1/policy/modules/apps/gnome.fc
 --- nsaserefpolicy/policy/modules/apps/gnome.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,8 +1,8 @@
 -HOME_DIR/\.config/gtk-.*	gen_context(system_u:object_r:ROLE_gnome_home_t,s0)
 -HOME_DIR/\.gconf(d)?(/.*)?	gen_context(system_u:object_r:ROLE_gconf_home_t,s0)
@@ -3870,7 +4069,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
  /usr/libexec/gconfd-2 	--	gen_context(system_u:object_r:gconfd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.3.1/policy/modules/apps/gnome.if
 --- nsaserefpolicy/policy/modules/apps/gnome.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.if	2009-01-13 19:18:30.000000000 +0100
 @@ -33,9 +33,60 @@
  ## </param>
  #
@@ -4106,7 +4305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.3.1/policy/modules/apps/gnome.te
 --- nsaserefpolicy/policy/modules/apps/gnome.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,8 +8,19 @@
  
  attribute gnomedomain;
@@ -4132,7 +4331,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
 +typealias user_gconf_tmp_t alias unconfined_gconf_tmp_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.3.1/policy/modules/apps/gpg.fc
 --- nsaserefpolicy/policy/modules/apps/gpg.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,9 +1,9 @@
 -HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
 +HOME_DIR/\.gnupg(/.+)?		gen_context(system_u:object_r:user_gpg_secret_t,s0)
@@ -4149,7 +4348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
 +/usr/lib(64)?/gnupg/gpgkeys.* --	gen_context(system_u:object_r:gpg_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.3.1/policy/modules/apps/gpg.if
 --- nsaserefpolicy/policy/modules/apps/gpg.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.if	2009-01-13 19:18:30.000000000 +0100
 @@ -38,6 +38,10 @@
  	gen_require(`
  		type gpg_exec_t, gpg_helper_exec_t;
@@ -4475,7 +4674,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.3.1/policy/modules/apps/gpg.te
 --- nsaserefpolicy/policy/modules/apps/gpg.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.te	2009-01-13 19:18:30.000000000 +0100
 @@ -7,15 +7,243 @@
  #
  
@@ -4726,7 +4925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.3.1/policy/modules/apps/irc.fc
 --- nsaserefpolicy/policy/modules/apps/irc.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,7 +1,7 @@
  #
  # /home
@@ -4738,7 +4937,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.3.1/policy/modules/apps/irc.if
 --- nsaserefpolicy/policy/modules/apps/irc.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`irc_per_role_template',`
  	gen_require(`
@@ -4795,7 +4994,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s
  	domtrans_pattern($2,irc_exec_t,$1_irc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.3.1/policy/modules/apps/irc.te
 --- nsaserefpolicy/policy/modules/apps/irc.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,3 +8,10 @@
  
  type irc_exec_t;
@@ -4809,7 +5008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
 +	
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.3.1/policy/modules/apps/java.fc
 --- nsaserefpolicy/policy/modules/apps/java.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -3,14 +3,15 @@
  #
  /opt/(.*/)?bin/java[^/]* --	gen_context(system_u:object_r:java_exec_t,s0)
@@ -4843,7 +5042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc 
 +/usr/bin/octave-[^/]*  	--	gen_context(system_u:object_r:java_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
 --- nsaserefpolicy/policy/modules/apps/java.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.if	2009-01-13 19:18:30.000000000 +0100
 @@ -32,7 +32,7 @@
  ##	</summary>
  ## </param>
@@ -5111,7 +5310,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.3.1/policy/modules/apps/java.te
 --- nsaserefpolicy/policy/modules/apps/java.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.te	2009-01-13 19:18:30.000000000 +0100
 @@ -6,16 +6,10 @@
  # Declarations
  #
@@ -5164,13 +5363,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.3.1/policy/modules/apps/livecd.fc
 --- nsaserefpolicy/policy/modules/apps/livecd.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,2 @@
 +
 +/usr/bin/livecd-creator	--	gen_context(system_u:object_r:livecd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.3.1/policy/modules/apps/livecd.if
 --- nsaserefpolicy/policy/modules/apps/livecd.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,56 @@
 +
 +## <summary>policy for livecd</summary>
@@ -5230,7 +5429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.3.1/policy/modules/apps/livecd.te
 --- nsaserefpolicy/policy/modules/apps/livecd.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,22 @@
 +policy_module(livecd, 1.0.0)
 +
@@ -5256,7 +5455,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.3.1/policy/modules/apps/loadkeys.te
 --- nsaserefpolicy/policy/modules/apps/loadkeys.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te	2009-01-13 19:18:30.000000000 +0100
 @@ -44,3 +44,7 @@
  optional_policy(`
  	nscd_dontaudit_search_pid(loadkeys_t)
@@ -5267,7 +5466,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
 +userdom_dontaudit_list_sysadm_home_dirs(loadkeys_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
 --- nsaserefpolicy/policy/modules/apps/mono.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mono.if	2009-01-13 19:18:30.000000000 +0100
 @@ -18,3 +18,122 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, mono_exec_t, mono_t)
@@ -5393,7 +5592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if 
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.3.1/policy/modules/apps/mono.te
 --- nsaserefpolicy/policy/modules/apps/mono.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mono.te	2009-01-13 19:18:30.000000000 +0100
 @@ -15,7 +15,7 @@
  # Local policy
  #
@@ -5413,7 +5612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te 
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.3.1/policy/modules/apps/mozilla.fc
 --- nsaserefpolicy/policy/modules/apps/mozilla.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,8 +1,8 @@
 -HOME_DIR/\.galeon(/.*)?			gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
 -HOME_DIR/\.java(/.*)?			gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
@@ -5444,7 +5643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.3.1/policy/modules/apps/mozilla.if
 --- nsaserefpolicy/policy/modules/apps/mozilla.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,7 +35,10 @@
  template(`mozilla_per_role_template',`
  	gen_require(`
@@ -5943,7 +6142,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.3.1/policy/modules/apps/mozilla.te
 --- nsaserefpolicy/policy/modules/apps/mozilla.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.te	2009-01-13 19:18:30.000000000 +0100
 @@ -6,15 +6,19 @@
  # Declarations
  #
@@ -5973,7 +6172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.3.1/policy/modules/apps/mplayer.fc
 --- nsaserefpolicy/policy/modules/apps/mplayer.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,13 +1,8 @@
  #
 -# /etc
@@ -5991,7 +6190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
 +HOME_DIR/\.mplayer(/.*)?        gen_context(system_u:object_r:user_mplayer_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.3.1/policy/modules/apps/mplayer.if
 --- nsaserefpolicy/policy/modules/apps/mplayer.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`mplayer_per_role_template',`
  	gen_require(`
@@ -6142,7 +6341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.3.1/policy/modules/apps/mplayer.te
 --- nsaserefpolicy/policy/modules/apps/mplayer.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,3 +22,7 @@
  type mplayer_exec_t;
  corecmd_executable_file(mplayer_exec_t)
@@ -6153,7 +6352,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc
 --- nsaserefpolicy/policy/modules/apps/nsplugin.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,8 @@
 +
 +/usr/lib(64)?/nspluginwrapper/npviewer.bin	--	gen_context(system_u:object_r:nsplugin_exec_t,s0)
@@ -6165,7 +6364,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +HOME_DIR/\.gstreamer-.*			gen_context(system_u:object_r:user_nsplugin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
 --- nsaserefpolicy/policy/modules/apps/nsplugin.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,359 @@
 +
 +## <summary>policy for nsplugin</summary>
@@ -6528,7 +6727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
 --- nsaserefpolicy/policy/modules/apps/nsplugin.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,235 @@
 +
 +policy_module(nsplugin,1.0.0)
@@ -6767,14 +6966,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.3.1/policy/modules/apps/openoffice.fc
 --- nsaserefpolicy/policy/modules/apps/openoffice.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,3 @@
 +/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.3.1/policy/modules/apps/openoffice.if
 --- nsaserefpolicy/policy/modules/apps/openoffice.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,98 @@
 +## <summary>Openoffice</summary>
 +
@@ -6876,7 +7075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.3.1/policy/modules/apps/openoffice.te
 --- nsaserefpolicy/policy/modules/apps/openoffice.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,14 @@
 +
 +policy_module(openoffice,1.0.0)
@@ -6894,7 +7093,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.3.1/policy/modules/apps/screen.fc
 --- nsaserefpolicy/policy/modules/apps/screen.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,7 +1,7 @@
  #
  # /home
@@ -6906,7 +7105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.f
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.3.1/policy/modules/apps/screen.if
 --- nsaserefpolicy/policy/modules/apps/screen.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`screen_per_role_template',`
  	gen_require(`
@@ -6961,7 +7160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.i
  	kernel_read_kernel_sysctls($1_screen_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.te serefpolicy-3.3.1/policy/modules/apps/screen.te
 --- nsaserefpolicy/policy/modules/apps/screen.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.te	2009-01-13 19:18:30.000000000 +0100
 @@ -11,3 +11,7 @@
  
  type screen_exec_t;
@@ -6972,7 +7171,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.3.1/policy/modules/apps/slocate.te
 --- nsaserefpolicy/policy/modules/apps/slocate.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/slocate.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/slocate.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,7 +22,7 @@
  #
  
@@ -6992,7 +7191,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
  files_read_etc_files(locate_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.fc serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc
 --- nsaserefpolicy/policy/modules/apps/thunderbird.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -3,4 +3,4 @@
  #
  /usr/bin/thunderbird.*			--	gen_context(system_u:object_r:thunderbird_exec_t,s0)
@@ -7001,7 +7200,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
 +HOME_DIR/\.thunderbird(/.*)?			gen_context(system_u:object_r:user_thunderbird_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.if serefpolicy-3.3.1/policy/modules/apps/thunderbird.if
 --- nsaserefpolicy/policy/modules/apps/thunderbird.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.if	2009-01-13 19:18:30.000000000 +0100
 @@ -43,9 +43,9 @@
  	application_domain($1_thunderbird_t,thunderbird_exec_t)
  	role $3 types $1_thunderbird_t;
@@ -7060,7 +7259,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.te serefpolicy-3.3.1/policy/modules/apps/thunderbird.te
 --- nsaserefpolicy/policy/modules/apps/thunderbird.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,3 +8,7 @@
  
  type thunderbird_exec_t;
@@ -7071,7 +7270,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.if serefpolicy-3.3.1/policy/modules/apps/tvtime.if
 --- nsaserefpolicy/policy/modules/apps/tvtime.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/tvtime.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/tvtime.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,6 +35,7 @@
  template(`tvtime_per_role_template',`
  	gen_require(`
@@ -7149,7 +7348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.i
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.te serefpolicy-3.3.1/policy/modules/apps/tvtime.te
 --- nsaserefpolicy/policy/modules/apps/tvtime.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/tvtime.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/tvtime.te	2009-01-13 19:18:30.000000000 +0100
 @@ -11,3 +11,9 @@
  
  type tvtime_dir_t;
@@ -7162,7 +7361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.t
 +files_tmp_file(user_tvtime_tmp_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc serefpolicy-3.3.1/policy/modules/apps/uml.fc
 --- nsaserefpolicy/policy/modules/apps/uml.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/uml.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/uml.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,7 +1,7 @@
  #
  # HOME_DIR/
@@ -7174,7 +7373,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc s
  # /usr
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.3.1/policy/modules/apps/userhelper.if
 --- nsaserefpolicy/policy/modules/apps/userhelper.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/userhelper.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/userhelper.if	2009-01-13 19:18:30.000000000 +0100
 @@ -181,24 +181,6 @@
  		nscd_socket_use($1_userhelper_t)
  	')
@@ -7241,7 +7440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
  	allow $2 $1_userhelper_t:process sigchld;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetctl.if serefpolicy-3.3.1/policy/modules/apps/usernetctl.if
 --- nsaserefpolicy/policy/modules/apps/usernetctl.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.if	2009-01-13 19:18:30.000000000 +0100
 @@ -63,4 +63,8 @@
  	optional_policy(`
  		modutils_run_insmod(usernetctl_t,$2,$3)
@@ -7253,447 +7452,63083 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetc
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetctl.te serefpolicy-3.3.1/policy/modules/apps/usernetctl.te
 --- nsaserefpolicy/policy/modules/apps/usernetctl.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.te	2009-01-13 19:18:30.000000000 +0100
 @@ -49,15 +49,21 @@
  
  fs_search_auto_mountpoints(usernetctl_t)
  
 +auth_use_nsswitch(usernetctl_t)
 +
- libs_use_ld_so(usernetctl_t)
- libs_use_shared_libs(usernetctl_t)
- 
-+logging_send_syslog_msg(usernetctl_t)
+ libs_use_ld_so(usernetctl_t)
+ libs_use_shared_libs(usernetctl_t)
+ 
++logging_send_syslog_msg(usernetctl_t)
++
+ miscfiles_read_localization(usernetctl_t)
+ 
+ seutil_read_config(usernetctl_t)
+ 
+ sysnet_read_config(usernetctl_t)
+ 
++term_search_ptys(usernetctl_t)
++
+ optional_policy(`
+ 	hostname_exec(usernetctl_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.3.1/policy/modules/apps/vmware.fc
+--- nsaserefpolicy/policy/modules/apps/vmware.fc	2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.fc	2009-01-13 19:18:30.000000000 +0100
+@@ -1,9 +1,9 @@
+ #
+ # HOME_DIR/
+ #
+-HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+-HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
+-HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
++HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:user_vmware_file_t,s0)
++HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:user_vmware_conf_t,s0)
++HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:user_vmware_file_t,s0)
+ 
+ #
+ # /etc
+@@ -21,19 +21,25 @@
+ /usr/bin/vmware-nmbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-ping		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/sbin/vmware-guest.*		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd\.bin	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-vmx		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-wizard		--	gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/bin/vmware			--	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/sbin/vmware-serverd	--	gen_context(system_u:object_r:vmware_exec_t,s0)
+ 
+ /usr/lib/vmware/config		--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib/vmware/bin/vmware-mks	--	gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib/vmware/bin/vmware-ui	--	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ 
+ /usr/lib64/vmware/config	--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib64/vmware/bin/vmware-mks --	gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib64/vmware/bin/vmware-ui --	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ 
+ ifdef(`distro_gentoo',`
+ /opt/vmware/workstation/bin/vmnet-bridge --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+@@ -49,3 +55,8 @@
+ /opt/vmware/workstation/bin/vmware-wizard --	gen_context(system_u:object_r:vmware_exec_t,s0)
+ /opt/vmware/workstation/bin/vmware	--	gen_context(system_u:object_r:vmware_exec_t,s0)
+ ')
++/var/log/vmware.* 	--	gen_context(system_u:object_r:vmware_log_t,s0)
++/var/run/vmnat.* 	-s	gen_context(system_u:object_r:vmware_var_run_t,s0)
++/var/run/vmware.* 		gen_context(system_u:object_r:vmware_var_run_t,s0)
++/usr/lib/vmware-tools/sbin32/vmware.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/lib/vmware-tools/sbin64/vmware.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.3.1/policy/modules/apps/vmware.if
+--- nsaserefpolicy/policy/modules/apps/vmware.if	2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.if	2009-01-13 19:18:30.000000000 +0100
+@@ -164,7 +164,7 @@
+ 	sysnet_dns_name_resolve($1_vmware_t)
+ 	sysnet_read_config($1_vmware_t)
+ 
+-	xserver_user_client_template($1,$1_vmware_t,$1_vmware_tmpfs_t)
++	xserver_user_x_domain_template($1,$1_vmware,$1_vmware_t,$1_vmware_tmpfs_t)
+ ')
+ 
+ ########################################
+@@ -202,3 +202,22 @@
+ 
+ 	allow $1 vmware_sys_conf_t:file append;
+ ')
++
++########################################
++## <summary>
++##	Append to VMWare log files.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`vmware_append_log',`
++	gen_require(`
++		type vmware_log_t;
++	')
++
++	logging_search_logs($1)
++	append_files_pattern($1,vmware_log_t,vmware_log_t)
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.3.1/policy/modules/apps/vmware.te
+--- nsaserefpolicy/policy/modules/apps/vmware.te	2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.te	2009-01-13 19:18:30.000000000 +0100
+@@ -22,17 +22,21 @@
+ type vmware_var_run_t;
+ files_pid_file(vmware_var_run_t)
+ 
++type vmware_log_t;
++logging_log_file(vmware_log_t)
++
+ ########################################
+ #
+ # VMWare host local policy
+ #
+ 
+-allow vmware_host_t self:capability { setuid net_raw };
++allow vmware_host_t self:capability { setgid setuid net_raw };
+ dontaudit vmware_host_t self:capability sys_tty_config;
+-allow vmware_host_t self:process signal_perms;
++allow vmware_host_t self:process { execstack execmem signal_perms };
+ allow vmware_host_t self:fifo_file rw_fifo_file_perms;
+ allow vmware_host_t self:unix_stream_socket create_stream_socket_perms;
+ allow vmware_host_t self:rawip_socket create_socket_perms;
++allow vmware_host_t self:tcp_socket create_socket_perms;
+ 
+ # cjp: the ro and rw files should be split up
+ manage_files_pattern(vmware_host_t,vmware_sys_conf_t,vmware_sys_conf_t)
+@@ -41,6 +45,11 @@
+ manage_sock_files_pattern(vmware_host_t,vmware_var_run_t,vmware_var_run_t)
+ files_pid_filetrans(vmware_host_t,vmware_var_run_t,{ file sock_file })
+ 
++manage_files_pattern(vmware_host_t,vmware_log_t,vmware_log_t)	
++logging_log_filetrans(vmware_host_t,vmware_log_t,{ file dir })
++
++files_search_home(vmware_host_t)
++
+ kernel_read_kernel_sysctls(vmware_host_t)
+ kernel_list_proc(vmware_host_t)
+ kernel_read_proc_symlinks(vmware_host_t)
+@@ -63,6 +72,7 @@
+ corenet_sendrecv_all_server_packets(vmware_host_t)
+ 
+ dev_read_sysfs(vmware_host_t)
++dev_read_urand(vmware_host_t)
+ dev_rw_vmware(vmware_host_t)
+ 
+ domain_use_interactive_fds(vmware_host_t)
+@@ -99,14 +109,12 @@
+ ')
+ netutils_domtrans_ping(vmware_host_t)
+ 
+-ifdef(`TODO',`
+-# VMWare need access to pcmcia devices for network
+ optional_policy(`
+-allow kernel_t cardmgr_var_lib_t:dir { getattr search };
+-allow kernel_t cardmgr_var_lib_t:file { getattr ioctl read };
++	unconfined_domain(vmware_host_t)
+ ')
+-# Vmware create network devices
+-allow kernel_t self:capability net_admin;
+-allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
+-allow kernel_t self:socket create;
++
++optional_policy(`
++	xserver_xdm_rw_shm(vmware_host_t)
+ ')
++
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.3.1/policy/modules/apps/wine.fc
+--- nsaserefpolicy/policy/modules/apps/wine.fc	2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.fc	2009-01-13 19:18:30.000000000 +0100
+@@ -1,4 +1,6 @@
+ /usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
+ 
+-/opt/cxoffice/bin/wine		--	gen_context(system_u:object_r:wine_exec_t,s0)
+-/opt/picasa/wine/bin/wine	--	gen_context(system_u:object_r:wine_exec_t,s0)
++/opt/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
++/opt/picasa/wine/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
++/opt/google/picasa(/.*)?/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
++HOME_DIR/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.3.1/policy/modules/apps/wine.if
+--- nsaserefpolicy/policy/modules/apps/wine.if	2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.if	2009-01-13 19:18:30.000000000 +0100
+@@ -49,3 +49,53 @@
+ 	role $2 types wine_t;
+ 	allow wine_t $3:chr_file rw_term_perms;
+ ')
++
++#######################################
++## <summary>
++##	The per role template for the wine module.
++## </summary>
++## <desc>
++##	<p>
++##	This template creates a derived domains which are used
++##	for wine applications.
++##	</p>
++## </desc>
++## <param name="userdomain_prefix">
++##	<summary>
++##	The prefix of the user domain (e.g., user
++##	is the prefix for user_t).
++##	</summary>
++## </param>
++## <param name="user_domain">
++##	<summary>
++##	The type of the user domain.
++##	</summary>
++## </param>
++## <param name="user_role">
++##	<summary>
++##	The role associated with the user domain.
++##	</summary>
++## </param>
++#
++template(`wine_per_role_template',`
++	gen_require(`
++		type wine_exec_t;
++	')
++
++	type $1_wine_t;
++	domain_type($1_wine_t)
++	domain_entry_file($1_wine_t,wine_exec_t)
++	role $3 types $1_wine_t;
++
++	domain_interactive_fd($1_wine_t)
++
++	userdom_unpriv_usertype($1, $1_wine_t)
++
++	allow $1_wine_t self:process { execheap execmem };
++
++	domtrans_pattern($2, wine_exec_t, $1_wine_t)
++
++	optional_policy(`
++		xserver_xdm_rw_shm($1_wine_t)
++	')
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.3.1/policy/modules/apps/wine.te
+--- nsaserefpolicy/policy/modules/apps/wine.te	2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.te	2009-01-13 19:18:30.000000000 +0100
+@@ -9,6 +9,7 @@
+ type wine_t;
+ type wine_exec_t;
+ application_domain(wine_t,wine_exec_t)
++role system_r types wine_t;
+ 
+ ########################################
+ #
+@@ -17,10 +18,17 @@
+ 
+ optional_policy(`
+ 	allow wine_t self:process { execstack execmem execheap };
++	domain_mmap_low_type(wine_t)
++	domain_mmap_low(wine_t)
+ 	unconfined_domain_noaudit(wine_t)
+ 	files_execmod_all_files(wine_t)
+ 
+- 	optional_policy(`
+- 		hal_dbus_chat(wine_t)
+- 	')
++')
++
++optional_policy(`
++	hal_dbus_chat(wine_t)
++')
++
++optional_policy(`
++	xserver_xdm_rw_shm(wine_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2008-02-26 14:23:11.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc	2009-01-13 19:18:30.000000000 +0100
+@@ -7,11 +7,11 @@
+ /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/bin/git-shell		--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/sash			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/tcsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
+-
+ #
+ # /dev
+ #
+@@ -67,6 +67,12 @@
+ 
+ /etc/security/namespace.init    --      gen_context(system_u:object_r:bin_t,s0)
+ 
++
++/etc/sysconfig/crond		-- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/init		-- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/libvirtd		-- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/netconsole	-- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/readonly-root 	-- gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/network-scripts/ifup-.*	-- gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/network-scripts/ifup-.*	-l gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
+@@ -99,11 +105,6 @@
+ /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
+ ')
+ 
+-ifdef(`distro_redhat',`
+-/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
+-/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
+-')
+-
+ #
+ # /sbin
+ #
+@@ -127,6 +128,8 @@
+ /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
+ ')
+ 
++/opt/gutenprint/cups/lib/filter(/.*)?		gen_context(system_u:object_r:bin_t,s0)
++
+ #
+ # /usr
+ #
+@@ -144,10 +147,7 @@
+ /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/backend(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/cgi-bin/.*	--	gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/daemon(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/filter(/.*)?		gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups(/.*)? 		gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
+@@ -178,6 +178,8 @@
+ /usr/lib(64)?/xen/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
++/usr/libsexec/sesh		--	gen_context(system_u:object_r:shell_exec_t,s0)
++
+ /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
+@@ -185,8 +187,12 @@
+ /usr/local/Brother(/.*)?/lpd(/.*)?	gen_context(system_u:object_r:bin_t,s0)
+ /usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/local/Printer/[^/]*/lpd(/.*)?     	gen_context(system_u:object_r:bin_t,s0)
++/usr/local/linuxprinter/filters(/.*)?   gen_context(system_u:object_r:bin_t,s0)
+ 
++/usr/bin/scponly		--	gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/sbin/scponlyc		--	gen_context(system_u:object_r:shell_exec_t,s0)
+ /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/sbin/smrsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
+ 
+ /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
+@@ -213,9 +219,11 @@
+ /etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
+ 
+ /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
++/usr/lib64/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib/vmware-tools/sbin32(/.*)?      gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib64/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/vmware-tools/sbin32(/.*)?      gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/vmware-tools/sbin64(/.*)?      gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig\.py --	gen_context(system_u:object_r:bin_t,s0)
+@@ -223,7 +231,6 @@
+ /usr/share/clamav/clamd-gen	--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/clamav/freshclam-sleep --	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/fedora-usermgmt/wrapper --	gen_context(system_u:object_r:bin_t,s0)
+-/usr/share/hplip/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/hwbrowser/hwbrowser --	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/pydict/pydict\.py	--	gen_context(system_u:object_r:bin_t,s0)
+@@ -284,3 +291,12 @@
+ ifdef(`distro_suse',`
+ /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
+ ')
++/usr/lib(64)?/nspluginwrapper/npconfig	gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/nspluginwrapper/npviewer	gen_context(system_u:object_r:bin_t,s0)
++
++/usr/lib(64)?/ConsoleKit/scripts(/.*)?  gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/ConsoleKit/run-session.d(/.*)?  gen_context(system_u:object_r:bin_t,s0)
++/etc/ConsoleKit/run-session.d(/.*)?  gen_context(system_u:object_r:bin_t,s0)
++
++/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
++/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.3.1/policy/modules/kernel/corecommands.if
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if	2008-02-26 14:23:11.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.if	2009-01-13 19:18:30.000000000 +0100
+@@ -875,6 +875,7 @@
+ 
+ 	read_lnk_files_pattern($1,bin_t,bin_t)
+ 	can_exec($1,chroot_exec_t)
++	allow $1 self:capability sys_chroot;
+ ')
+ 
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if	2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,60874 @@
++#
++# This is a generated file!  Instead of modifying this file, the
++# corenetwork.if.in or corenetwork.if.m4 file should be modified.
++#
++## <summary>Policy controlling access to network objects</summary>
++## <required val="true">
++##	Contains the initial SIDs for network objects.
++## </required>
++
++########################################
++## <summary>
++##	Define type to be a network port type
++## </summary>
++## <desc>
++##	<p>
++##	Define type to be a network port type
++##	</p>
++##	<p>
++##	This is for supporting third party modules and its
++##	use is not allowed in upstream reference policy.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Type to be used for network ports.
++##	</summary>
++## </param>
++#
++interface(`corenet_port',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	typeattribute $1 port_type;
++')
++
++########################################
++## <summary>
++##	Define network type to be a reserved port (lt 1024)
++## </summary>
++## <desc>
++##	<p>
++##	Define network type to be a reserved port (lt 1024)
++##	</p>
++##	<p>
++##	This is for supporting third party modules and its
++##	use is not allowed in upstream reference policy.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Type to be used for network ports.
++##	</summary>
++## </param>
++#
++interface(`corenet_reserved_port',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	typeattribute $1 reserved_port_type;
++')
++
++########################################
++## <summary>
++##	Define network type to be a rpc port ( 512 lt PORT lt 1024)
++## </summary>
++## <desc>
++##	<p>
++##	Define network type to be a rpc port ( 512 lt PORT lt 1024)
++##	</p>
++##	<p>
++##	This is for supporting third party modules and its
++##	use is not allowed in upstream reference policy.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Type to be used for network ports.
++##	</summary>
++## </param>
++#
++interface(`corenet_rpc_port',`
++	gen_require(`
++		attribute rpc_port_type;
++	')
++
++	typeattribute $1 rpc_port_type;
++')
++
++########################################
++## <summary>
++##	Define type to be a network client packet type
++## </summary>
++## <desc>
++##	<p>
++##	Define type to be a network client packet type
++##	</p>
++##	<p>
++##	This is for supporting third party modules and its
++##	use is not allowed in upstream reference policy.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Type to be used for a network client packet.
++##	</summary>
++## </param>
++#
++interface(`corenet_client_packet',`
++	gen_require(`
++		attribute packet_type, client_packet_type;
++	')
++
++	typeattribute $1 client_packet_type, packet_type;
++')
++
++########################################
++## <summary>
++##	Define type to be a network server packet type
++## </summary>
++## <desc>
++##	<p>
++##	Define type to be a network server packet type
++##	</p>
++##	<p>
++##	This is for supporting third party modules and its
++##	use is not allowed in upstream reference policy.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Type to be used for a network server packet.
++##	</summary>
++## </param>
++#
++interface(`corenet_server_packet',`
++	gen_require(`
++		attribute packet_type, server_packet_type;
++	')
++
++	typeattribute $1 server_packet_type, packet_type;
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on the generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_generic_if',`
++	gen_require(`
++		type netif_t;
++	')
++
++	allow $1 netif_t:netif { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_generic_if',`
++	gen_require(`
++		type netif_t;
++	')
++
++	allow $1 netif_t:netif udp_send;
++')
++
++########################################
++## <summary>
++##	Dontaudit attempts to send UDP network traffic
++##	on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_send_generic_if',`
++	gen_require(`
++		type netif_t;
++	')
++
++	dontaudit $1 netif_t:netif udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_generic_if',`
++	gen_require(`
++		type netif_t;
++	')
++
++	allow $1 netif_t:netif udp_recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP network
++##	traffic on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_receive_generic_if',`
++	gen_require(`
++		type netif_t;
++	')
++
++	dontaudit $1 netif_t:netif udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and Receive UDP network traffic on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_generic_if',`
++	corenet_udp_send_generic_if($1)
++	corenet_udp_receive_generic_if($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive UDP network
++##	traffic on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_sendrecv_generic_if',`
++	corenet_dontaudit_udp_send_generic_if($1)
++	corenet_dontaudit_udp_receive_generic_if($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_send_generic_if',`
++	gen_require(`
++		type netif_t;
++	')
++
++	allow $1 netif_t:netif rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_receive_generic_if',`
++	gen_require(`
++		type netif_t;
++	')
++
++	allow $1 netif_t:netif rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on generic interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_sendrecv_generic_if',`
++	corenet_raw_send_generic_if($1)
++	corenet_raw_receive_generic_if($1)
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on all interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_sendrecv_all_if',`
++	gen_require(`
++		attribute netif_type;
++	')
++
++	allow $1 netif_type:netif { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on all interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_all_if',`
++	gen_require(`
++		attribute netif_type;
++	')
++
++	allow $1 netif_type:netif udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on all interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_all_if',`
++	gen_require(`
++		attribute netif_type;
++	')
++
++	allow $1 netif_type:netif udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on all interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_all_if',`
++	corenet_udp_send_all_if($1)
++	corenet_udp_receive_all_if($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on all interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_send_all_if',`
++	gen_require(`
++		attribute netif_type;
++	')
++
++	allow $1 netif_type:netif rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on all interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_receive_all_if',`
++	gen_require(`
++		attribute netif_type;
++	')
++
++	allow $1 netif_type:netif rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on all interfaces.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_sendrecv_all_if',`
++	corenet_raw_send_all_if($1)
++	corenet_raw_receive_all_if($1)
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_sendrecv_generic_node',`
++	gen_require(`
++		type node_t;
++	')
++
++	allow $1 node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_generic_node',`
++	gen_require(`
++		type node_t;
++	')
++
++	allow $1 node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_generic_node',`
++	gen_require(`
++		type node_t;
++	')
++
++	allow $1 node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_generic_node',`
++	corenet_udp_send_generic_node($1)
++	corenet_udp_receive_generic_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_send_generic_node',`
++	gen_require(`
++		type node_t;
++	')
++
++	allow $1 node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_receive_generic_node',`
++	gen_require(`
++		type node_t;
++	')
++
++	allow $1 node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_sendrecv_generic_node',`
++	corenet_raw_send_generic_node($1)
++	corenet_raw_receive_generic_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_generic_node',`
++	gen_require(`
++		type node_t;
++	')
++
++	allow $1 node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to generic nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_generic_node',`
++	gen_require(`
++		type node_t;
++	')
++
++	allow $1 node_t:udp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_sendrecv_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:node udp_send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP network
++##	traffic on any nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_send_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	dontaudit $1 node_type:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP
++##	network traffic on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_receive_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	dontaudit $1 node_type:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_all_nodes',`
++	corenet_udp_send_all_nodes($1)
++	corenet_udp_receive_all_nodes($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive UDP
++##	network traffic on any nodes nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_sendrecv_all_nodes',`
++	corenet_dontaudit_udp_send_all_nodes($1)
++	corenet_dontaudit_udp_receive_all_nodes($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_send_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_receive_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_sendrecv_all_nodes',`
++	corenet_raw_send_all_nodes($1)
++	corenet_raw_receive_all_nodes($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:udp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind raw sockets to all nodes.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++# rawip_socket node_bind does not make much sense.
++# cjp: vmware hits this too
++interface(`corenet_raw_bind_all_nodes',`
++	gen_require(`
++		attribute node_type;
++	')
++
++	allow $1 node_type:rawip_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_sendrecv_generic_port',`
++	gen_require(`
++		type port_t;
++	')
++
++	allow $1 port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Do not audit send and receive TCP network traffic on generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
++	gen_require(`
++		type port_t;
++	')
++
++	dontaudit $1 port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_generic_port',`
++	gen_require(`
++		type port_t;
++	')
++
++	allow $1 port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_generic_port',`
++	gen_require(`
++		type port_t;
++	')
++
++	allow $1 port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_generic_port',`
++	corenet_udp_send_generic_port($1)
++	corenet_udp_receive_generic_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_generic_port',`
++	gen_require(`
++		type port_t;
++		attribute port_type;
++	')
++
++	allow $1 port_t:tcp_socket name_bind;
++	dontaudit $1 { port_type -port_t }:tcp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Do not audit bind TCP sockets to generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_bind_generic_port',`
++	gen_require(`
++		type port_t;
++	')
++
++	dontaudit $1 port_t:tcp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_generic_port',`
++	gen_require(`
++		type port_t;
++		attribute port_type;
++	')
++
++	allow $1 port_t:udp_socket name_bind;
++	dontaudit $1 { port_type -port_t }:udp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Connect TCP sockets to generic ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_generic_port',`
++	gen_require(`
++		type port_t;
++	')
++
++	allow $1 port_t:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_sendrecv_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	allow $1 port_type:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	allow $1 port_type:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	allow $1 port_type:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_all_ports',`
++	corenet_udp_send_all_ports($1)
++	corenet_udp_receive_all_ports($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	allow $1 port_type:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Do not audit attepts to bind TCP sockets to any ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_bind_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	dontaudit $1 port_type:tcp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	allow $1 port_type:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Do not audit attepts to bind UDP sockets to any ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_bind_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	dontaudit $1 port_type:udp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Connect TCP sockets to all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	allow $1 port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to connect TCP sockets
++##	to all ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_connect_all_ports',`
++	gen_require(`
++		attribute port_type;
++	')
++
++	dontaudit $1 port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on generic reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_sendrecv_reserved_port',`
++	gen_require(`
++		type reserved_port_t;
++	')
++
++	allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on generic reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_reserved_port',`
++	gen_require(`
++		type reserved_port_t;
++	')
++
++	allow $1 reserved_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on generic reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_reserved_port',`
++	gen_require(`
++		type reserved_port_t;
++	')
++
++	allow $1 reserved_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on generic reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_reserved_port',`
++	corenet_udp_send_reserved_port($1)
++	corenet_udp_receive_reserved_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to generic reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_reserved_port',`
++	gen_require(`
++		type reserved_port_t;
++	')
++
++	allow $1 reserved_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to generic reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_reserved_port',`
++	gen_require(`
++		type reserved_port_t;
++	')
++
++	allow $1 reserved_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Connect TCP sockets to generic reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_reserved_port',`
++	gen_require(`
++		type reserved_port_t;
++	')
++
++	allow $1 reserved_port_t:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_sendrecv_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_send_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	allow $1 reserved_port_type:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_receive_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	allow $1 reserved_port_type:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_sendrecv_all_reserved_ports',`
++	corenet_udp_send_all_reserved_ports($1)
++	corenet_udp_receive_all_reserved_ports($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	allow $1 reserved_port_type:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to bind TCP sockets to all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	dontaudit $1 reserved_port_type:tcp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	allow $1 reserved_port_type:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to bind UDP sockets to all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	dontaudit $1 reserved_port_type:udp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to all ports > 1024.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_all_unreserved_ports',`
++	gen_require(`
++		attribute port_type;
++		type hi_reserved_port_t, reserved_port_t;
++	')
++
++	allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:tcp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to all ports > 1024.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_all_unreserved_ports',`
++	gen_require(`
++		attribute port_type;
++		type hi_reserved_port_t, reserved_port_t;
++	')
++
++	allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:udp_socket name_bind;
++')
++
++########################################
++## <summary>
++##      Connect TCP sockets to reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##      The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	allow $1 reserved_port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to connect TCP sockets
++##	all reserved ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
++	gen_require(`
++		attribute reserved_port_type;
++	')
++
++	dontaudit $1 reserved_port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##      Connect TCP sockets to rpc ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##      The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_all_rpc_ports',`
++	gen_require(`
++		attribute rpc_port_type;
++	')
++
++	allow $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to connect TCP sockets
++##	all rpc ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
++	gen_require(`
++		attribute rpc_port_type;
++	')
++
++	dontaudit $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++## <summary>
++##	Read and write the TUN/TAP virtual network device.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_rw_tun_tap_dev',`
++	gen_require(`
++		type tun_tap_device_t;
++	')
++
++	dev_list_all_dev_nodes($1)
++	allow $1 tun_tap_device_t:chr_file { getattr read write ioctl  lock append };
++')
++
++########################################
++## <summary>
++##	Read and write the point-to-point device.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_rw_ppp_dev',`
++	gen_require(`
++		type ppp_device_t;
++	')
++
++	dev_list_all_dev_nodes($1)
++	allow $1 ppp_device_t:chr_file rw_file_perms;
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to all RPC ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_bind_all_rpc_ports',`
++	gen_require(`
++		attribute rpc_port_type;
++	')
++
++	allow $1 rpc_port_type:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to bind TCP sockets to all RPC ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_bind_all_rpc_ports',`
++	gen_require(`
++		attribute rpc_port_type;
++	')
++
++	dontaudit $1 rpc_port_type:tcp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to all RPC ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process performing this action.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_bind_all_rpc_ports',`
++	gen_require(`
++		attribute rpc_port_type;
++	')
++
++	allow $1 rpc_port_type:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to bind UDP sockets to all RPC ports.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The type of the process to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_bind_all_rpc_ports',`
++	gen_require(`
++		attribute rpc_port_type;
++	')
++
++	dontaudit $1 rpc_port_type:udp_socket name_bind;
++')
++
++########################################
++## <summary>
++##	Send and receive messages on a
++##	non-encrypted (no IPSEC) network
++##	session.
++## </summary>
++## <desc>
++##	<p>
++##	Send and receive messages on a
++##	non-encrypted (no IPSEC) network
++##	session.  (Deprecated)
++##	</p>
++##	<p>
++##	The corenet_all_recvfrom_unlabeled() interface should be used instead
++##	of this one.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_non_ipsec_sendrecv',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_all_recvfrom_unlabeled() instead.')
++	corenet_all_recvfrom_unlabeled($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	messages on a non-encrypted (no IPSEC) network
++##	session.
++## </summary>
++## <desc>
++##	<p>
++##	Do not audit attempts to send and receive
++##	messages on a non-encrypted (no IPSEC) network
++##	session.
++##	</p>
++##	<p>
++##	The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
++##	used instead of this one.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_non_ipsec_sendrecv',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_all_recvfrom_unlabeled() instead.')
++	corenet_dontaudit_all_recvfrom_unlabeled($1)
++')
++
++########################################
++## <summary>
++##      Receive TCP packets from a NetLabel connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_recv_netlabel',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_tcp_recvfrom_netlabel() instead.')
++	corenet_tcp_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##      Receive TCP packets from a NetLabel connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	allow $1 netlabel_peer_t:tcp_socket recvfrom;
++')
++
++########################################
++## <summary>
++##      Receive TCP packets from an unlabled connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_recvfrom_unlabeled',`
++	kernel_tcp_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive TCP packets from a NetLabel
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_recv_netlabel',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_tcp_recvfrom_netlabel() instead.')
++	corenet_dontaudit_tcp_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive TCP packets from a NetLabel
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	dontaudit $1 netlabel_peer_t:tcp_socket recvfrom;
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive TCP packets from an unlabeled
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',`
++	kernel_dontaudit_tcp_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Receive UDP packets from a NetLabel connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_recv_netlabel',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_udp_recvfrom_netlabel() instead.')
++	corenet_udp_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##      Receive UDP packets from a NetLabel connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	allow $1 netlabel_peer_t:udp_socket recvfrom;
++')
++
++########################################
++## <summary>
++##      Receive UDP packets from an unlabeled connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_recvfrom_unlabeled',`
++	kernel_udp_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive UDP packets from a NetLabel
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_recv_netlabel',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_udp_recvfrom_netlabel($1) instead.')
++	corenet_dontaudit_udp_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive UDP packets from a NetLabel
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	dontaudit $1 netlabel_peer_t:udp_socket recvfrom;
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive UDP packets from an unlabeled
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_udp_recvfrom_unlabeled',`
++	kernel_dontaudit_udp_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Receive Raw IP packets from a NetLabel connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_recv_netlabel',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_raw_recvfrom_netlabel() instead.')
++	corenet_raw_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##      Receive Raw IP packets from a NetLabel connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	allow $1 netlabel_peer_t:rawip_socket recvfrom;
++')
++
++########################################
++## <summary>
++##      Receive Raw IP packets from an unlabeled connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_recvfrom_unlabeled',`
++	kernel_raw_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive Raw IP packets from a NetLabel
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_raw_recv_netlabel',`
++	refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_raw_recvfrom_netlabel() instead.')
++	corenet_dontaudit_raw_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive Raw IP packets from a NetLabel
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_raw_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	dontaudit $1 netlabel_peer_t:rawip_socket recvfrom;
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive Raw IP packets from an unlabeled
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
++	kernel_dontaudit_raw_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Receive packets from an unlabeled connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_all_recvfrom_unlabeled',`
++	kernel_tcp_recvfrom_unlabeled($1)
++	kernel_udp_recvfrom_unlabeled($1)
++	kernel_raw_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Receive packets from a NetLabel connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_all_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive packets from an unlabeled connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_all_recvfrom_unlabeled',`
++	kernel_dontaudit_tcp_recvfrom_unlabeled($1)
++	kernel_dontaudit_udp_recvfrom_unlabeled($1)
++	kernel_dontaudit_raw_recvfrom_unlabeled($1)
++
++	# XXX - at some point the oubound/send access check will be removed
++	# but for right now we need to keep this in place so as not to break
++	# older systems
++	kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++## <summary>
++##      Do not audit attempts to receive packets from a NetLabel
++##      connection.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++#
++interface(`corenet_dontaudit_all_recvfrom_netlabel',`
++	gen_require(`
++		type netlabel_peer_t;
++	')
++
++	dontaudit $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
++')
++
++########################################
++## <summary>
++##	Rules for receiving labeled TCP packets.
++## </summary>
++## <desc>
++##	<p>
++##	Rules for receiving labeled TCP packets.
++##	</p>
++##	<p>
++##	Due to the nature of TCP, this is bidirectional.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <param name="peer_domain">
++##	<summary>
++##	Peer domain.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_recvfrom_labeled',`
++	allow { $1 $2 } self:association sendto;
++	allow $1 $2:{ association tcp_socket } recvfrom;
++	allow $2 $1:{ association tcp_socket } recvfrom;
++
++	# Netlabel (CIPSO)-based labeled networking
++	# currently only supports MLS portion of label
++	corenet_tcp_recvfrom_netlabel($1)
++	corenet_tcp_recvfrom_netlabel($2)
++')
++
++########################################
++## <summary>
++##	Rules for receiving labeled UDP packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <param name="peer_domain">
++##	<summary>
++##	Peer domain.
++##	</summary>
++## </param>
++#
++interface(`corenet_udp_recvfrom_labeled',`
++	allow $2 self:association sendto;
++	allow $1 $2:{ association udp_socket } recvfrom;
++
++	# Netlabel (CIPSO)-based labeled networking
++	# currently only supports MLS portion of label
++	corenet_udp_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##	Rules for receiving labeled raw IP packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <param name="peer_domain">
++##	<summary>
++##	Peer domain.
++##	</summary>
++## </param>
++#
++interface(`corenet_raw_recvfrom_labeled',`
++	allow $2 self:association sendto;
++	allow $1 $2:{ association rawip_socket } recvfrom;
++
++	# Netlabel (CIPSO)-based labeled networking
++	# currently only supports MLS portion of label
++	corenet_raw_recvfrom_netlabel($1)
++')
++
++########################################
++## <summary>
++##	Rules for receiving labeled packets via TCP, UDP and raw IP.
++## </summary>
++## <desc>
++##	<p>
++##	Rules for receiving labeled packets via TCP, UDP and raw IP.
++##	</p>
++##	<p>
++##	Due to the nature of TCP, the rules (for TCP
++##	networking only) are bidirectional.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <param name="peer_domain">
++##	<summary>
++##	Peer domain.
++##	</summary>
++## </param>
++#
++interface(`corenet_all_recvfrom_labeled',`
++	corenet_tcp_recvfrom_labeled($1,$2)
++	corenet_udp_recvfrom_labeled($1,$2)
++	corenet_raw_recvfrom_labeled($1,$2)
++')
++
++########################################
++## <summary>
++##	Send generic client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_send_generic_client_packets',`
++	gen_require(`
++		type client_packet_t;
++	')
++
++	allow $1 client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive generic client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_receive_generic_client_packets',`
++	gen_require(`
++		type client_packet_t;
++	')
++
++	allow $1 client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive generic client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_sendrecv_generic_client_packets',`
++	corenet_send_generic_client_packets($1)
++	corenet_receive_generic_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to the generic client packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_generic_client_packets',`
++	gen_require(`
++		type client_packet_t;
++	')
++
++	allow $1 client_packet_t:packet relabelto;
++')
++
++########################################
++## <summary>
++##	Send generic server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_send_generic_server_packets',`
++	gen_require(`
++		type server_packet_t;
++	')
++
++	allow $1 server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive generic server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_receive_generic_server_packets',`
++	gen_require(`
++		type server_packet_t;
++	')
++
++	allow $1 server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive generic server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_sendrecv_generic_server_packets',`
++	corenet_send_generic_server_packets($1)
++	corenet_receive_generic_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to the generic server packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_generic_server_packets',`
++	gen_require(`
++		type server_packet_t;
++	')
++
++	allow $1 server_packet_t:packet relabelto;
++')
++
++########################################
++## <summary>
++##	Send and receive unlabeled packets.
++## </summary>
++## <desc>
++##	<p>
++##	Send and receive unlabeled packets.
++##	These packets do not match any netfilter
++##	SECMARK rules.
++##	</p>
++## </desc>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_sendrecv_unlabeled_packets',`
++	kernel_sendrecv_unlabeled_packets($1)
++')
++
++########################################
++## <summary>
++##	Send all client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_send_all_client_packets',`
++	gen_require(`
++		attribute client_packet_type;
++	')
++
++	allow $1 client_packet_type:packet send;
++')
++
++########################################
++## <summary>
++##	Receive all client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_receive_all_client_packets',`
++	gen_require(`
++		attribute client_packet_type;
++	')
++
++	allow $1 client_packet_type:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive all client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_sendrecv_all_client_packets',`
++	corenet_send_all_client_packets($1)
++	corenet_receive_all_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to any client packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_all_client_packets',`
++	gen_require(`
++		attribute client_packet_type;
++	')
++
++	allow $1 client_packet_type:packet relabelto;
++')
++
++########################################
++## <summary>
++##	Send all server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_send_all_server_packets',`
++	gen_require(`
++		attribute server_packet_type;
++	')
++
++	allow $1 server_packet_type:packet send;
++')
++
++########################################
++## <summary>
++##	Receive all server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_receive_all_server_packets',`
++	gen_require(`
++		attribute server_packet_type;
++	')
++
++	allow $1 server_packet_type:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive all server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_sendrecv_all_server_packets',`
++	corenet_send_all_server_packets($1)
++	corenet_receive_all_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to any server packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_all_server_packets',`
++	gen_require(`
++		attribute server_packet_type;
++	')
++
++	allow $1 server_packet_type:packet relabelto;
++')
++
++########################################
++## <summary>
++##	Send all packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_send_all_packets',`
++	gen_require(`
++		attribute packet_type;
++	')
++
++	allow $1 packet_type:packet send;
++')
++
++########################################
++## <summary>
++##	Receive all packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_receive_all_packets',`
++	gen_require(`
++		attribute packet_type;
++	')
++
++	allow $1 packet_type:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive all packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_sendrecv_all_packets',`
++	corenet_send_all_packets($1)
++	corenet_receive_all_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to any packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_all_packets',`
++	gen_require(`
++		attribute packet_type;
++	')
++
++	allow $1 packet_type:packet relabelto;
++')
++
++########################################
++## <summary>
++##	Unconfined access to network objects.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	The domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_unconfined',`
++	gen_require(`
++		attribute corenet_unconfined_type;
++	')
++
++	typeattribute $1 corenet_unconfined_type;
++')
++#
++# shiftn(num,list...)
++#
++# shift the list num times
++#
++
++
++########################################
++#
++# Network Interface generated macros 
++#
++########################################
++
++ 
++########################################
++#
++# Network node generated macros 
++#
++########################################
++
++ 
++########################################
++#
++# Network port generated macros 
++#
++########################################
++
++ 
++ 
++#
++# create_netif_*_interfaces(linux_interfacename)
++#
++
++
++
++#
++# network_interface(linux_interfacename,mls_sensitivity)
++#
++
++
++#
++# create_node_*_interfaces(node_name)
++#
++
++
++
++#
++# network_node(node_name,mls_sensitivity,address,netmask)
++#
++
++
++# These next three macros have formatting, and should not me indented
++ 
++#
++# create_port_*_interfaces(port_name, protocol,portnum,mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
++# (these wrap create_port_interfaces to handle attributes and types)
++
++
++
++#
++# network_port(port_name,protocol portnum mls_sensitivity [,protocol,portnum,mls_sensitivity[,...]])
++#
++
++
++#
++# network_packet(packet_name)
++#
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	allow $1 afs_bos_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	allow $1 afs_bos_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	dontaudit $1 afs_bos_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	allow $1 afs_bos_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	dontaudit $1 afs_bos_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_afs_bos_port',`
++	corenet_udp_send_afs_bos_port($1)
++	corenet_udp_receive_afs_bos_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_bos_port',`
++	corenet_dontaudit_udp_send_afs_bos_port($1)
++	corenet_dontaudit_udp_receive_afs_bos_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	allow $1 afs_bos_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	allow $1 afs_bos_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the afs_bos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_afs_bos_port',`
++	gen_require(`
++		type afs_bos_port_t;
++	')
++
++	allow $1 afs_bos_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send afs_bos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_bos_client_packets',`
++	gen_require(`
++		type afs_bos_client_packet_t;
++	')
++
++	allow $1 afs_bos_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_bos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_bos_client_packets',`
++	gen_require(`
++		type afs_bos_client_packet_t;
++	')
++
++	dontaudit $1 afs_bos_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_bos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_bos_client_packets',`
++	gen_require(`
++		type afs_bos_client_packet_t;
++	')
++
++	allow $1 afs_bos_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_bos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_bos_client_packets',`
++	gen_require(`
++		type afs_bos_client_packet_t;
++	')
++
++	dontaudit $1 afs_bos_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_bos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_bos_client_packets',`
++	corenet_send_afs_bos_client_packets($1)
++	corenet_receive_afs_bos_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_bos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_bos_client_packets',`
++	corenet_dontaudit_send_afs_bos_client_packets($1)
++	corenet_dontaudit_receive_afs_bos_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_bos_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_bos_client_packets',`
++	gen_require(`
++		type afs_bos_client_packet_t;
++	')
++
++	allow $1 afs_bos_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send afs_bos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_bos_server_packets',`
++	gen_require(`
++		type afs_bos_server_packet_t;
++	')
++
++	allow $1 afs_bos_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_bos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_bos_server_packets',`
++	gen_require(`
++		type afs_bos_server_packet_t;
++	')
++
++	dontaudit $1 afs_bos_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_bos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_bos_server_packets',`
++	gen_require(`
++		type afs_bos_server_packet_t;
++	')
++
++	allow $1 afs_bos_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_bos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_bos_server_packets',`
++	gen_require(`
++		type afs_bos_server_packet_t;
++	')
++
++	dontaudit $1 afs_bos_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_bos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_bos_server_packets',`
++	corenet_send_afs_bos_server_packets($1)
++	corenet_receive_afs_bos_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_bos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_bos_server_packets',`
++	corenet_dontaudit_send_afs_bos_server_packets($1)
++	corenet_dontaudit_receive_afs_bos_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_bos_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_bos_server_packets',`
++	gen_require(`
++		type afs_bos_server_packet_t;
++	')
++
++	allow $1 afs_bos_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	allow $1 afs_fs_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	allow $1 afs_fs_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	dontaudit $1 afs_fs_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	allow $1 afs_fs_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	dontaudit $1 afs_fs_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_afs_fs_port',`
++	corenet_udp_send_afs_fs_port($1)
++	corenet_udp_receive_afs_fs_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_fs_port',`
++	corenet_dontaudit_udp_send_afs_fs_port($1)
++	corenet_dontaudit_udp_receive_afs_fs_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	allow $1 afs_fs_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	allow $1 afs_fs_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the afs_fs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_afs_fs_port',`
++	gen_require(`
++		type afs_fs_port_t;
++	')
++
++	allow $1 afs_fs_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send afs_fs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_fs_client_packets',`
++	gen_require(`
++		type afs_fs_client_packet_t;
++	')
++
++	allow $1 afs_fs_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_fs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_fs_client_packets',`
++	gen_require(`
++		type afs_fs_client_packet_t;
++	')
++
++	dontaudit $1 afs_fs_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_fs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_fs_client_packets',`
++	gen_require(`
++		type afs_fs_client_packet_t;
++	')
++
++	allow $1 afs_fs_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_fs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_fs_client_packets',`
++	gen_require(`
++		type afs_fs_client_packet_t;
++	')
++
++	dontaudit $1 afs_fs_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_fs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_fs_client_packets',`
++	corenet_send_afs_fs_client_packets($1)
++	corenet_receive_afs_fs_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_fs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_fs_client_packets',`
++	corenet_dontaudit_send_afs_fs_client_packets($1)
++	corenet_dontaudit_receive_afs_fs_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_fs_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_fs_client_packets',`
++	gen_require(`
++		type afs_fs_client_packet_t;
++	')
++
++	allow $1 afs_fs_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send afs_fs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_fs_server_packets',`
++	gen_require(`
++		type afs_fs_server_packet_t;
++	')
++
++	allow $1 afs_fs_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_fs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_fs_server_packets',`
++	gen_require(`
++		type afs_fs_server_packet_t;
++	')
++
++	dontaudit $1 afs_fs_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_fs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_fs_server_packets',`
++	gen_require(`
++		type afs_fs_server_packet_t;
++	')
++
++	allow $1 afs_fs_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_fs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_fs_server_packets',`
++	gen_require(`
++		type afs_fs_server_packet_t;
++	')
++
++	dontaudit $1 afs_fs_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_fs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_fs_server_packets',`
++	corenet_send_afs_fs_server_packets($1)
++	corenet_receive_afs_fs_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_fs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_fs_server_packets',`
++	corenet_dontaudit_send_afs_fs_server_packets($1)
++	corenet_dontaudit_receive_afs_fs_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_fs_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_fs_server_packets',`
++	gen_require(`
++		type afs_fs_server_packet_t;
++	')
++
++	allow $1 afs_fs_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	allow $1 afs_ka_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	allow $1 afs_ka_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	dontaudit $1 afs_ka_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	allow $1 afs_ka_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	dontaudit $1 afs_ka_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_afs_ka_port',`
++	corenet_udp_send_afs_ka_port($1)
++	corenet_udp_receive_afs_ka_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_ka_port',`
++	corenet_dontaudit_udp_send_afs_ka_port($1)
++	corenet_dontaudit_udp_receive_afs_ka_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	allow $1 afs_ka_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	allow $1 afs_ka_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the afs_ka port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_afs_ka_port',`
++	gen_require(`
++		type afs_ka_port_t;
++	')
++
++	allow $1 afs_ka_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send afs_ka_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_ka_client_packets',`
++	gen_require(`
++		type afs_ka_client_packet_t;
++	')
++
++	allow $1 afs_ka_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_ka_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_ka_client_packets',`
++	gen_require(`
++		type afs_ka_client_packet_t;
++	')
++
++	dontaudit $1 afs_ka_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_ka_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_ka_client_packets',`
++	gen_require(`
++		type afs_ka_client_packet_t;
++	')
++
++	allow $1 afs_ka_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_ka_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_ka_client_packets',`
++	gen_require(`
++		type afs_ka_client_packet_t;
++	')
++
++	dontaudit $1 afs_ka_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_ka_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_ka_client_packets',`
++	corenet_send_afs_ka_client_packets($1)
++	corenet_receive_afs_ka_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_ka_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_ka_client_packets',`
++	corenet_dontaudit_send_afs_ka_client_packets($1)
++	corenet_dontaudit_receive_afs_ka_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_ka_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_ka_client_packets',`
++	gen_require(`
++		type afs_ka_client_packet_t;
++	')
++
++	allow $1 afs_ka_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send afs_ka_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_ka_server_packets',`
++	gen_require(`
++		type afs_ka_server_packet_t;
++	')
++
++	allow $1 afs_ka_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_ka_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_ka_server_packets',`
++	gen_require(`
++		type afs_ka_server_packet_t;
++	')
++
++	dontaudit $1 afs_ka_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_ka_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_ka_server_packets',`
++	gen_require(`
++		type afs_ka_server_packet_t;
++	')
++
++	allow $1 afs_ka_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_ka_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_ka_server_packets',`
++	gen_require(`
++		type afs_ka_server_packet_t;
++	')
++
++	dontaudit $1 afs_ka_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_ka_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_ka_server_packets',`
++	corenet_send_afs_ka_server_packets($1)
++	corenet_receive_afs_ka_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_ka_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_ka_server_packets',`
++	corenet_dontaudit_send_afs_ka_server_packets($1)
++	corenet_dontaudit_receive_afs_ka_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_ka_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_ka_server_packets',`
++	gen_require(`
++		type afs_ka_server_packet_t;
++	')
++
++	allow $1 afs_ka_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	allow $1 afs_pt_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	allow $1 afs_pt_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	dontaudit $1 afs_pt_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	allow $1 afs_pt_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	dontaudit $1 afs_pt_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_afs_pt_port',`
++	corenet_udp_send_afs_pt_port($1)
++	corenet_udp_receive_afs_pt_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_pt_port',`
++	corenet_dontaudit_udp_send_afs_pt_port($1)
++	corenet_dontaudit_udp_receive_afs_pt_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	allow $1 afs_pt_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	allow $1 afs_pt_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the afs_pt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_afs_pt_port',`
++	gen_require(`
++		type afs_pt_port_t;
++	')
++
++	allow $1 afs_pt_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send afs_pt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_pt_client_packets',`
++	gen_require(`
++		type afs_pt_client_packet_t;
++	')
++
++	allow $1 afs_pt_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_pt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_pt_client_packets',`
++	gen_require(`
++		type afs_pt_client_packet_t;
++	')
++
++	dontaudit $1 afs_pt_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_pt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_pt_client_packets',`
++	gen_require(`
++		type afs_pt_client_packet_t;
++	')
++
++	allow $1 afs_pt_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_pt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_pt_client_packets',`
++	gen_require(`
++		type afs_pt_client_packet_t;
++	')
++
++	dontaudit $1 afs_pt_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_pt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_pt_client_packets',`
++	corenet_send_afs_pt_client_packets($1)
++	corenet_receive_afs_pt_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_pt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_pt_client_packets',`
++	corenet_dontaudit_send_afs_pt_client_packets($1)
++	corenet_dontaudit_receive_afs_pt_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_pt_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_pt_client_packets',`
++	gen_require(`
++		type afs_pt_client_packet_t;
++	')
++
++	allow $1 afs_pt_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send afs_pt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_pt_server_packets',`
++	gen_require(`
++		type afs_pt_server_packet_t;
++	')
++
++	allow $1 afs_pt_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_pt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_pt_server_packets',`
++	gen_require(`
++		type afs_pt_server_packet_t;
++	')
++
++	dontaudit $1 afs_pt_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_pt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_pt_server_packets',`
++	gen_require(`
++		type afs_pt_server_packet_t;
++	')
++
++	allow $1 afs_pt_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_pt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_pt_server_packets',`
++	gen_require(`
++		type afs_pt_server_packet_t;
++	')
++
++	dontaudit $1 afs_pt_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_pt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_pt_server_packets',`
++	corenet_send_afs_pt_server_packets($1)
++	corenet_receive_afs_pt_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_pt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_pt_server_packets',`
++	corenet_dontaudit_send_afs_pt_server_packets($1)
++	corenet_dontaudit_receive_afs_pt_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_pt_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_pt_server_packets',`
++	gen_require(`
++		type afs_pt_server_packet_t;
++	')
++
++	allow $1 afs_pt_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	allow $1 afs_vl_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	allow $1 afs_vl_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	dontaudit $1 afs_vl_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	allow $1 afs_vl_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	dontaudit $1 afs_vl_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_afs_vl_port',`
++	corenet_udp_send_afs_vl_port($1)
++	corenet_udp_receive_afs_vl_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_vl_port',`
++	corenet_dontaudit_udp_send_afs_vl_port($1)
++	corenet_dontaudit_udp_receive_afs_vl_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	allow $1 afs_vl_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	allow $1 afs_vl_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the afs_vl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_afs_vl_port',`
++	gen_require(`
++		type afs_vl_port_t;
++	')
++
++	allow $1 afs_vl_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send afs_vl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_vl_client_packets',`
++	gen_require(`
++		type afs_vl_client_packet_t;
++	')
++
++	allow $1 afs_vl_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_vl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_vl_client_packets',`
++	gen_require(`
++		type afs_vl_client_packet_t;
++	')
++
++	dontaudit $1 afs_vl_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_vl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_vl_client_packets',`
++	gen_require(`
++		type afs_vl_client_packet_t;
++	')
++
++	allow $1 afs_vl_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_vl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_vl_client_packets',`
++	gen_require(`
++		type afs_vl_client_packet_t;
++	')
++
++	dontaudit $1 afs_vl_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_vl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_vl_client_packets',`
++	corenet_send_afs_vl_client_packets($1)
++	corenet_receive_afs_vl_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_vl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_vl_client_packets',`
++	corenet_dontaudit_send_afs_vl_client_packets($1)
++	corenet_dontaudit_receive_afs_vl_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_vl_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_vl_client_packets',`
++	gen_require(`
++		type afs_vl_client_packet_t;
++	')
++
++	allow $1 afs_vl_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send afs_vl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_afs_vl_server_packets',`
++	gen_require(`
++		type afs_vl_server_packet_t;
++	')
++
++	allow $1 afs_vl_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send afs_vl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_afs_vl_server_packets',`
++	gen_require(`
++		type afs_vl_server_packet_t;
++	')
++
++	dontaudit $1 afs_vl_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive afs_vl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_afs_vl_server_packets',`
++	gen_require(`
++		type afs_vl_server_packet_t;
++	')
++
++	allow $1 afs_vl_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive afs_vl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_afs_vl_server_packets',`
++	gen_require(`
++		type afs_vl_server_packet_t;
++	')
++
++	dontaudit $1 afs_vl_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive afs_vl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_afs_vl_server_packets',`
++	corenet_send_afs_vl_server_packets($1)
++	corenet_receive_afs_vl_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive afs_vl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_afs_vl_server_packets',`
++	corenet_dontaudit_send_afs_vl_server_packets($1)
++	corenet_dontaudit_receive_afs_vl_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to afs_vl_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_afs_vl_server_packets',`
++	gen_require(`
++		type afs_vl_server_packet_t;
++	')
++
++	allow $1 afs_vl_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	allow $1 amanda_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	allow $1 amanda_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	dontaudit $1 amanda_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	allow $1 amanda_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	dontaudit $1 amanda_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_amanda_port',`
++	corenet_udp_send_amanda_port($1)
++	corenet_udp_receive_amanda_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_amanda_port',`
++	corenet_dontaudit_udp_send_amanda_port($1)
++	corenet_dontaudit_udp_receive_amanda_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	allow $1 amanda_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	allow $1 amanda_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the amanda port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_amanda_port',`
++	gen_require(`
++		type amanda_port_t;
++	')
++
++	allow $1 amanda_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send amanda_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_amanda_client_packets',`
++	gen_require(`
++		type amanda_client_packet_t;
++	')
++
++	allow $1 amanda_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send amanda_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_amanda_client_packets',`
++	gen_require(`
++		type amanda_client_packet_t;
++	')
++
++	dontaudit $1 amanda_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive amanda_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_amanda_client_packets',`
++	gen_require(`
++		type amanda_client_packet_t;
++	')
++
++	allow $1 amanda_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive amanda_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_amanda_client_packets',`
++	gen_require(`
++		type amanda_client_packet_t;
++	')
++
++	dontaudit $1 amanda_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive amanda_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_amanda_client_packets',`
++	corenet_send_amanda_client_packets($1)
++	corenet_receive_amanda_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive amanda_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_amanda_client_packets',`
++	corenet_dontaudit_send_amanda_client_packets($1)
++	corenet_dontaudit_receive_amanda_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to amanda_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_amanda_client_packets',`
++	gen_require(`
++		type amanda_client_packet_t;
++	')
++
++	allow $1 amanda_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send amanda_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_amanda_server_packets',`
++	gen_require(`
++		type amanda_server_packet_t;
++	')
++
++	allow $1 amanda_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send amanda_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_amanda_server_packets',`
++	gen_require(`
++		type amanda_server_packet_t;
++	')
++
++	dontaudit $1 amanda_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive amanda_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_amanda_server_packets',`
++	gen_require(`
++		type amanda_server_packet_t;
++	')
++
++	allow $1 amanda_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive amanda_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_amanda_server_packets',`
++	gen_require(`
++		type amanda_server_packet_t;
++	')
++
++	dontaudit $1 amanda_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive amanda_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_amanda_server_packets',`
++	corenet_send_amanda_server_packets($1)
++	corenet_receive_amanda_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive amanda_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_amanda_server_packets',`
++	corenet_dontaudit_send_amanda_server_packets($1)
++	corenet_dontaudit_receive_amanda_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to amanda_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_amanda_server_packets',`
++	gen_require(`
++		type amanda_server_packet_t;
++	')
++
++	allow $1 amanda_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	allow $1 amavisd_recv_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	allow $1 amavisd_recv_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	dontaudit $1 amavisd_recv_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	allow $1 amavisd_recv_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	dontaudit $1 amavisd_recv_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_amavisd_recv_port',`
++	corenet_udp_send_amavisd_recv_port($1)
++	corenet_udp_receive_amavisd_recv_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_amavisd_recv_port',`
++	corenet_dontaudit_udp_send_amavisd_recv_port($1)
++	corenet_dontaudit_udp_receive_amavisd_recv_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	allow $1 amavisd_recv_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	allow $1 amavisd_recv_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the amavisd_recv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_amavisd_recv_port',`
++	gen_require(`
++		type amavisd_recv_port_t;
++	')
++
++	allow $1 amavisd_recv_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send amavisd_recv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_amavisd_recv_client_packets',`
++	gen_require(`
++		type amavisd_recv_client_packet_t;
++	')
++
++	allow $1 amavisd_recv_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send amavisd_recv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_amavisd_recv_client_packets',`
++	gen_require(`
++		type amavisd_recv_client_packet_t;
++	')
++
++	dontaudit $1 amavisd_recv_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive amavisd_recv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_amavisd_recv_client_packets',`
++	gen_require(`
++		type amavisd_recv_client_packet_t;
++	')
++
++	allow $1 amavisd_recv_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive amavisd_recv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_amavisd_recv_client_packets',`
++	gen_require(`
++		type amavisd_recv_client_packet_t;
++	')
++
++	dontaudit $1 amavisd_recv_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive amavisd_recv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_amavisd_recv_client_packets',`
++	corenet_send_amavisd_recv_client_packets($1)
++	corenet_receive_amavisd_recv_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive amavisd_recv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_recv_client_packets',`
++	corenet_dontaudit_send_amavisd_recv_client_packets($1)
++	corenet_dontaudit_receive_amavisd_recv_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to amavisd_recv_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_amavisd_recv_client_packets',`
++	gen_require(`
++		type amavisd_recv_client_packet_t;
++	')
++
++	allow $1 amavisd_recv_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send amavisd_recv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_amavisd_recv_server_packets',`
++	gen_require(`
++		type amavisd_recv_server_packet_t;
++	')
++
++	allow $1 amavisd_recv_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send amavisd_recv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_amavisd_recv_server_packets',`
++	gen_require(`
++		type amavisd_recv_server_packet_t;
++	')
++
++	dontaudit $1 amavisd_recv_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive amavisd_recv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_amavisd_recv_server_packets',`
++	gen_require(`
++		type amavisd_recv_server_packet_t;
++	')
++
++	allow $1 amavisd_recv_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive amavisd_recv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_amavisd_recv_server_packets',`
++	gen_require(`
++		type amavisd_recv_server_packet_t;
++	')
++
++	dontaudit $1 amavisd_recv_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive amavisd_recv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_amavisd_recv_server_packets',`
++	corenet_send_amavisd_recv_server_packets($1)
++	corenet_receive_amavisd_recv_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive amavisd_recv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_recv_server_packets',`
++	corenet_dontaudit_send_amavisd_recv_server_packets($1)
++	corenet_dontaudit_receive_amavisd_recv_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to amavisd_recv_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_amavisd_recv_server_packets',`
++	gen_require(`
++		type amavisd_recv_server_packet_t;
++	')
++
++	allow $1 amavisd_recv_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	allow $1 amavisd_send_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	allow $1 amavisd_send_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	dontaudit $1 amavisd_send_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	allow $1 amavisd_send_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	dontaudit $1 amavisd_send_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_amavisd_send_port',`
++	corenet_udp_send_amavisd_send_port($1)
++	corenet_udp_receive_amavisd_send_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_amavisd_send_port',`
++	corenet_dontaudit_udp_send_amavisd_send_port($1)
++	corenet_dontaudit_udp_receive_amavisd_send_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	allow $1 amavisd_send_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	allow $1 amavisd_send_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the amavisd_send port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_amavisd_send_port',`
++	gen_require(`
++		type amavisd_send_port_t;
++	')
++
++	allow $1 amavisd_send_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send amavisd_send_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_amavisd_send_client_packets',`
++	gen_require(`
++		type amavisd_send_client_packet_t;
++	')
++
++	allow $1 amavisd_send_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send amavisd_send_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_amavisd_send_client_packets',`
++	gen_require(`
++		type amavisd_send_client_packet_t;
++	')
++
++	dontaudit $1 amavisd_send_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive amavisd_send_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_amavisd_send_client_packets',`
++	gen_require(`
++		type amavisd_send_client_packet_t;
++	')
++
++	allow $1 amavisd_send_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive amavisd_send_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_amavisd_send_client_packets',`
++	gen_require(`
++		type amavisd_send_client_packet_t;
++	')
++
++	dontaudit $1 amavisd_send_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive amavisd_send_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_amavisd_send_client_packets',`
++	corenet_send_amavisd_send_client_packets($1)
++	corenet_receive_amavisd_send_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive amavisd_send_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_send_client_packets',`
++	corenet_dontaudit_send_amavisd_send_client_packets($1)
++	corenet_dontaudit_receive_amavisd_send_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to amavisd_send_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_amavisd_send_client_packets',`
++	gen_require(`
++		type amavisd_send_client_packet_t;
++	')
++
++	allow $1 amavisd_send_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send amavisd_send_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_amavisd_send_server_packets',`
++	gen_require(`
++		type amavisd_send_server_packet_t;
++	')
++
++	allow $1 amavisd_send_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send amavisd_send_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_amavisd_send_server_packets',`
++	gen_require(`
++		type amavisd_send_server_packet_t;
++	')
++
++	dontaudit $1 amavisd_send_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive amavisd_send_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_amavisd_send_server_packets',`
++	gen_require(`
++		type amavisd_send_server_packet_t;
++	')
++
++	allow $1 amavisd_send_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive amavisd_send_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_amavisd_send_server_packets',`
++	gen_require(`
++		type amavisd_send_server_packet_t;
++	')
++
++	dontaudit $1 amavisd_send_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive amavisd_send_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_amavisd_send_server_packets',`
++	corenet_send_amavisd_send_server_packets($1)
++	corenet_receive_amavisd_send_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive amavisd_send_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_send_server_packets',`
++	corenet_dontaudit_send_amavisd_send_server_packets($1)
++	corenet_dontaudit_receive_amavisd_send_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to amavisd_send_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_amavisd_send_server_packets',`
++	gen_require(`
++		type amavisd_send_server_packet_t;
++	')
++
++	allow $1 amavisd_send_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	allow $1 aol_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	allow $1 aol_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	dontaudit $1 aol_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	allow $1 aol_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	dontaudit $1 aol_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_aol_port',`
++	corenet_udp_send_aol_port($1)
++	corenet_udp_receive_aol_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_aol_port',`
++	corenet_dontaudit_udp_send_aol_port($1)
++	corenet_dontaudit_udp_receive_aol_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	allow $1 aol_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	allow $1 aol_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the aol port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_aol_port',`
++	gen_require(`
++		type aol_port_t;
++	')
++
++	allow $1 aol_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send aol_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_aol_client_packets',`
++	gen_require(`
++		type aol_client_packet_t;
++	')
++
++	allow $1 aol_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send aol_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_aol_client_packets',`
++	gen_require(`
++		type aol_client_packet_t;
++	')
++
++	dontaudit $1 aol_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive aol_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_aol_client_packets',`
++	gen_require(`
++		type aol_client_packet_t;
++	')
++
++	allow $1 aol_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive aol_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_aol_client_packets',`
++	gen_require(`
++		type aol_client_packet_t;
++	')
++
++	dontaudit $1 aol_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive aol_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_aol_client_packets',`
++	corenet_send_aol_client_packets($1)
++	corenet_receive_aol_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive aol_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_aol_client_packets',`
++	corenet_dontaudit_send_aol_client_packets($1)
++	corenet_dontaudit_receive_aol_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to aol_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_aol_client_packets',`
++	gen_require(`
++		type aol_client_packet_t;
++	')
++
++	allow $1 aol_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send aol_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_aol_server_packets',`
++	gen_require(`
++		type aol_server_packet_t;
++	')
++
++	allow $1 aol_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send aol_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_aol_server_packets',`
++	gen_require(`
++		type aol_server_packet_t;
++	')
++
++	dontaudit $1 aol_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive aol_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_aol_server_packets',`
++	gen_require(`
++		type aol_server_packet_t;
++	')
++
++	allow $1 aol_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive aol_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_aol_server_packets',`
++	gen_require(`
++		type aol_server_packet_t;
++	')
++
++	dontaudit $1 aol_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive aol_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_aol_server_packets',`
++	corenet_send_aol_server_packets($1)
++	corenet_receive_aol_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive aol_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_aol_server_packets',`
++	corenet_dontaudit_send_aol_server_packets($1)
++	corenet_dontaudit_receive_aol_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to aol_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_aol_server_packets',`
++	gen_require(`
++		type aol_server_packet_t;
++	')
++
++	allow $1 aol_server_packet_t:packet relabelto;
++')
++
++ 
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	allow $1 apcupsd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	allow $1 apcupsd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	dontaudit $1 apcupsd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	allow $1 apcupsd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	dontaudit $1 apcupsd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_apcupsd_port',`
++	corenet_udp_send_apcupsd_port($1)
++	corenet_udp_receive_apcupsd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_apcupsd_port',`
++	corenet_dontaudit_udp_send_apcupsd_port($1)
++	corenet_dontaudit_udp_receive_apcupsd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	allow $1 apcupsd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	allow $1 apcupsd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the apcupsd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_apcupsd_port',`
++	gen_require(`
++		type apcupsd_port_t;
++	')
++
++	allow $1 apcupsd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send apcupsd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_apcupsd_client_packets',`
++	gen_require(`
++		type apcupsd_client_packet_t;
++	')
++
++	allow $1 apcupsd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send apcupsd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_apcupsd_client_packets',`
++	gen_require(`
++		type apcupsd_client_packet_t;
++	')
++
++	dontaudit $1 apcupsd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive apcupsd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_apcupsd_client_packets',`
++	gen_require(`
++		type apcupsd_client_packet_t;
++	')
++
++	allow $1 apcupsd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive apcupsd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_apcupsd_client_packets',`
++	gen_require(`
++		type apcupsd_client_packet_t;
++	')
++
++	dontaudit $1 apcupsd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive apcupsd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_apcupsd_client_packets',`
++	corenet_send_apcupsd_client_packets($1)
++	corenet_receive_apcupsd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive apcupsd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_apcupsd_client_packets',`
++	corenet_dontaudit_send_apcupsd_client_packets($1)
++	corenet_dontaudit_receive_apcupsd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to apcupsd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_apcupsd_client_packets',`
++	gen_require(`
++		type apcupsd_client_packet_t;
++	')
++
++	allow $1 apcupsd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send apcupsd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_apcupsd_server_packets',`
++	gen_require(`
++		type apcupsd_server_packet_t;
++	')
++
++	allow $1 apcupsd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send apcupsd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_apcupsd_server_packets',`
++	gen_require(`
++		type apcupsd_server_packet_t;
++	')
++
++	dontaudit $1 apcupsd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive apcupsd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_apcupsd_server_packets',`
++	gen_require(`
++		type apcupsd_server_packet_t;
++	')
++
++	allow $1 apcupsd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive apcupsd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_apcupsd_server_packets',`
++	gen_require(`
++		type apcupsd_server_packet_t;
++	')
++
++	dontaudit $1 apcupsd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive apcupsd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_apcupsd_server_packets',`
++	corenet_send_apcupsd_server_packets($1)
++	corenet_receive_apcupsd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive apcupsd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_apcupsd_server_packets',`
++	corenet_dontaudit_send_apcupsd_server_packets($1)
++	corenet_dontaudit_receive_apcupsd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to apcupsd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_apcupsd_server_packets',`
++	gen_require(`
++		type apcupsd_server_packet_t;
++	')
++
++	allow $1 apcupsd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	allow $1 asterisk_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	allow $1 asterisk_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	dontaudit $1 asterisk_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	allow $1 asterisk_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	dontaudit $1 asterisk_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_asterisk_port',`
++	corenet_udp_send_asterisk_port($1)
++	corenet_udp_receive_asterisk_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_asterisk_port',`
++	corenet_dontaudit_udp_send_asterisk_port($1)
++	corenet_dontaudit_udp_receive_asterisk_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	allow $1 asterisk_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	allow $1 asterisk_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the asterisk port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_asterisk_port',`
++	gen_require(`
++		type asterisk_port_t;
++	')
++
++	allow $1 asterisk_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send asterisk_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_asterisk_client_packets',`
++	gen_require(`
++		type asterisk_client_packet_t;
++	')
++
++	allow $1 asterisk_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send asterisk_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_asterisk_client_packets',`
++	gen_require(`
++		type asterisk_client_packet_t;
++	')
++
++	dontaudit $1 asterisk_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive asterisk_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_asterisk_client_packets',`
++	gen_require(`
++		type asterisk_client_packet_t;
++	')
++
++	allow $1 asterisk_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive asterisk_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_asterisk_client_packets',`
++	gen_require(`
++		type asterisk_client_packet_t;
++	')
++
++	dontaudit $1 asterisk_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive asterisk_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_asterisk_client_packets',`
++	corenet_send_asterisk_client_packets($1)
++	corenet_receive_asterisk_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive asterisk_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_asterisk_client_packets',`
++	corenet_dontaudit_send_asterisk_client_packets($1)
++	corenet_dontaudit_receive_asterisk_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to asterisk_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_asterisk_client_packets',`
++	gen_require(`
++		type asterisk_client_packet_t;
++	')
++
++	allow $1 asterisk_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send asterisk_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_asterisk_server_packets',`
++	gen_require(`
++		type asterisk_server_packet_t;
++	')
++
++	allow $1 asterisk_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send asterisk_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_asterisk_server_packets',`
++	gen_require(`
++		type asterisk_server_packet_t;
++	')
++
++	dontaudit $1 asterisk_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive asterisk_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_asterisk_server_packets',`
++	gen_require(`
++		type asterisk_server_packet_t;
++	')
++
++	allow $1 asterisk_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive asterisk_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_asterisk_server_packets',`
++	gen_require(`
++		type asterisk_server_packet_t;
++	')
++
++	dontaudit $1 asterisk_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive asterisk_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_asterisk_server_packets',`
++	corenet_send_asterisk_server_packets($1)
++	corenet_receive_asterisk_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive asterisk_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_asterisk_server_packets',`
++	corenet_dontaudit_send_asterisk_server_packets($1)
++	corenet_dontaudit_receive_asterisk_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to asterisk_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_asterisk_server_packets',`
++	gen_require(`
++		type asterisk_server_packet_t;
++	')
++
++	allow $1 asterisk_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	allow $1 audit_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	allow $1 audit_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	dontaudit $1 audit_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	allow $1 audit_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	dontaudit $1 audit_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_audit_port',`
++	corenet_udp_send_audit_port($1)
++	corenet_udp_receive_audit_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_audit_port',`
++	corenet_dontaudit_udp_send_audit_port($1)
++	corenet_dontaudit_udp_receive_audit_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	allow $1 audit_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	allow $1 audit_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the audit port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_audit_port',`
++	gen_require(`
++		type audit_port_t;
++	')
++
++	allow $1 audit_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send audit_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_audit_client_packets',`
++	gen_require(`
++		type audit_client_packet_t;
++	')
++
++	allow $1 audit_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send audit_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_audit_client_packets',`
++	gen_require(`
++		type audit_client_packet_t;
++	')
++
++	dontaudit $1 audit_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive audit_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_audit_client_packets',`
++	gen_require(`
++		type audit_client_packet_t;
++	')
++
++	allow $1 audit_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive audit_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_audit_client_packets',`
++	gen_require(`
++		type audit_client_packet_t;
++	')
++
++	dontaudit $1 audit_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive audit_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_audit_client_packets',`
++	corenet_send_audit_client_packets($1)
++	corenet_receive_audit_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive audit_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_audit_client_packets',`
++	corenet_dontaudit_send_audit_client_packets($1)
++	corenet_dontaudit_receive_audit_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to audit_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_audit_client_packets',`
++	gen_require(`
++		type audit_client_packet_t;
++	')
++
++	allow $1 audit_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send audit_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_audit_server_packets',`
++	gen_require(`
++		type audit_server_packet_t;
++	')
++
++	allow $1 audit_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send audit_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_audit_server_packets',`
++	gen_require(`
++		type audit_server_packet_t;
++	')
++
++	dontaudit $1 audit_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive audit_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_audit_server_packets',`
++	gen_require(`
++		type audit_server_packet_t;
++	')
++
++	allow $1 audit_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive audit_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_audit_server_packets',`
++	gen_require(`
++		type audit_server_packet_t;
++	')
++
++	dontaudit $1 audit_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive audit_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_audit_server_packets',`
++	corenet_send_audit_server_packets($1)
++	corenet_receive_audit_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive audit_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_audit_server_packets',`
++	corenet_dontaudit_send_audit_server_packets($1)
++	corenet_dontaudit_receive_audit_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to audit_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_audit_server_packets',`
++	gen_require(`
++		type audit_server_packet_t;
++	')
++
++	allow $1 audit_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	allow $1 auth_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	allow $1 auth_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	dontaudit $1 auth_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	allow $1 auth_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	dontaudit $1 auth_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_auth_port',`
++	corenet_udp_send_auth_port($1)
++	corenet_udp_receive_auth_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_auth_port',`
++	corenet_dontaudit_udp_send_auth_port($1)
++	corenet_dontaudit_udp_receive_auth_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	allow $1 auth_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	allow $1 auth_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the auth port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_auth_port',`
++	gen_require(`
++		type auth_port_t;
++	')
++
++	allow $1 auth_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send auth_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_auth_client_packets',`
++	gen_require(`
++		type auth_client_packet_t;
++	')
++
++	allow $1 auth_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send auth_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_auth_client_packets',`
++	gen_require(`
++		type auth_client_packet_t;
++	')
++
++	dontaudit $1 auth_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive auth_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_auth_client_packets',`
++	gen_require(`
++		type auth_client_packet_t;
++	')
++
++	allow $1 auth_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive auth_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_auth_client_packets',`
++	gen_require(`
++		type auth_client_packet_t;
++	')
++
++	dontaudit $1 auth_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive auth_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_auth_client_packets',`
++	corenet_send_auth_client_packets($1)
++	corenet_receive_auth_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive auth_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_auth_client_packets',`
++	corenet_dontaudit_send_auth_client_packets($1)
++	corenet_dontaudit_receive_auth_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to auth_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_auth_client_packets',`
++	gen_require(`
++		type auth_client_packet_t;
++	')
++
++	allow $1 auth_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send auth_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_auth_server_packets',`
++	gen_require(`
++		type auth_server_packet_t;
++	')
++
++	allow $1 auth_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send auth_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_auth_server_packets',`
++	gen_require(`
++		type auth_server_packet_t;
++	')
++
++	dontaudit $1 auth_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive auth_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_auth_server_packets',`
++	gen_require(`
++		type auth_server_packet_t;
++	')
++
++	allow $1 auth_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive auth_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_auth_server_packets',`
++	gen_require(`
++		type auth_server_packet_t;
++	')
++
++	dontaudit $1 auth_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive auth_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_auth_server_packets',`
++	corenet_send_auth_server_packets($1)
++	corenet_receive_auth_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive auth_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_auth_server_packets',`
++	corenet_dontaudit_send_auth_server_packets($1)
++	corenet_dontaudit_receive_auth_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to auth_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_auth_server_packets',`
++	gen_require(`
++		type auth_server_packet_t;
++	')
++
++	allow $1 auth_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	allow $1 bgp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	allow $1 bgp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	dontaudit $1 bgp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	allow $1 bgp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	dontaudit $1 bgp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_bgp_port',`
++	corenet_udp_send_bgp_port($1)
++	corenet_udp_receive_bgp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_bgp_port',`
++	corenet_dontaudit_udp_send_bgp_port($1)
++	corenet_dontaudit_udp_receive_bgp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	allow $1 bgp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	allow $1 bgp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the bgp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_bgp_port',`
++	gen_require(`
++		type bgp_port_t;
++	')
++
++	allow $1 bgp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send bgp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_bgp_client_packets',`
++	gen_require(`
++		type bgp_client_packet_t;
++	')
++
++	allow $1 bgp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send bgp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_bgp_client_packets',`
++	gen_require(`
++		type bgp_client_packet_t;
++	')
++
++	dontaudit $1 bgp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive bgp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_bgp_client_packets',`
++	gen_require(`
++		type bgp_client_packet_t;
++	')
++
++	allow $1 bgp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive bgp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_bgp_client_packets',`
++	gen_require(`
++		type bgp_client_packet_t;
++	')
++
++	dontaudit $1 bgp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive bgp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_bgp_client_packets',`
++	corenet_send_bgp_client_packets($1)
++	corenet_receive_bgp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive bgp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_bgp_client_packets',`
++	corenet_dontaudit_send_bgp_client_packets($1)
++	corenet_dontaudit_receive_bgp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to bgp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_bgp_client_packets',`
++	gen_require(`
++		type bgp_client_packet_t;
++	')
++
++	allow $1 bgp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send bgp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_bgp_server_packets',`
++	gen_require(`
++		type bgp_server_packet_t;
++	')
++
++	allow $1 bgp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send bgp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_bgp_server_packets',`
++	gen_require(`
++		type bgp_server_packet_t;
++	')
++
++	dontaudit $1 bgp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive bgp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_bgp_server_packets',`
++	gen_require(`
++		type bgp_server_packet_t;
++	')
++
++	allow $1 bgp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive bgp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_bgp_server_packets',`
++	gen_require(`
++		type bgp_server_packet_t;
++	')
++
++	dontaudit $1 bgp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive bgp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_bgp_server_packets',`
++	corenet_send_bgp_server_packets($1)
++	corenet_receive_bgp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive bgp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_bgp_server_packets',`
++	corenet_dontaudit_send_bgp_server_packets($1)
++	corenet_dontaudit_receive_bgp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to bgp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_bgp_server_packets',`
++	gen_require(`
++		type bgp_server_packet_t;
++	')
++
++	allow $1 bgp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	allow $1 clamd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	allow $1 clamd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	dontaudit $1 clamd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	allow $1 clamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	dontaudit $1 clamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_clamd_port',`
++	corenet_udp_send_clamd_port($1)
++	corenet_udp_receive_clamd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_clamd_port',`
++	corenet_dontaudit_udp_send_clamd_port($1)
++	corenet_dontaudit_udp_receive_clamd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	allow $1 clamd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	allow $1 clamd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the clamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_clamd_port',`
++	gen_require(`
++		type clamd_port_t;
++	')
++
++	allow $1 clamd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send clamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_clamd_client_packets',`
++	gen_require(`
++		type clamd_client_packet_t;
++	')
++
++	allow $1 clamd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send clamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_clamd_client_packets',`
++	gen_require(`
++		type clamd_client_packet_t;
++	')
++
++	dontaudit $1 clamd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive clamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_clamd_client_packets',`
++	gen_require(`
++		type clamd_client_packet_t;
++	')
++
++	allow $1 clamd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive clamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_clamd_client_packets',`
++	gen_require(`
++		type clamd_client_packet_t;
++	')
++
++	dontaudit $1 clamd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive clamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_clamd_client_packets',`
++	corenet_send_clamd_client_packets($1)
++	corenet_receive_clamd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive clamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_clamd_client_packets',`
++	corenet_dontaudit_send_clamd_client_packets($1)
++	corenet_dontaudit_receive_clamd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to clamd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_clamd_client_packets',`
++	gen_require(`
++		type clamd_client_packet_t;
++	')
++
++	allow $1 clamd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send clamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_clamd_server_packets',`
++	gen_require(`
++		type clamd_server_packet_t;
++	')
++
++	allow $1 clamd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send clamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_clamd_server_packets',`
++	gen_require(`
++		type clamd_server_packet_t;
++	')
++
++	dontaudit $1 clamd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive clamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_clamd_server_packets',`
++	gen_require(`
++		type clamd_server_packet_t;
++	')
++
++	allow $1 clamd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive clamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_clamd_server_packets',`
++	gen_require(`
++		type clamd_server_packet_t;
++	')
++
++	dontaudit $1 clamd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive clamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_clamd_server_packets',`
++	corenet_send_clamd_server_packets($1)
++	corenet_receive_clamd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive clamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_clamd_server_packets',`
++	corenet_dontaudit_send_clamd_server_packets($1)
++	corenet_dontaudit_receive_clamd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to clamd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_clamd_server_packets',`
++	gen_require(`
++		type clamd_server_packet_t;
++	')
++
++	allow $1 clamd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	allow $1 clockspeed_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	allow $1 clockspeed_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	dontaudit $1 clockspeed_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	allow $1 clockspeed_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	dontaudit $1 clockspeed_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_clockspeed_port',`
++	corenet_udp_send_clockspeed_port($1)
++	corenet_udp_receive_clockspeed_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_clockspeed_port',`
++	corenet_dontaudit_udp_send_clockspeed_port($1)
++	corenet_dontaudit_udp_receive_clockspeed_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	allow $1 clockspeed_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	allow $1 clockspeed_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the clockspeed port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_clockspeed_port',`
++	gen_require(`
++		type clockspeed_port_t;
++	')
++
++	allow $1 clockspeed_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send clockspeed_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_clockspeed_client_packets',`
++	gen_require(`
++		type clockspeed_client_packet_t;
++	')
++
++	allow $1 clockspeed_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send clockspeed_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_clockspeed_client_packets',`
++	gen_require(`
++		type clockspeed_client_packet_t;
++	')
++
++	dontaudit $1 clockspeed_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive clockspeed_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_clockspeed_client_packets',`
++	gen_require(`
++		type clockspeed_client_packet_t;
++	')
++
++	allow $1 clockspeed_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive clockspeed_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_clockspeed_client_packets',`
++	gen_require(`
++		type clockspeed_client_packet_t;
++	')
++
++	dontaudit $1 clockspeed_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive clockspeed_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_clockspeed_client_packets',`
++	corenet_send_clockspeed_client_packets($1)
++	corenet_receive_clockspeed_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive clockspeed_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_clockspeed_client_packets',`
++	corenet_dontaudit_send_clockspeed_client_packets($1)
++	corenet_dontaudit_receive_clockspeed_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to clockspeed_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_clockspeed_client_packets',`
++	gen_require(`
++		type clockspeed_client_packet_t;
++	')
++
++	allow $1 clockspeed_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send clockspeed_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_clockspeed_server_packets',`
++	gen_require(`
++		type clockspeed_server_packet_t;
++	')
++
++	allow $1 clockspeed_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send clockspeed_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_clockspeed_server_packets',`
++	gen_require(`
++		type clockspeed_server_packet_t;
++	')
++
++	dontaudit $1 clockspeed_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive clockspeed_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_clockspeed_server_packets',`
++	gen_require(`
++		type clockspeed_server_packet_t;
++	')
++
++	allow $1 clockspeed_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive clockspeed_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_clockspeed_server_packets',`
++	gen_require(`
++		type clockspeed_server_packet_t;
++	')
++
++	dontaudit $1 clockspeed_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive clockspeed_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_clockspeed_server_packets',`
++	corenet_send_clockspeed_server_packets($1)
++	corenet_receive_clockspeed_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive clockspeed_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_clockspeed_server_packets',`
++	corenet_dontaudit_send_clockspeed_server_packets($1)
++	corenet_dontaudit_receive_clockspeed_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to clockspeed_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_clockspeed_server_packets',`
++	gen_require(`
++		type clockspeed_server_packet_t;
++	')
++
++	allow $1 clockspeed_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	allow $1 cluster_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	allow $1 cluster_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	dontaudit $1 cluster_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	allow $1 cluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	dontaudit $1 cluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_cluster_port',`
++	corenet_udp_send_cluster_port($1)
++	corenet_udp_receive_cluster_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_cluster_port',`
++	corenet_dontaudit_udp_send_cluster_port($1)
++	corenet_dontaudit_udp_receive_cluster_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	allow $1 cluster_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	allow $1 cluster_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the cluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_cluster_port',`
++	gen_require(`
++		type cluster_port_t;
++	')
++
++	allow $1 cluster_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send cluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_cluster_client_packets',`
++	gen_require(`
++		type cluster_client_packet_t;
++	')
++
++	allow $1 cluster_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send cluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_cluster_client_packets',`
++	gen_require(`
++		type cluster_client_packet_t;
++	')
++
++	dontaudit $1 cluster_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive cluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_cluster_client_packets',`
++	gen_require(`
++		type cluster_client_packet_t;
++	')
++
++	allow $1 cluster_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive cluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_cluster_client_packets',`
++	gen_require(`
++		type cluster_client_packet_t;
++	')
++
++	dontaudit $1 cluster_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive cluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_cluster_client_packets',`
++	corenet_send_cluster_client_packets($1)
++	corenet_receive_cluster_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive cluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_cluster_client_packets',`
++	corenet_dontaudit_send_cluster_client_packets($1)
++	corenet_dontaudit_receive_cluster_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to cluster_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_cluster_client_packets',`
++	gen_require(`
++		type cluster_client_packet_t;
++	')
++
++	allow $1 cluster_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send cluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_cluster_server_packets',`
++	gen_require(`
++		type cluster_server_packet_t;
++	')
++
++	allow $1 cluster_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send cluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_cluster_server_packets',`
++	gen_require(`
++		type cluster_server_packet_t;
++	')
++
++	dontaudit $1 cluster_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive cluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_cluster_server_packets',`
++	gen_require(`
++		type cluster_server_packet_t;
++	')
++
++	allow $1 cluster_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive cluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_cluster_server_packets',`
++	gen_require(`
++		type cluster_server_packet_t;
++	')
++
++	dontaudit $1 cluster_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive cluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_cluster_server_packets',`
++	corenet_send_cluster_server_packets($1)
++	corenet_receive_cluster_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive cluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_cluster_server_packets',`
++	corenet_dontaudit_send_cluster_server_packets($1)
++	corenet_dontaudit_receive_cluster_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to cluster_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_cluster_server_packets',`
++	gen_require(`
++		type cluster_server_packet_t;
++	')
++
++	allow $1 cluster_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	allow $1 comsat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	allow $1 comsat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	dontaudit $1 comsat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	allow $1 comsat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	dontaudit $1 comsat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_comsat_port',`
++	corenet_udp_send_comsat_port($1)
++	corenet_udp_receive_comsat_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_comsat_port',`
++	corenet_dontaudit_udp_send_comsat_port($1)
++	corenet_dontaudit_udp_receive_comsat_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	allow $1 comsat_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	allow $1 comsat_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the comsat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_comsat_port',`
++	gen_require(`
++		type comsat_port_t;
++	')
++
++	allow $1 comsat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send comsat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_comsat_client_packets',`
++	gen_require(`
++		type comsat_client_packet_t;
++	')
++
++	allow $1 comsat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send comsat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_comsat_client_packets',`
++	gen_require(`
++		type comsat_client_packet_t;
++	')
++
++	dontaudit $1 comsat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive comsat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_comsat_client_packets',`
++	gen_require(`
++		type comsat_client_packet_t;
++	')
++
++	allow $1 comsat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive comsat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_comsat_client_packets',`
++	gen_require(`
++		type comsat_client_packet_t;
++	')
++
++	dontaudit $1 comsat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive comsat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_comsat_client_packets',`
++	corenet_send_comsat_client_packets($1)
++	corenet_receive_comsat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive comsat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_comsat_client_packets',`
++	corenet_dontaudit_send_comsat_client_packets($1)
++	corenet_dontaudit_receive_comsat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to comsat_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_comsat_client_packets',`
++	gen_require(`
++		type comsat_client_packet_t;
++	')
++
++	allow $1 comsat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send comsat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_comsat_server_packets',`
++	gen_require(`
++		type comsat_server_packet_t;
++	')
++
++	allow $1 comsat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send comsat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_comsat_server_packets',`
++	gen_require(`
++		type comsat_server_packet_t;
++	')
++
++	dontaudit $1 comsat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive comsat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_comsat_server_packets',`
++	gen_require(`
++		type comsat_server_packet_t;
++	')
++
++	allow $1 comsat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive comsat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_comsat_server_packets',`
++	gen_require(`
++		type comsat_server_packet_t;
++	')
++
++	dontaudit $1 comsat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive comsat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_comsat_server_packets',`
++	corenet_send_comsat_server_packets($1)
++	corenet_receive_comsat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive comsat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_comsat_server_packets',`
++	corenet_dontaudit_send_comsat_server_packets($1)
++	corenet_dontaudit_receive_comsat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to comsat_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_comsat_server_packets',`
++	gen_require(`
++		type comsat_server_packet_t;
++	')
++
++	allow $1 comsat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	allow $1 cyphesis_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	allow $1 cyphesis_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	dontaudit $1 cyphesis_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	allow $1 cyphesis_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	dontaudit $1 cyphesis_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_cyphesis_port',`
++	corenet_udp_send_cyphesis_port($1)
++	corenet_udp_receive_cyphesis_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_cyphesis_port',`
++	corenet_dontaudit_udp_send_cyphesis_port($1)
++	corenet_dontaudit_udp_receive_cyphesis_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	allow $1 cyphesis_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	allow $1 cyphesis_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the cyphesis port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_cyphesis_port',`
++	gen_require(`
++		type cyphesis_port_t;
++	')
++
++	allow $1 cyphesis_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send cyphesis_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_cyphesis_client_packets',`
++	gen_require(`
++		type cyphesis_client_packet_t;
++	')
++
++	allow $1 cyphesis_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send cyphesis_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_cyphesis_client_packets',`
++	gen_require(`
++		type cyphesis_client_packet_t;
++	')
++
++	dontaudit $1 cyphesis_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive cyphesis_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_cyphesis_client_packets',`
++	gen_require(`
++		type cyphesis_client_packet_t;
++	')
++
++	allow $1 cyphesis_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive cyphesis_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_cyphesis_client_packets',`
++	gen_require(`
++		type cyphesis_client_packet_t;
++	')
++
++	dontaudit $1 cyphesis_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive cyphesis_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_cyphesis_client_packets',`
++	corenet_send_cyphesis_client_packets($1)
++	corenet_receive_cyphesis_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive cyphesis_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_cyphesis_client_packets',`
++	corenet_dontaudit_send_cyphesis_client_packets($1)
++	corenet_dontaudit_receive_cyphesis_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to cyphesis_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_cyphesis_client_packets',`
++	gen_require(`
++		type cyphesis_client_packet_t;
++	')
++
++	allow $1 cyphesis_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send cyphesis_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_cyphesis_server_packets',`
++	gen_require(`
++		type cyphesis_server_packet_t;
++	')
++
++	allow $1 cyphesis_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send cyphesis_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_cyphesis_server_packets',`
++	gen_require(`
++		type cyphesis_server_packet_t;
++	')
++
++	dontaudit $1 cyphesis_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive cyphesis_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_cyphesis_server_packets',`
++	gen_require(`
++		type cyphesis_server_packet_t;
++	')
++
++	allow $1 cyphesis_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive cyphesis_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_cyphesis_server_packets',`
++	gen_require(`
++		type cyphesis_server_packet_t;
++	')
++
++	dontaudit $1 cyphesis_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive cyphesis_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_cyphesis_server_packets',`
++	corenet_send_cyphesis_server_packets($1)
++	corenet_receive_cyphesis_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive cyphesis_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_cyphesis_server_packets',`
++	corenet_dontaudit_send_cyphesis_server_packets($1)
++	corenet_dontaudit_receive_cyphesis_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to cyphesis_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_cyphesis_server_packets',`
++	gen_require(`
++		type cyphesis_server_packet_t;
++	')
++
++	allow $1 cyphesis_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	allow $1 cvs_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	allow $1 cvs_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	dontaudit $1 cvs_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	allow $1 cvs_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	dontaudit $1 cvs_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_cvs_port',`
++	corenet_udp_send_cvs_port($1)
++	corenet_udp_receive_cvs_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_cvs_port',`
++	corenet_dontaudit_udp_send_cvs_port($1)
++	corenet_dontaudit_udp_receive_cvs_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	allow $1 cvs_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	allow $1 cvs_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the cvs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_cvs_port',`
++	gen_require(`
++		type cvs_port_t;
++	')
++
++	allow $1 cvs_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send cvs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_cvs_client_packets',`
++	gen_require(`
++		type cvs_client_packet_t;
++	')
++
++	allow $1 cvs_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send cvs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_cvs_client_packets',`
++	gen_require(`
++		type cvs_client_packet_t;
++	')
++
++	dontaudit $1 cvs_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive cvs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_cvs_client_packets',`
++	gen_require(`
++		type cvs_client_packet_t;
++	')
++
++	allow $1 cvs_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive cvs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_cvs_client_packets',`
++	gen_require(`
++		type cvs_client_packet_t;
++	')
++
++	dontaudit $1 cvs_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive cvs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_cvs_client_packets',`
++	corenet_send_cvs_client_packets($1)
++	corenet_receive_cvs_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive cvs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_cvs_client_packets',`
++	corenet_dontaudit_send_cvs_client_packets($1)
++	corenet_dontaudit_receive_cvs_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to cvs_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_cvs_client_packets',`
++	gen_require(`
++		type cvs_client_packet_t;
++	')
++
++	allow $1 cvs_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send cvs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_cvs_server_packets',`
++	gen_require(`
++		type cvs_server_packet_t;
++	')
++
++	allow $1 cvs_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send cvs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_cvs_server_packets',`
++	gen_require(`
++		type cvs_server_packet_t;
++	')
++
++	dontaudit $1 cvs_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive cvs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_cvs_server_packets',`
++	gen_require(`
++		type cvs_server_packet_t;
++	')
++
++	allow $1 cvs_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive cvs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_cvs_server_packets',`
++	gen_require(`
++		type cvs_server_packet_t;
++	')
++
++	dontaudit $1 cvs_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive cvs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_cvs_server_packets',`
++	corenet_send_cvs_server_packets($1)
++	corenet_receive_cvs_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive cvs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_cvs_server_packets',`
++	corenet_dontaudit_send_cvs_server_packets($1)
++	corenet_dontaudit_receive_cvs_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to cvs_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_cvs_server_packets',`
++	gen_require(`
++		type cvs_server_packet_t;
++	')
++
++	allow $1 cvs_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	allow $1 dcc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	allow $1 dcc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	dontaudit $1 dcc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	allow $1 dcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	dontaudit $1 dcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_dcc_port',`
++	corenet_udp_send_dcc_port($1)
++	corenet_udp_receive_dcc_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_dcc_port',`
++	corenet_dontaudit_udp_send_dcc_port($1)
++	corenet_dontaudit_udp_receive_dcc_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	allow $1 dcc_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	allow $1 dcc_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the dcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_dcc_port',`
++	gen_require(`
++		type dcc_port_t;
++	')
++
++	allow $1 dcc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send dcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dcc_client_packets',`
++	gen_require(`
++		type dcc_client_packet_t;
++	')
++
++	allow $1 dcc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dcc_client_packets',`
++	gen_require(`
++		type dcc_client_packet_t;
++	')
++
++	dontaudit $1 dcc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dcc_client_packets',`
++	gen_require(`
++		type dcc_client_packet_t;
++	')
++
++	allow $1 dcc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dcc_client_packets',`
++	gen_require(`
++		type dcc_client_packet_t;
++	')
++
++	dontaudit $1 dcc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dcc_client_packets',`
++	corenet_send_dcc_client_packets($1)
++	corenet_receive_dcc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dcc_client_packets',`
++	corenet_dontaudit_send_dcc_client_packets($1)
++	corenet_dontaudit_receive_dcc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dcc_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dcc_client_packets',`
++	gen_require(`
++		type dcc_client_packet_t;
++	')
++
++	allow $1 dcc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send dcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dcc_server_packets',`
++	gen_require(`
++		type dcc_server_packet_t;
++	')
++
++	allow $1 dcc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dcc_server_packets',`
++	gen_require(`
++		type dcc_server_packet_t;
++	')
++
++	dontaudit $1 dcc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dcc_server_packets',`
++	gen_require(`
++		type dcc_server_packet_t;
++	')
++
++	allow $1 dcc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dcc_server_packets',`
++	gen_require(`
++		type dcc_server_packet_t;
++	')
++
++	dontaudit $1 dcc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dcc_server_packets',`
++	corenet_send_dcc_server_packets($1)
++	corenet_receive_dcc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dcc_server_packets',`
++	corenet_dontaudit_send_dcc_server_packets($1)
++	corenet_dontaudit_receive_dcc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dcc_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dcc_server_packets',`
++	gen_require(`
++		type dcc_server_packet_t;
++	')
++
++	allow $1 dcc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	allow $1 dbskkd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	allow $1 dbskkd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	dontaudit $1 dbskkd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	allow $1 dbskkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	dontaudit $1 dbskkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_dbskkd_port',`
++	corenet_udp_send_dbskkd_port($1)
++	corenet_udp_receive_dbskkd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_dbskkd_port',`
++	corenet_dontaudit_udp_send_dbskkd_port($1)
++	corenet_dontaudit_udp_receive_dbskkd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	allow $1 dbskkd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	allow $1 dbskkd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the dbskkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_dbskkd_port',`
++	gen_require(`
++		type dbskkd_port_t;
++	')
++
++	allow $1 dbskkd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send dbskkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dbskkd_client_packets',`
++	gen_require(`
++		type dbskkd_client_packet_t;
++	')
++
++	allow $1 dbskkd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dbskkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dbskkd_client_packets',`
++	gen_require(`
++		type dbskkd_client_packet_t;
++	')
++
++	dontaudit $1 dbskkd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dbskkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dbskkd_client_packets',`
++	gen_require(`
++		type dbskkd_client_packet_t;
++	')
++
++	allow $1 dbskkd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dbskkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dbskkd_client_packets',`
++	gen_require(`
++		type dbskkd_client_packet_t;
++	')
++
++	dontaudit $1 dbskkd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dbskkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dbskkd_client_packets',`
++	corenet_send_dbskkd_client_packets($1)
++	corenet_receive_dbskkd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dbskkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dbskkd_client_packets',`
++	corenet_dontaudit_send_dbskkd_client_packets($1)
++	corenet_dontaudit_receive_dbskkd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dbskkd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dbskkd_client_packets',`
++	gen_require(`
++		type dbskkd_client_packet_t;
++	')
++
++	allow $1 dbskkd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send dbskkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dbskkd_server_packets',`
++	gen_require(`
++		type dbskkd_server_packet_t;
++	')
++
++	allow $1 dbskkd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dbskkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dbskkd_server_packets',`
++	gen_require(`
++		type dbskkd_server_packet_t;
++	')
++
++	dontaudit $1 dbskkd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dbskkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dbskkd_server_packets',`
++	gen_require(`
++		type dbskkd_server_packet_t;
++	')
++
++	allow $1 dbskkd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dbskkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dbskkd_server_packets',`
++	gen_require(`
++		type dbskkd_server_packet_t;
++	')
++
++	dontaudit $1 dbskkd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dbskkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dbskkd_server_packets',`
++	corenet_send_dbskkd_server_packets($1)
++	corenet_receive_dbskkd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dbskkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dbskkd_server_packets',`
++	corenet_dontaudit_send_dbskkd_server_packets($1)
++	corenet_dontaudit_receive_dbskkd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dbskkd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dbskkd_server_packets',`
++	gen_require(`
++		type dbskkd_server_packet_t;
++	')
++
++	allow $1 dbskkd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	allow $1 dhcpc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	allow $1 dhcpc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	dontaudit $1 dhcpc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	allow $1 dhcpc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	dontaudit $1 dhcpc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_dhcpc_port',`
++	corenet_udp_send_dhcpc_port($1)
++	corenet_udp_receive_dhcpc_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_dhcpc_port',`
++	corenet_dontaudit_udp_send_dhcpc_port($1)
++	corenet_dontaudit_udp_receive_dhcpc_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	allow $1 dhcpc_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	allow $1 dhcpc_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the dhcpc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_dhcpc_port',`
++	gen_require(`
++		type dhcpc_port_t;
++	')
++
++	allow $1 dhcpc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send dhcpc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dhcpc_client_packets',`
++	gen_require(`
++		type dhcpc_client_packet_t;
++	')
++
++	allow $1 dhcpc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dhcpc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dhcpc_client_packets',`
++	gen_require(`
++		type dhcpc_client_packet_t;
++	')
++
++	dontaudit $1 dhcpc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dhcpc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dhcpc_client_packets',`
++	gen_require(`
++		type dhcpc_client_packet_t;
++	')
++
++	allow $1 dhcpc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dhcpc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dhcpc_client_packets',`
++	gen_require(`
++		type dhcpc_client_packet_t;
++	')
++
++	dontaudit $1 dhcpc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dhcpc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dhcpc_client_packets',`
++	corenet_send_dhcpc_client_packets($1)
++	corenet_receive_dhcpc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dhcpc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dhcpc_client_packets',`
++	corenet_dontaudit_send_dhcpc_client_packets($1)
++	corenet_dontaudit_receive_dhcpc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dhcpc_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dhcpc_client_packets',`
++	gen_require(`
++		type dhcpc_client_packet_t;
++	')
++
++	allow $1 dhcpc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send dhcpc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dhcpc_server_packets',`
++	gen_require(`
++		type dhcpc_server_packet_t;
++	')
++
++	allow $1 dhcpc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dhcpc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dhcpc_server_packets',`
++	gen_require(`
++		type dhcpc_server_packet_t;
++	')
++
++	dontaudit $1 dhcpc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dhcpc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dhcpc_server_packets',`
++	gen_require(`
++		type dhcpc_server_packet_t;
++	')
++
++	allow $1 dhcpc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dhcpc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dhcpc_server_packets',`
++	gen_require(`
++		type dhcpc_server_packet_t;
++	')
++
++	dontaudit $1 dhcpc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dhcpc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dhcpc_server_packets',`
++	corenet_send_dhcpc_server_packets($1)
++	corenet_receive_dhcpc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dhcpc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dhcpc_server_packets',`
++	corenet_dontaudit_send_dhcpc_server_packets($1)
++	corenet_dontaudit_receive_dhcpc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dhcpc_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dhcpc_server_packets',`
++	gen_require(`
++		type dhcpc_server_packet_t;
++	')
++
++	allow $1 dhcpc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	allow $1 dhcpd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	allow $1 dhcpd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	dontaudit $1 dhcpd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	allow $1 dhcpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	dontaudit $1 dhcpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_dhcpd_port',`
++	corenet_udp_send_dhcpd_port($1)
++	corenet_udp_receive_dhcpd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_dhcpd_port',`
++	corenet_dontaudit_udp_send_dhcpd_port($1)
++	corenet_dontaudit_udp_receive_dhcpd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	allow $1 dhcpd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	allow $1 dhcpd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the dhcpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_dhcpd_port',`
++	gen_require(`
++		type dhcpd_port_t;
++	')
++
++	allow $1 dhcpd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send dhcpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dhcpd_client_packets',`
++	gen_require(`
++		type dhcpd_client_packet_t;
++	')
++
++	allow $1 dhcpd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dhcpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dhcpd_client_packets',`
++	gen_require(`
++		type dhcpd_client_packet_t;
++	')
++
++	dontaudit $1 dhcpd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dhcpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dhcpd_client_packets',`
++	gen_require(`
++		type dhcpd_client_packet_t;
++	')
++
++	allow $1 dhcpd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dhcpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dhcpd_client_packets',`
++	gen_require(`
++		type dhcpd_client_packet_t;
++	')
++
++	dontaudit $1 dhcpd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dhcpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dhcpd_client_packets',`
++	corenet_send_dhcpd_client_packets($1)
++	corenet_receive_dhcpd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dhcpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dhcpd_client_packets',`
++	corenet_dontaudit_send_dhcpd_client_packets($1)
++	corenet_dontaudit_receive_dhcpd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dhcpd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dhcpd_client_packets',`
++	gen_require(`
++		type dhcpd_client_packet_t;
++	')
++
++	allow $1 dhcpd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send dhcpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dhcpd_server_packets',`
++	gen_require(`
++		type dhcpd_server_packet_t;
++	')
++
++	allow $1 dhcpd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dhcpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dhcpd_server_packets',`
++	gen_require(`
++		type dhcpd_server_packet_t;
++	')
++
++	dontaudit $1 dhcpd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dhcpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dhcpd_server_packets',`
++	gen_require(`
++		type dhcpd_server_packet_t;
++	')
++
++	allow $1 dhcpd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dhcpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dhcpd_server_packets',`
++	gen_require(`
++		type dhcpd_server_packet_t;
++	')
++
++	dontaudit $1 dhcpd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dhcpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dhcpd_server_packets',`
++	corenet_send_dhcpd_server_packets($1)
++	corenet_receive_dhcpd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dhcpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dhcpd_server_packets',`
++	corenet_dontaudit_send_dhcpd_server_packets($1)
++	corenet_dontaudit_receive_dhcpd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dhcpd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dhcpd_server_packets',`
++	gen_require(`
++		type dhcpd_server_packet_t;
++	')
++
++	allow $1 dhcpd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	allow $1 dict_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	allow $1 dict_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	dontaudit $1 dict_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	allow $1 dict_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	dontaudit $1 dict_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_dict_port',`
++	corenet_udp_send_dict_port($1)
++	corenet_udp_receive_dict_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_dict_port',`
++	corenet_dontaudit_udp_send_dict_port($1)
++	corenet_dontaudit_udp_receive_dict_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	allow $1 dict_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	allow $1 dict_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the dict port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_dict_port',`
++	gen_require(`
++		type dict_port_t;
++	')
++
++	allow $1 dict_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send dict_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dict_client_packets',`
++	gen_require(`
++		type dict_client_packet_t;
++	')
++
++	allow $1 dict_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dict_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dict_client_packets',`
++	gen_require(`
++		type dict_client_packet_t;
++	')
++
++	dontaudit $1 dict_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dict_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dict_client_packets',`
++	gen_require(`
++		type dict_client_packet_t;
++	')
++
++	allow $1 dict_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dict_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dict_client_packets',`
++	gen_require(`
++		type dict_client_packet_t;
++	')
++
++	dontaudit $1 dict_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dict_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dict_client_packets',`
++	corenet_send_dict_client_packets($1)
++	corenet_receive_dict_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dict_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dict_client_packets',`
++	corenet_dontaudit_send_dict_client_packets($1)
++	corenet_dontaudit_receive_dict_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dict_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dict_client_packets',`
++	gen_require(`
++		type dict_client_packet_t;
++	')
++
++	allow $1 dict_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send dict_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dict_server_packets',`
++	gen_require(`
++		type dict_server_packet_t;
++	')
++
++	allow $1 dict_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dict_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dict_server_packets',`
++	gen_require(`
++		type dict_server_packet_t;
++	')
++
++	dontaudit $1 dict_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dict_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dict_server_packets',`
++	gen_require(`
++		type dict_server_packet_t;
++	')
++
++	allow $1 dict_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dict_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dict_server_packets',`
++	gen_require(`
++		type dict_server_packet_t;
++	')
++
++	dontaudit $1 dict_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dict_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dict_server_packets',`
++	corenet_send_dict_server_packets($1)
++	corenet_receive_dict_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dict_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dict_server_packets',`
++	corenet_dontaudit_send_dict_server_packets($1)
++	corenet_dontaudit_receive_dict_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dict_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dict_server_packets',`
++	gen_require(`
++		type dict_server_packet_t;
++	')
++
++	allow $1 dict_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	allow $1 distccd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	allow $1 distccd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	dontaudit $1 distccd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	allow $1 distccd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	dontaudit $1 distccd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_distccd_port',`
++	corenet_udp_send_distccd_port($1)
++	corenet_udp_receive_distccd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_distccd_port',`
++	corenet_dontaudit_udp_send_distccd_port($1)
++	corenet_dontaudit_udp_receive_distccd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	allow $1 distccd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	allow $1 distccd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the distccd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_distccd_port',`
++	gen_require(`
++		type distccd_port_t;
++	')
++
++	allow $1 distccd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send distccd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_distccd_client_packets',`
++	gen_require(`
++		type distccd_client_packet_t;
++	')
++
++	allow $1 distccd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send distccd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_distccd_client_packets',`
++	gen_require(`
++		type distccd_client_packet_t;
++	')
++
++	dontaudit $1 distccd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive distccd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_distccd_client_packets',`
++	gen_require(`
++		type distccd_client_packet_t;
++	')
++
++	allow $1 distccd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive distccd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_distccd_client_packets',`
++	gen_require(`
++		type distccd_client_packet_t;
++	')
++
++	dontaudit $1 distccd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive distccd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_distccd_client_packets',`
++	corenet_send_distccd_client_packets($1)
++	corenet_receive_distccd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive distccd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_distccd_client_packets',`
++	corenet_dontaudit_send_distccd_client_packets($1)
++	corenet_dontaudit_receive_distccd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to distccd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_distccd_client_packets',`
++	gen_require(`
++		type distccd_client_packet_t;
++	')
++
++	allow $1 distccd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send distccd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_distccd_server_packets',`
++	gen_require(`
++		type distccd_server_packet_t;
++	')
++
++	allow $1 distccd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send distccd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_distccd_server_packets',`
++	gen_require(`
++		type distccd_server_packet_t;
++	')
++
++	dontaudit $1 distccd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive distccd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_distccd_server_packets',`
++	gen_require(`
++		type distccd_server_packet_t;
++	')
++
++	allow $1 distccd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive distccd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_distccd_server_packets',`
++	gen_require(`
++		type distccd_server_packet_t;
++	')
++
++	dontaudit $1 distccd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive distccd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_distccd_server_packets',`
++	corenet_send_distccd_server_packets($1)
++	corenet_receive_distccd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive distccd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_distccd_server_packets',`
++	corenet_dontaudit_send_distccd_server_packets($1)
++	corenet_dontaudit_receive_distccd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to distccd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_distccd_server_packets',`
++	gen_require(`
++		type distccd_server_packet_t;
++	')
++
++	allow $1 distccd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	allow $1 dns_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	dontaudit $1 dns_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	allow $1 dns_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	dontaudit $1 dns_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_dns_port',`
++	corenet_udp_send_dns_port($1)
++	corenet_udp_receive_dns_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_dns_port',`
++	corenet_dontaudit_udp_send_dns_port($1)
++	corenet_dontaudit_udp_receive_dns_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	allow $1 dns_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	allow $1 dns_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the dns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_dns_port',`
++	gen_require(`
++		type dns_port_t;
++	')
++
++	allow $1 dns_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send dns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dns_client_packets',`
++	gen_require(`
++		type dns_client_packet_t;
++	')
++
++	allow $1 dns_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dns_client_packets',`
++	gen_require(`
++		type dns_client_packet_t;
++	')
++
++	dontaudit $1 dns_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dns_client_packets',`
++	gen_require(`
++		type dns_client_packet_t;
++	')
++
++	allow $1 dns_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dns_client_packets',`
++	gen_require(`
++		type dns_client_packet_t;
++	')
++
++	dontaudit $1 dns_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dns_client_packets',`
++	corenet_send_dns_client_packets($1)
++	corenet_receive_dns_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dns_client_packets',`
++	corenet_dontaudit_send_dns_client_packets($1)
++	corenet_dontaudit_receive_dns_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dns_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dns_client_packets',`
++	gen_require(`
++		type dns_client_packet_t;
++	')
++
++	allow $1 dns_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send dns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_dns_server_packets',`
++	gen_require(`
++		type dns_server_packet_t;
++	')
++
++	allow $1 dns_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send dns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_dns_server_packets',`
++	gen_require(`
++		type dns_server_packet_t;
++	')
++
++	dontaudit $1 dns_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive dns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_dns_server_packets',`
++	gen_require(`
++		type dns_server_packet_t;
++	')
++
++	allow $1 dns_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive dns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_dns_server_packets',`
++	gen_require(`
++		type dns_server_packet_t;
++	')
++
++	dontaudit $1 dns_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive dns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_dns_server_packets',`
++	corenet_send_dns_server_packets($1)
++	corenet_receive_dns_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive dns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_dns_server_packets',`
++	corenet_dontaudit_send_dns_server_packets($1)
++	corenet_dontaudit_receive_dns_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to dns_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_dns_server_packets',`
++	gen_require(`
++		type dns_server_packet_t;
++	')
++
++	allow $1 dns_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	allow $1 fingerd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	allow $1 fingerd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	dontaudit $1 fingerd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	allow $1 fingerd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	dontaudit $1 fingerd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_fingerd_port',`
++	corenet_udp_send_fingerd_port($1)
++	corenet_udp_receive_fingerd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_fingerd_port',`
++	corenet_dontaudit_udp_send_fingerd_port($1)
++	corenet_dontaudit_udp_receive_fingerd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	allow $1 fingerd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	allow $1 fingerd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the fingerd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_fingerd_port',`
++	gen_require(`
++		type fingerd_port_t;
++	')
++
++	allow $1 fingerd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send fingerd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_fingerd_client_packets',`
++	gen_require(`
++		type fingerd_client_packet_t;
++	')
++
++	allow $1 fingerd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send fingerd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_fingerd_client_packets',`
++	gen_require(`
++		type fingerd_client_packet_t;
++	')
++
++	dontaudit $1 fingerd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive fingerd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_fingerd_client_packets',`
++	gen_require(`
++		type fingerd_client_packet_t;
++	')
++
++	allow $1 fingerd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive fingerd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_fingerd_client_packets',`
++	gen_require(`
++		type fingerd_client_packet_t;
++	')
++
++	dontaudit $1 fingerd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive fingerd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_fingerd_client_packets',`
++	corenet_send_fingerd_client_packets($1)
++	corenet_receive_fingerd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive fingerd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_fingerd_client_packets',`
++	corenet_dontaudit_send_fingerd_client_packets($1)
++	corenet_dontaudit_receive_fingerd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to fingerd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_fingerd_client_packets',`
++	gen_require(`
++		type fingerd_client_packet_t;
++	')
++
++	allow $1 fingerd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send fingerd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_fingerd_server_packets',`
++	gen_require(`
++		type fingerd_server_packet_t;
++	')
++
++	allow $1 fingerd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send fingerd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_fingerd_server_packets',`
++	gen_require(`
++		type fingerd_server_packet_t;
++	')
++
++	dontaudit $1 fingerd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive fingerd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_fingerd_server_packets',`
++	gen_require(`
++		type fingerd_server_packet_t;
++	')
++
++	allow $1 fingerd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive fingerd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_fingerd_server_packets',`
++	gen_require(`
++		type fingerd_server_packet_t;
++	')
++
++	dontaudit $1 fingerd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive fingerd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_fingerd_server_packets',`
++	corenet_send_fingerd_server_packets($1)
++	corenet_receive_fingerd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive fingerd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_fingerd_server_packets',`
++	corenet_dontaudit_send_fingerd_server_packets($1)
++	corenet_dontaudit_receive_fingerd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to fingerd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_fingerd_server_packets',`
++	gen_require(`
++		type fingerd_server_packet_t;
++	')
++
++	allow $1 fingerd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	allow $1 flash_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	allow $1 flash_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	dontaudit $1 flash_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	allow $1 flash_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	dontaudit $1 flash_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_flash_port',`
++	corenet_udp_send_flash_port($1)
++	corenet_udp_receive_flash_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_flash_port',`
++	corenet_dontaudit_udp_send_flash_port($1)
++	corenet_dontaudit_udp_receive_flash_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	allow $1 flash_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	allow $1 flash_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the flash port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_flash_port',`
++	gen_require(`
++		type flash_port_t;
++	')
++
++	allow $1 flash_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send flash_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_flash_client_packets',`
++	gen_require(`
++		type flash_client_packet_t;
++	')
++
++	allow $1 flash_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send flash_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_flash_client_packets',`
++	gen_require(`
++		type flash_client_packet_t;
++	')
++
++	dontaudit $1 flash_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive flash_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_flash_client_packets',`
++	gen_require(`
++		type flash_client_packet_t;
++	')
++
++	allow $1 flash_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive flash_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_flash_client_packets',`
++	gen_require(`
++		type flash_client_packet_t;
++	')
++
++	dontaudit $1 flash_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive flash_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_flash_client_packets',`
++	corenet_send_flash_client_packets($1)
++	corenet_receive_flash_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive flash_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_flash_client_packets',`
++	corenet_dontaudit_send_flash_client_packets($1)
++	corenet_dontaudit_receive_flash_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to flash_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_flash_client_packets',`
++	gen_require(`
++		type flash_client_packet_t;
++	')
++
++	allow $1 flash_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send flash_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_flash_server_packets',`
++	gen_require(`
++		type flash_server_packet_t;
++	')
++
++	allow $1 flash_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send flash_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_flash_server_packets',`
++	gen_require(`
++		type flash_server_packet_t;
++	')
++
++	dontaudit $1 flash_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive flash_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_flash_server_packets',`
++	gen_require(`
++		type flash_server_packet_t;
++	')
++
++	allow $1 flash_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive flash_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_flash_server_packets',`
++	gen_require(`
++		type flash_server_packet_t;
++	')
++
++	dontaudit $1 flash_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive flash_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_flash_server_packets',`
++	corenet_send_flash_server_packets($1)
++	corenet_receive_flash_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive flash_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_flash_server_packets',`
++	corenet_dontaudit_send_flash_server_packets($1)
++	corenet_dontaudit_receive_flash_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to flash_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_flash_server_packets',`
++	gen_require(`
++		type flash_server_packet_t;
++	')
++
++	allow $1 flash_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	allow $1 ftp_data_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	allow $1 ftp_data_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	dontaudit $1 ftp_data_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	allow $1 ftp_data_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	dontaudit $1 ftp_data_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ftp_data_port',`
++	corenet_udp_send_ftp_data_port($1)
++	corenet_udp_receive_ftp_data_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ftp_data_port',`
++	corenet_dontaudit_udp_send_ftp_data_port($1)
++	corenet_dontaudit_udp_receive_ftp_data_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	allow $1 ftp_data_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	allow $1 ftp_data_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ftp_data port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ftp_data_port',`
++	gen_require(`
++		type ftp_data_port_t;
++	')
++
++	allow $1 ftp_data_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ftp_data_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ftp_data_client_packets',`
++	gen_require(`
++		type ftp_data_client_packet_t;
++	')
++
++	allow $1 ftp_data_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ftp_data_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ftp_data_client_packets',`
++	gen_require(`
++		type ftp_data_client_packet_t;
++	')
++
++	dontaudit $1 ftp_data_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ftp_data_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ftp_data_client_packets',`
++	gen_require(`
++		type ftp_data_client_packet_t;
++	')
++
++	allow $1 ftp_data_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ftp_data_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ftp_data_client_packets',`
++	gen_require(`
++		type ftp_data_client_packet_t;
++	')
++
++	dontaudit $1 ftp_data_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ftp_data_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ftp_data_client_packets',`
++	corenet_send_ftp_data_client_packets($1)
++	corenet_receive_ftp_data_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ftp_data_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ftp_data_client_packets',`
++	corenet_dontaudit_send_ftp_data_client_packets($1)
++	corenet_dontaudit_receive_ftp_data_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ftp_data_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ftp_data_client_packets',`
++	gen_require(`
++		type ftp_data_client_packet_t;
++	')
++
++	allow $1 ftp_data_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ftp_data_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ftp_data_server_packets',`
++	gen_require(`
++		type ftp_data_server_packet_t;
++	')
++
++	allow $1 ftp_data_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ftp_data_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ftp_data_server_packets',`
++	gen_require(`
++		type ftp_data_server_packet_t;
++	')
++
++	dontaudit $1 ftp_data_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ftp_data_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ftp_data_server_packets',`
++	gen_require(`
++		type ftp_data_server_packet_t;
++	')
++
++	allow $1 ftp_data_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ftp_data_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ftp_data_server_packets',`
++	gen_require(`
++		type ftp_data_server_packet_t;
++	')
++
++	dontaudit $1 ftp_data_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ftp_data_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ftp_data_server_packets',`
++	corenet_send_ftp_data_server_packets($1)
++	corenet_receive_ftp_data_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ftp_data_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ftp_data_server_packets',`
++	corenet_dontaudit_send_ftp_data_server_packets($1)
++	corenet_dontaudit_receive_ftp_data_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ftp_data_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ftp_data_server_packets',`
++	gen_require(`
++		type ftp_data_server_packet_t;
++	')
++
++	allow $1 ftp_data_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	allow $1 ftp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	allow $1 ftp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	dontaudit $1 ftp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	allow $1 ftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	dontaudit $1 ftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ftp_port',`
++	corenet_udp_send_ftp_port($1)
++	corenet_udp_receive_ftp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ftp_port',`
++	corenet_dontaudit_udp_send_ftp_port($1)
++	corenet_dontaudit_udp_receive_ftp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	allow $1 ftp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	allow $1 ftp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ftp_port',`
++	gen_require(`
++		type ftp_port_t;
++	')
++
++	allow $1 ftp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ftp_client_packets',`
++	gen_require(`
++		type ftp_client_packet_t;
++	')
++
++	allow $1 ftp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ftp_client_packets',`
++	gen_require(`
++		type ftp_client_packet_t;
++	')
++
++	dontaudit $1 ftp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ftp_client_packets',`
++	gen_require(`
++		type ftp_client_packet_t;
++	')
++
++	allow $1 ftp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ftp_client_packets',`
++	gen_require(`
++		type ftp_client_packet_t;
++	')
++
++	dontaudit $1 ftp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ftp_client_packets',`
++	corenet_send_ftp_client_packets($1)
++	corenet_receive_ftp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ftp_client_packets',`
++	corenet_dontaudit_send_ftp_client_packets($1)
++	corenet_dontaudit_receive_ftp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ftp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ftp_client_packets',`
++	gen_require(`
++		type ftp_client_packet_t;
++	')
++
++	allow $1 ftp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ftp_server_packets',`
++	gen_require(`
++		type ftp_server_packet_t;
++	')
++
++	allow $1 ftp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ftp_server_packets',`
++	gen_require(`
++		type ftp_server_packet_t;
++	')
++
++	dontaudit $1 ftp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ftp_server_packets',`
++	gen_require(`
++		type ftp_server_packet_t;
++	')
++
++	allow $1 ftp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ftp_server_packets',`
++	gen_require(`
++		type ftp_server_packet_t;
++	')
++
++	dontaudit $1 ftp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ftp_server_packets',`
++	corenet_send_ftp_server_packets($1)
++	corenet_receive_ftp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ftp_server_packets',`
++	corenet_dontaudit_send_ftp_server_packets($1)
++	corenet_dontaudit_receive_ftp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ftp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ftp_server_packets',`
++	gen_require(`
++		type ftp_server_packet_t;
++	')
++
++	allow $1 ftp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	allow $1 gatekeeper_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	allow $1 gatekeeper_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	dontaudit $1 gatekeeper_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	allow $1 gatekeeper_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	dontaudit $1 gatekeeper_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_gatekeeper_port',`
++	corenet_udp_send_gatekeeper_port($1)
++	corenet_udp_receive_gatekeeper_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_gatekeeper_port',`
++	corenet_dontaudit_udp_send_gatekeeper_port($1)
++	corenet_dontaudit_udp_receive_gatekeeper_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	allow $1 gatekeeper_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	allow $1 gatekeeper_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the gatekeeper port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_gatekeeper_port',`
++	gen_require(`
++		type gatekeeper_port_t;
++	')
++
++	allow $1 gatekeeper_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send gatekeeper_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_gatekeeper_client_packets',`
++	gen_require(`
++		type gatekeeper_client_packet_t;
++	')
++
++	allow $1 gatekeeper_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send gatekeeper_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_gatekeeper_client_packets',`
++	gen_require(`
++		type gatekeeper_client_packet_t;
++	')
++
++	dontaudit $1 gatekeeper_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive gatekeeper_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_gatekeeper_client_packets',`
++	gen_require(`
++		type gatekeeper_client_packet_t;
++	')
++
++	allow $1 gatekeeper_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive gatekeeper_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_gatekeeper_client_packets',`
++	gen_require(`
++		type gatekeeper_client_packet_t;
++	')
++
++	dontaudit $1 gatekeeper_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive gatekeeper_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_gatekeeper_client_packets',`
++	corenet_send_gatekeeper_client_packets($1)
++	corenet_receive_gatekeeper_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive gatekeeper_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_gatekeeper_client_packets',`
++	corenet_dontaudit_send_gatekeeper_client_packets($1)
++	corenet_dontaudit_receive_gatekeeper_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to gatekeeper_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_gatekeeper_client_packets',`
++	gen_require(`
++		type gatekeeper_client_packet_t;
++	')
++
++	allow $1 gatekeeper_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send gatekeeper_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_gatekeeper_server_packets',`
++	gen_require(`
++		type gatekeeper_server_packet_t;
++	')
++
++	allow $1 gatekeeper_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send gatekeeper_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_gatekeeper_server_packets',`
++	gen_require(`
++		type gatekeeper_server_packet_t;
++	')
++
++	dontaudit $1 gatekeeper_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive gatekeeper_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_gatekeeper_server_packets',`
++	gen_require(`
++		type gatekeeper_server_packet_t;
++	')
++
++	allow $1 gatekeeper_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive gatekeeper_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_gatekeeper_server_packets',`
++	gen_require(`
++		type gatekeeper_server_packet_t;
++	')
++
++	dontaudit $1 gatekeeper_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive gatekeeper_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_gatekeeper_server_packets',`
++	corenet_send_gatekeeper_server_packets($1)
++	corenet_receive_gatekeeper_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive gatekeeper_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_gatekeeper_server_packets',`
++	corenet_dontaudit_send_gatekeeper_server_packets($1)
++	corenet_dontaudit_receive_gatekeeper_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to gatekeeper_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_gatekeeper_server_packets',`
++	gen_require(`
++		type gatekeeper_server_packet_t;
++	')
++
++	allow $1 gatekeeper_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	allow $1 giftd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	allow $1 giftd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	dontaudit $1 giftd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	allow $1 giftd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	dontaudit $1 giftd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_giftd_port',`
++	corenet_udp_send_giftd_port($1)
++	corenet_udp_receive_giftd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_giftd_port',`
++	corenet_dontaudit_udp_send_giftd_port($1)
++	corenet_dontaudit_udp_receive_giftd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	allow $1 giftd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	allow $1 giftd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the giftd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_giftd_port',`
++	gen_require(`
++		type giftd_port_t;
++	')
++
++	allow $1 giftd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send giftd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_giftd_client_packets',`
++	gen_require(`
++		type giftd_client_packet_t;
++	')
++
++	allow $1 giftd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send giftd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_giftd_client_packets',`
++	gen_require(`
++		type giftd_client_packet_t;
++	')
++
++	dontaudit $1 giftd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive giftd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_giftd_client_packets',`
++	gen_require(`
++		type giftd_client_packet_t;
++	')
++
++	allow $1 giftd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive giftd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_giftd_client_packets',`
++	gen_require(`
++		type giftd_client_packet_t;
++	')
++
++	dontaudit $1 giftd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive giftd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_giftd_client_packets',`
++	corenet_send_giftd_client_packets($1)
++	corenet_receive_giftd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive giftd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_giftd_client_packets',`
++	corenet_dontaudit_send_giftd_client_packets($1)
++	corenet_dontaudit_receive_giftd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to giftd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_giftd_client_packets',`
++	gen_require(`
++		type giftd_client_packet_t;
++	')
++
++	allow $1 giftd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send giftd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_giftd_server_packets',`
++	gen_require(`
++		type giftd_server_packet_t;
++	')
++
++	allow $1 giftd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send giftd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_giftd_server_packets',`
++	gen_require(`
++		type giftd_server_packet_t;
++	')
++
++	dontaudit $1 giftd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive giftd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_giftd_server_packets',`
++	gen_require(`
++		type giftd_server_packet_t;
++	')
++
++	allow $1 giftd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive giftd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_giftd_server_packets',`
++	gen_require(`
++		type giftd_server_packet_t;
++	')
++
++	dontaudit $1 giftd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive giftd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_giftd_server_packets',`
++	corenet_send_giftd_server_packets($1)
++	corenet_receive_giftd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive giftd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_giftd_server_packets',`
++	corenet_dontaudit_send_giftd_server_packets($1)
++	corenet_dontaudit_receive_giftd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to giftd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_giftd_server_packets',`
++	gen_require(`
++		type giftd_server_packet_t;
++	')
++
++	allow $1 giftd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	allow $1 gopher_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	allow $1 gopher_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	dontaudit $1 gopher_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	allow $1 gopher_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	dontaudit $1 gopher_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_gopher_port',`
++	corenet_udp_send_gopher_port($1)
++	corenet_udp_receive_gopher_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_gopher_port',`
++	corenet_dontaudit_udp_send_gopher_port($1)
++	corenet_dontaudit_udp_receive_gopher_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	allow $1 gopher_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	allow $1 gopher_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the gopher port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_gopher_port',`
++	gen_require(`
++		type gopher_port_t;
++	')
++
++	allow $1 gopher_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send gopher_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_gopher_client_packets',`
++	gen_require(`
++		type gopher_client_packet_t;
++	')
++
++	allow $1 gopher_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send gopher_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_gopher_client_packets',`
++	gen_require(`
++		type gopher_client_packet_t;
++	')
++
++	dontaudit $1 gopher_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive gopher_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_gopher_client_packets',`
++	gen_require(`
++		type gopher_client_packet_t;
++	')
++
++	allow $1 gopher_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive gopher_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_gopher_client_packets',`
++	gen_require(`
++		type gopher_client_packet_t;
++	')
++
++	dontaudit $1 gopher_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive gopher_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_gopher_client_packets',`
++	corenet_send_gopher_client_packets($1)
++	corenet_receive_gopher_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive gopher_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_gopher_client_packets',`
++	corenet_dontaudit_send_gopher_client_packets($1)
++	corenet_dontaudit_receive_gopher_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to gopher_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_gopher_client_packets',`
++	gen_require(`
++		type gopher_client_packet_t;
++	')
++
++	allow $1 gopher_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send gopher_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_gopher_server_packets',`
++	gen_require(`
++		type gopher_server_packet_t;
++	')
++
++	allow $1 gopher_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send gopher_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_gopher_server_packets',`
++	gen_require(`
++		type gopher_server_packet_t;
++	')
++
++	dontaudit $1 gopher_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive gopher_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_gopher_server_packets',`
++	gen_require(`
++		type gopher_server_packet_t;
++	')
++
++	allow $1 gopher_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive gopher_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_gopher_server_packets',`
++	gen_require(`
++		type gopher_server_packet_t;
++	')
++
++	dontaudit $1 gopher_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive gopher_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_gopher_server_packets',`
++	corenet_send_gopher_server_packets($1)
++	corenet_receive_gopher_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive gopher_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_gopher_server_packets',`
++	corenet_dontaudit_send_gopher_server_packets($1)
++	corenet_dontaudit_receive_gopher_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to gopher_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_gopher_server_packets',`
++	gen_require(`
++		type gopher_server_packet_t;
++	')
++
++	allow $1 gopher_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	allow $1 http_cache_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	allow $1 http_cache_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	dontaudit $1 http_cache_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	allow $1 http_cache_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	dontaudit $1 http_cache_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_http_cache_port',`
++	corenet_udp_send_http_cache_port($1)
++	corenet_udp_receive_http_cache_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_http_cache_port',`
++	corenet_dontaudit_udp_send_http_cache_port($1)
++	corenet_dontaudit_udp_receive_http_cache_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	allow $1 http_cache_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	allow $1 http_cache_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the http_cache port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_http_cache_port',`
++	gen_require(`
++		type http_cache_port_t;
++	')
++
++	allow $1 http_cache_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send http_cache_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_http_cache_client_packets',`
++	gen_require(`
++		type http_cache_client_packet_t;
++	')
++
++	allow $1 http_cache_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send http_cache_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_http_cache_client_packets',`
++	gen_require(`
++		type http_cache_client_packet_t;
++	')
++
++	dontaudit $1 http_cache_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive http_cache_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_http_cache_client_packets',`
++	gen_require(`
++		type http_cache_client_packet_t;
++	')
++
++	allow $1 http_cache_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive http_cache_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_http_cache_client_packets',`
++	gen_require(`
++		type http_cache_client_packet_t;
++	')
++
++	dontaudit $1 http_cache_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive http_cache_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_http_cache_client_packets',`
++	corenet_send_http_cache_client_packets($1)
++	corenet_receive_http_cache_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive http_cache_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_http_cache_client_packets',`
++	corenet_dontaudit_send_http_cache_client_packets($1)
++	corenet_dontaudit_receive_http_cache_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to http_cache_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_http_cache_client_packets',`
++	gen_require(`
++		type http_cache_client_packet_t;
++	')
++
++	allow $1 http_cache_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send http_cache_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_http_cache_server_packets',`
++	gen_require(`
++		type http_cache_server_packet_t;
++	')
++
++	allow $1 http_cache_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send http_cache_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_http_cache_server_packets',`
++	gen_require(`
++		type http_cache_server_packet_t;
++	')
++
++	dontaudit $1 http_cache_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive http_cache_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_http_cache_server_packets',`
++	gen_require(`
++		type http_cache_server_packet_t;
++	')
++
++	allow $1 http_cache_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive http_cache_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_http_cache_server_packets',`
++	gen_require(`
++		type http_cache_server_packet_t;
++	')
++
++	dontaudit $1 http_cache_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive http_cache_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_http_cache_server_packets',`
++	corenet_send_http_cache_server_packets($1)
++	corenet_receive_http_cache_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive http_cache_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_http_cache_server_packets',`
++	corenet_dontaudit_send_http_cache_server_packets($1)
++	corenet_dontaudit_receive_http_cache_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to http_cache_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_http_cache_server_packets',`
++	gen_require(`
++		type http_cache_server_packet_t;
++	')
++
++	allow $1 http_cache_server_packet_t:packet relabelto;
++')
++
++ # 8118 is for privoxy
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	allow $1 http_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	allow $1 http_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	dontaudit $1 http_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	allow $1 http_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	dontaudit $1 http_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_http_port',`
++	corenet_udp_send_http_port($1)
++	corenet_udp_receive_http_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_http_port',`
++	corenet_dontaudit_udp_send_http_port($1)
++	corenet_dontaudit_udp_receive_http_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	allow $1 http_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	allow $1 http_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_http_port',`
++	gen_require(`
++		type http_port_t;
++	')
++
++	allow $1 http_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_http_client_packets',`
++	gen_require(`
++		type http_client_packet_t;
++	')
++
++	allow $1 http_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_http_client_packets',`
++	gen_require(`
++		type http_client_packet_t;
++	')
++
++	dontaudit $1 http_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_http_client_packets',`
++	gen_require(`
++		type http_client_packet_t;
++	')
++
++	allow $1 http_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_http_client_packets',`
++	gen_require(`
++		type http_client_packet_t;
++	')
++
++	dontaudit $1 http_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_http_client_packets',`
++	corenet_send_http_client_packets($1)
++	corenet_receive_http_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_http_client_packets',`
++	corenet_dontaudit_send_http_client_packets($1)
++	corenet_dontaudit_receive_http_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to http_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_http_client_packets',`
++	gen_require(`
++		type http_client_packet_t;
++	')
++
++	allow $1 http_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_http_server_packets',`
++	gen_require(`
++		type http_server_packet_t;
++	')
++
++	allow $1 http_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_http_server_packets',`
++	gen_require(`
++		type http_server_packet_t;
++	')
++
++	dontaudit $1 http_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_http_server_packets',`
++	gen_require(`
++		type http_server_packet_t;
++	')
++
++	allow $1 http_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_http_server_packets',`
++	gen_require(`
++		type http_server_packet_t;
++	')
++
++	dontaudit $1 http_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_http_server_packets',`
++	corenet_send_http_server_packets($1)
++	corenet_receive_http_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_http_server_packets',`
++	corenet_dontaudit_send_http_server_packets($1)
++	corenet_dontaudit_receive_http_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to http_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_http_server_packets',`
++	gen_require(`
++		type http_server_packet_t;
++	')
++
++	allow $1 http_server_packet_t:packet relabelto;
++')
++
++ #8443 is mod_nss default port
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	allow $1 howl_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	allow $1 howl_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	dontaudit $1 howl_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	allow $1 howl_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	dontaudit $1 howl_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_howl_port',`
++	corenet_udp_send_howl_port($1)
++	corenet_udp_receive_howl_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_howl_port',`
++	corenet_dontaudit_udp_send_howl_port($1)
++	corenet_dontaudit_udp_receive_howl_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	allow $1 howl_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	allow $1 howl_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the howl port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_howl_port',`
++	gen_require(`
++		type howl_port_t;
++	')
++
++	allow $1 howl_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send howl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_howl_client_packets',`
++	gen_require(`
++		type howl_client_packet_t;
++	')
++
++	allow $1 howl_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send howl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_howl_client_packets',`
++	gen_require(`
++		type howl_client_packet_t;
++	')
++
++	dontaudit $1 howl_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive howl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_howl_client_packets',`
++	gen_require(`
++		type howl_client_packet_t;
++	')
++
++	allow $1 howl_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive howl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_howl_client_packets',`
++	gen_require(`
++		type howl_client_packet_t;
++	')
++
++	dontaudit $1 howl_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive howl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_howl_client_packets',`
++	corenet_send_howl_client_packets($1)
++	corenet_receive_howl_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive howl_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_howl_client_packets',`
++	corenet_dontaudit_send_howl_client_packets($1)
++	corenet_dontaudit_receive_howl_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to howl_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_howl_client_packets',`
++	gen_require(`
++		type howl_client_packet_t;
++	')
++
++	allow $1 howl_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send howl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_howl_server_packets',`
++	gen_require(`
++		type howl_server_packet_t;
++	')
++
++	allow $1 howl_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send howl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_howl_server_packets',`
++	gen_require(`
++		type howl_server_packet_t;
++	')
++
++	dontaudit $1 howl_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive howl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_howl_server_packets',`
++	gen_require(`
++		type howl_server_packet_t;
++	')
++
++	allow $1 howl_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive howl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_howl_server_packets',`
++	gen_require(`
++		type howl_server_packet_t;
++	')
++
++	dontaudit $1 howl_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive howl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_howl_server_packets',`
++	corenet_send_howl_server_packets($1)
++	corenet_receive_howl_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive howl_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_howl_server_packets',`
++	corenet_dontaudit_send_howl_server_packets($1)
++	corenet_dontaudit_receive_howl_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to howl_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_howl_server_packets',`
++	gen_require(`
++		type howl_server_packet_t;
++	')
++
++	allow $1 howl_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	allow $1 hplip_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	allow $1 hplip_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	dontaudit $1 hplip_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	allow $1 hplip_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	dontaudit $1 hplip_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_hplip_port',`
++	corenet_udp_send_hplip_port($1)
++	corenet_udp_receive_hplip_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_hplip_port',`
++	corenet_dontaudit_udp_send_hplip_port($1)
++	corenet_dontaudit_udp_receive_hplip_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	allow $1 hplip_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	allow $1 hplip_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the hplip port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_hplip_port',`
++	gen_require(`
++		type hplip_port_t;
++	')
++
++	allow $1 hplip_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send hplip_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_hplip_client_packets',`
++	gen_require(`
++		type hplip_client_packet_t;
++	')
++
++	allow $1 hplip_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send hplip_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_hplip_client_packets',`
++	gen_require(`
++		type hplip_client_packet_t;
++	')
++
++	dontaudit $1 hplip_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive hplip_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_hplip_client_packets',`
++	gen_require(`
++		type hplip_client_packet_t;
++	')
++
++	allow $1 hplip_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive hplip_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_hplip_client_packets',`
++	gen_require(`
++		type hplip_client_packet_t;
++	')
++
++	dontaudit $1 hplip_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive hplip_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_hplip_client_packets',`
++	corenet_send_hplip_client_packets($1)
++	corenet_receive_hplip_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive hplip_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_hplip_client_packets',`
++	corenet_dontaudit_send_hplip_client_packets($1)
++	corenet_dontaudit_receive_hplip_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to hplip_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_hplip_client_packets',`
++	gen_require(`
++		type hplip_client_packet_t;
++	')
++
++	allow $1 hplip_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send hplip_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_hplip_server_packets',`
++	gen_require(`
++		type hplip_server_packet_t;
++	')
++
++	allow $1 hplip_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send hplip_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_hplip_server_packets',`
++	gen_require(`
++		type hplip_server_packet_t;
++	')
++
++	dontaudit $1 hplip_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive hplip_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_hplip_server_packets',`
++	gen_require(`
++		type hplip_server_packet_t;
++	')
++
++	allow $1 hplip_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive hplip_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_hplip_server_packets',`
++	gen_require(`
++		type hplip_server_packet_t;
++	')
++
++	dontaudit $1 hplip_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive hplip_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_hplip_server_packets',`
++	corenet_send_hplip_server_packets($1)
++	corenet_receive_hplip_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive hplip_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_hplip_server_packets',`
++	corenet_dontaudit_send_hplip_server_packets($1)
++	corenet_dontaudit_receive_hplip_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to hplip_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_hplip_server_packets',`
++	gen_require(`
++		type hplip_server_packet_t;
++	')
++
++	allow $1 hplip_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	allow $1 i18n_input_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	allow $1 i18n_input_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	dontaudit $1 i18n_input_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	allow $1 i18n_input_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	dontaudit $1 i18n_input_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_i18n_input_port',`
++	corenet_udp_send_i18n_input_port($1)
++	corenet_udp_receive_i18n_input_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_i18n_input_port',`
++	corenet_dontaudit_udp_send_i18n_input_port($1)
++	corenet_dontaudit_udp_receive_i18n_input_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	allow $1 i18n_input_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	allow $1 i18n_input_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the i18n_input port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_i18n_input_port',`
++	gen_require(`
++		type i18n_input_port_t;
++	')
++
++	allow $1 i18n_input_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send i18n_input_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_i18n_input_client_packets',`
++	gen_require(`
++		type i18n_input_client_packet_t;
++	')
++
++	allow $1 i18n_input_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send i18n_input_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_i18n_input_client_packets',`
++	gen_require(`
++		type i18n_input_client_packet_t;
++	')
++
++	dontaudit $1 i18n_input_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive i18n_input_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_i18n_input_client_packets',`
++	gen_require(`
++		type i18n_input_client_packet_t;
++	')
++
++	allow $1 i18n_input_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive i18n_input_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_i18n_input_client_packets',`
++	gen_require(`
++		type i18n_input_client_packet_t;
++	')
++
++	dontaudit $1 i18n_input_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive i18n_input_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_i18n_input_client_packets',`
++	corenet_send_i18n_input_client_packets($1)
++	corenet_receive_i18n_input_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive i18n_input_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_i18n_input_client_packets',`
++	corenet_dontaudit_send_i18n_input_client_packets($1)
++	corenet_dontaudit_receive_i18n_input_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to i18n_input_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_i18n_input_client_packets',`
++	gen_require(`
++		type i18n_input_client_packet_t;
++	')
++
++	allow $1 i18n_input_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send i18n_input_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_i18n_input_server_packets',`
++	gen_require(`
++		type i18n_input_server_packet_t;
++	')
++
++	allow $1 i18n_input_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send i18n_input_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_i18n_input_server_packets',`
++	gen_require(`
++		type i18n_input_server_packet_t;
++	')
++
++	dontaudit $1 i18n_input_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive i18n_input_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_i18n_input_server_packets',`
++	gen_require(`
++		type i18n_input_server_packet_t;
++	')
++
++	allow $1 i18n_input_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive i18n_input_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_i18n_input_server_packets',`
++	gen_require(`
++		type i18n_input_server_packet_t;
++	')
++
++	dontaudit $1 i18n_input_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive i18n_input_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_i18n_input_server_packets',`
++	corenet_send_i18n_input_server_packets($1)
++	corenet_receive_i18n_input_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive i18n_input_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_i18n_input_server_packets',`
++	corenet_dontaudit_send_i18n_input_server_packets($1)
++	corenet_dontaudit_receive_i18n_input_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to i18n_input_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_i18n_input_server_packets',`
++	gen_require(`
++		type i18n_input_server_packet_t;
++	')
++
++	allow $1 i18n_input_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	allow $1 imaze_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	allow $1 imaze_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	dontaudit $1 imaze_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	allow $1 imaze_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	dontaudit $1 imaze_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_imaze_port',`
++	corenet_udp_send_imaze_port($1)
++	corenet_udp_receive_imaze_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_imaze_port',`
++	corenet_dontaudit_udp_send_imaze_port($1)
++	corenet_dontaudit_udp_receive_imaze_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	allow $1 imaze_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	allow $1 imaze_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the imaze port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_imaze_port',`
++	gen_require(`
++		type imaze_port_t;
++	')
++
++	allow $1 imaze_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send imaze_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_imaze_client_packets',`
++	gen_require(`
++		type imaze_client_packet_t;
++	')
++
++	allow $1 imaze_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send imaze_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_imaze_client_packets',`
++	gen_require(`
++		type imaze_client_packet_t;
++	')
++
++	dontaudit $1 imaze_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive imaze_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_imaze_client_packets',`
++	gen_require(`
++		type imaze_client_packet_t;
++	')
++
++	allow $1 imaze_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive imaze_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_imaze_client_packets',`
++	gen_require(`
++		type imaze_client_packet_t;
++	')
++
++	dontaudit $1 imaze_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive imaze_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_imaze_client_packets',`
++	corenet_send_imaze_client_packets($1)
++	corenet_receive_imaze_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive imaze_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_imaze_client_packets',`
++	corenet_dontaudit_send_imaze_client_packets($1)
++	corenet_dontaudit_receive_imaze_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to imaze_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_imaze_client_packets',`
++	gen_require(`
++		type imaze_client_packet_t;
++	')
++
++	allow $1 imaze_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send imaze_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_imaze_server_packets',`
++	gen_require(`
++		type imaze_server_packet_t;
++	')
++
++	allow $1 imaze_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send imaze_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_imaze_server_packets',`
++	gen_require(`
++		type imaze_server_packet_t;
++	')
++
++	dontaudit $1 imaze_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive imaze_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_imaze_server_packets',`
++	gen_require(`
++		type imaze_server_packet_t;
++	')
++
++	allow $1 imaze_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive imaze_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_imaze_server_packets',`
++	gen_require(`
++		type imaze_server_packet_t;
++	')
++
++	dontaudit $1 imaze_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive imaze_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_imaze_server_packets',`
++	corenet_send_imaze_server_packets($1)
++	corenet_receive_imaze_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive imaze_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_imaze_server_packets',`
++	corenet_dontaudit_send_imaze_server_packets($1)
++	corenet_dontaudit_receive_imaze_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to imaze_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_imaze_server_packets',`
++	gen_require(`
++		type imaze_server_packet_t;
++	')
++
++	allow $1 imaze_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	allow $1 inetd_child_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	allow $1 inetd_child_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	dontaudit $1 inetd_child_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	allow $1 inetd_child_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	dontaudit $1 inetd_child_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_inetd_child_port',`
++	corenet_udp_send_inetd_child_port($1)
++	corenet_udp_receive_inetd_child_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_inetd_child_port',`
++	corenet_dontaudit_udp_send_inetd_child_port($1)
++	corenet_dontaudit_udp_receive_inetd_child_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	allow $1 inetd_child_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	allow $1 inetd_child_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the inetd_child port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_inetd_child_port',`
++	gen_require(`
++		type inetd_child_port_t;
++	')
++
++	allow $1 inetd_child_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send inetd_child_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_inetd_child_client_packets',`
++	gen_require(`
++		type inetd_child_client_packet_t;
++	')
++
++	allow $1 inetd_child_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send inetd_child_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_inetd_child_client_packets',`
++	gen_require(`
++		type inetd_child_client_packet_t;
++	')
++
++	dontaudit $1 inetd_child_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive inetd_child_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_inetd_child_client_packets',`
++	gen_require(`
++		type inetd_child_client_packet_t;
++	')
++
++	allow $1 inetd_child_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive inetd_child_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_inetd_child_client_packets',`
++	gen_require(`
++		type inetd_child_client_packet_t;
++	')
++
++	dontaudit $1 inetd_child_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive inetd_child_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_inetd_child_client_packets',`
++	corenet_send_inetd_child_client_packets($1)
++	corenet_receive_inetd_child_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive inetd_child_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_inetd_child_client_packets',`
++	corenet_dontaudit_send_inetd_child_client_packets($1)
++	corenet_dontaudit_receive_inetd_child_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to inetd_child_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_inetd_child_client_packets',`
++	gen_require(`
++		type inetd_child_client_packet_t;
++	')
++
++	allow $1 inetd_child_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send inetd_child_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_inetd_child_server_packets',`
++	gen_require(`
++		type inetd_child_server_packet_t;
++	')
++
++	allow $1 inetd_child_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send inetd_child_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_inetd_child_server_packets',`
++	gen_require(`
++		type inetd_child_server_packet_t;
++	')
++
++	dontaudit $1 inetd_child_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive inetd_child_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_inetd_child_server_packets',`
++	gen_require(`
++		type inetd_child_server_packet_t;
++	')
++
++	allow $1 inetd_child_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive inetd_child_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_inetd_child_server_packets',`
++	gen_require(`
++		type inetd_child_server_packet_t;
++	')
++
++	dontaudit $1 inetd_child_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive inetd_child_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_inetd_child_server_packets',`
++	corenet_send_inetd_child_server_packets($1)
++	corenet_receive_inetd_child_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive inetd_child_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_inetd_child_server_packets',`
++	corenet_dontaudit_send_inetd_child_server_packets($1)
++	corenet_dontaudit_receive_inetd_child_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to inetd_child_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_inetd_child_server_packets',`
++	gen_require(`
++		type inetd_child_server_packet_t;
++	')
++
++	allow $1 inetd_child_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	allow $1 innd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	allow $1 innd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	dontaudit $1 innd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	allow $1 innd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	dontaudit $1 innd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_innd_port',`
++	corenet_udp_send_innd_port($1)
++	corenet_udp_receive_innd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_innd_port',`
++	corenet_dontaudit_udp_send_innd_port($1)
++	corenet_dontaudit_udp_receive_innd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	allow $1 innd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	allow $1 innd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the innd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_innd_port',`
++	gen_require(`
++		type innd_port_t;
++	')
++
++	allow $1 innd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send innd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_innd_client_packets',`
++	gen_require(`
++		type innd_client_packet_t;
++	')
++
++	allow $1 innd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send innd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_innd_client_packets',`
++	gen_require(`
++		type innd_client_packet_t;
++	')
++
++	dontaudit $1 innd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive innd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_innd_client_packets',`
++	gen_require(`
++		type innd_client_packet_t;
++	')
++
++	allow $1 innd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive innd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_innd_client_packets',`
++	gen_require(`
++		type innd_client_packet_t;
++	')
++
++	dontaudit $1 innd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive innd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_innd_client_packets',`
++	corenet_send_innd_client_packets($1)
++	corenet_receive_innd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive innd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_innd_client_packets',`
++	corenet_dontaudit_send_innd_client_packets($1)
++	corenet_dontaudit_receive_innd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to innd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_innd_client_packets',`
++	gen_require(`
++		type innd_client_packet_t;
++	')
++
++	allow $1 innd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send innd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_innd_server_packets',`
++	gen_require(`
++		type innd_server_packet_t;
++	')
++
++	allow $1 innd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send innd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_innd_server_packets',`
++	gen_require(`
++		type innd_server_packet_t;
++	')
++
++	dontaudit $1 innd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive innd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_innd_server_packets',`
++	gen_require(`
++		type innd_server_packet_t;
++	')
++
++	allow $1 innd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive innd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_innd_server_packets',`
++	gen_require(`
++		type innd_server_packet_t;
++	')
++
++	dontaudit $1 innd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive innd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_innd_server_packets',`
++	corenet_send_innd_server_packets($1)
++	corenet_receive_innd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive innd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_innd_server_packets',`
++	corenet_dontaudit_send_innd_server_packets($1)
++	corenet_dontaudit_receive_innd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to innd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_innd_server_packets',`
++	gen_require(`
++		type innd_server_packet_t;
++	')
++
++	allow $1 innd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	allow $1 ipp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	allow $1 ipp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	dontaudit $1 ipp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	allow $1 ipp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	dontaudit $1 ipp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ipp_port',`
++	corenet_udp_send_ipp_port($1)
++	corenet_udp_receive_ipp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ipp_port',`
++	corenet_dontaudit_udp_send_ipp_port($1)
++	corenet_dontaudit_udp_receive_ipp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	allow $1 ipp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	allow $1 ipp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ipp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ipp_port',`
++	gen_require(`
++		type ipp_port_t;
++	')
++
++	allow $1 ipp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ipp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ipp_client_packets',`
++	gen_require(`
++		type ipp_client_packet_t;
++	')
++
++	allow $1 ipp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ipp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ipp_client_packets',`
++	gen_require(`
++		type ipp_client_packet_t;
++	')
++
++	dontaudit $1 ipp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ipp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ipp_client_packets',`
++	gen_require(`
++		type ipp_client_packet_t;
++	')
++
++	allow $1 ipp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ipp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ipp_client_packets',`
++	gen_require(`
++		type ipp_client_packet_t;
++	')
++
++	dontaudit $1 ipp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ipp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ipp_client_packets',`
++	corenet_send_ipp_client_packets($1)
++	corenet_receive_ipp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ipp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ipp_client_packets',`
++	corenet_dontaudit_send_ipp_client_packets($1)
++	corenet_dontaudit_receive_ipp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ipp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ipp_client_packets',`
++	gen_require(`
++		type ipp_client_packet_t;
++	')
++
++	allow $1 ipp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ipp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ipp_server_packets',`
++	gen_require(`
++		type ipp_server_packet_t;
++	')
++
++	allow $1 ipp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ipp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ipp_server_packets',`
++	gen_require(`
++		type ipp_server_packet_t;
++	')
++
++	dontaudit $1 ipp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ipp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ipp_server_packets',`
++	gen_require(`
++		type ipp_server_packet_t;
++	')
++
++	allow $1 ipp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ipp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ipp_server_packets',`
++	gen_require(`
++		type ipp_server_packet_t;
++	')
++
++	dontaudit $1 ipp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ipp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ipp_server_packets',`
++	corenet_send_ipp_server_packets($1)
++	corenet_receive_ipp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ipp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ipp_server_packets',`
++	corenet_dontaudit_send_ipp_server_packets($1)
++	corenet_dontaudit_receive_ipp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ipp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ipp_server_packets',`
++	gen_require(`
++		type ipp_server_packet_t;
++	')
++
++	allow $1 ipp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	allow $1 ipsecnat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	allow $1 ipsecnat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	dontaudit $1 ipsecnat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	allow $1 ipsecnat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	dontaudit $1 ipsecnat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ipsecnat_port',`
++	corenet_udp_send_ipsecnat_port($1)
++	corenet_udp_receive_ipsecnat_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ipsecnat_port',`
++	corenet_dontaudit_udp_send_ipsecnat_port($1)
++	corenet_dontaudit_udp_receive_ipsecnat_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	allow $1 ipsecnat_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	allow $1 ipsecnat_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ipsecnat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ipsecnat_port',`
++	gen_require(`
++		type ipsecnat_port_t;
++	')
++
++	allow $1 ipsecnat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ipsecnat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ipsecnat_client_packets',`
++	gen_require(`
++		type ipsecnat_client_packet_t;
++	')
++
++	allow $1 ipsecnat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ipsecnat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ipsecnat_client_packets',`
++	gen_require(`
++		type ipsecnat_client_packet_t;
++	')
++
++	dontaudit $1 ipsecnat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ipsecnat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ipsecnat_client_packets',`
++	gen_require(`
++		type ipsecnat_client_packet_t;
++	')
++
++	allow $1 ipsecnat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ipsecnat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ipsecnat_client_packets',`
++	gen_require(`
++		type ipsecnat_client_packet_t;
++	')
++
++	dontaudit $1 ipsecnat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ipsecnat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ipsecnat_client_packets',`
++	corenet_send_ipsecnat_client_packets($1)
++	corenet_receive_ipsecnat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ipsecnat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ipsecnat_client_packets',`
++	corenet_dontaudit_send_ipsecnat_client_packets($1)
++	corenet_dontaudit_receive_ipsecnat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ipsecnat_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ipsecnat_client_packets',`
++	gen_require(`
++		type ipsecnat_client_packet_t;
++	')
++
++	allow $1 ipsecnat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ipsecnat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ipsecnat_server_packets',`
++	gen_require(`
++		type ipsecnat_server_packet_t;
++	')
++
++	allow $1 ipsecnat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ipsecnat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ipsecnat_server_packets',`
++	gen_require(`
++		type ipsecnat_server_packet_t;
++	')
++
++	dontaudit $1 ipsecnat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ipsecnat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ipsecnat_server_packets',`
++	gen_require(`
++		type ipsecnat_server_packet_t;
++	')
++
++	allow $1 ipsecnat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ipsecnat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ipsecnat_server_packets',`
++	gen_require(`
++		type ipsecnat_server_packet_t;
++	')
++
++	dontaudit $1 ipsecnat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ipsecnat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ipsecnat_server_packets',`
++	corenet_send_ipsecnat_server_packets($1)
++	corenet_receive_ipsecnat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ipsecnat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ipsecnat_server_packets',`
++	corenet_dontaudit_send_ipsecnat_server_packets($1)
++	corenet_dontaudit_receive_ipsecnat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ipsecnat_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ipsecnat_server_packets',`
++	gen_require(`
++		type ipsecnat_server_packet_t;
++	')
++
++	allow $1 ipsecnat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	allow $1 ircd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	allow $1 ircd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	dontaudit $1 ircd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	allow $1 ircd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	dontaudit $1 ircd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ircd_port',`
++	corenet_udp_send_ircd_port($1)
++	corenet_udp_receive_ircd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ircd_port',`
++	corenet_dontaudit_udp_send_ircd_port($1)
++	corenet_dontaudit_udp_receive_ircd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	allow $1 ircd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	allow $1 ircd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ircd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ircd_port',`
++	gen_require(`
++		type ircd_port_t;
++	')
++
++	allow $1 ircd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ircd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ircd_client_packets',`
++	gen_require(`
++		type ircd_client_packet_t;
++	')
++
++	allow $1 ircd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ircd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ircd_client_packets',`
++	gen_require(`
++		type ircd_client_packet_t;
++	')
++
++	dontaudit $1 ircd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ircd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ircd_client_packets',`
++	gen_require(`
++		type ircd_client_packet_t;
++	')
++
++	allow $1 ircd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ircd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ircd_client_packets',`
++	gen_require(`
++		type ircd_client_packet_t;
++	')
++
++	dontaudit $1 ircd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ircd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ircd_client_packets',`
++	corenet_send_ircd_client_packets($1)
++	corenet_receive_ircd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ircd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ircd_client_packets',`
++	corenet_dontaudit_send_ircd_client_packets($1)
++	corenet_dontaudit_receive_ircd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ircd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ircd_client_packets',`
++	gen_require(`
++		type ircd_client_packet_t;
++	')
++
++	allow $1 ircd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ircd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ircd_server_packets',`
++	gen_require(`
++		type ircd_server_packet_t;
++	')
++
++	allow $1 ircd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ircd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ircd_server_packets',`
++	gen_require(`
++		type ircd_server_packet_t;
++	')
++
++	dontaudit $1 ircd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ircd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ircd_server_packets',`
++	gen_require(`
++		type ircd_server_packet_t;
++	')
++
++	allow $1 ircd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ircd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ircd_server_packets',`
++	gen_require(`
++		type ircd_server_packet_t;
++	')
++
++	dontaudit $1 ircd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ircd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ircd_server_packets',`
++	corenet_send_ircd_server_packets($1)
++	corenet_receive_ircd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ircd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ircd_server_packets',`
++	corenet_dontaudit_send_ircd_server_packets($1)
++	corenet_dontaudit_receive_ircd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ircd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ircd_server_packets',`
++	gen_require(`
++		type ircd_server_packet_t;
++	')
++
++	allow $1 ircd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	allow $1 isakmp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	allow $1 isakmp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	dontaudit $1 isakmp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	allow $1 isakmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	dontaudit $1 isakmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_isakmp_port',`
++	corenet_udp_send_isakmp_port($1)
++	corenet_udp_receive_isakmp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_isakmp_port',`
++	corenet_dontaudit_udp_send_isakmp_port($1)
++	corenet_dontaudit_udp_receive_isakmp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	allow $1 isakmp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	allow $1 isakmp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the isakmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_isakmp_port',`
++	gen_require(`
++		type isakmp_port_t;
++	')
++
++	allow $1 isakmp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send isakmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_isakmp_client_packets',`
++	gen_require(`
++		type isakmp_client_packet_t;
++	')
++
++	allow $1 isakmp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send isakmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_isakmp_client_packets',`
++	gen_require(`
++		type isakmp_client_packet_t;
++	')
++
++	dontaudit $1 isakmp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive isakmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_isakmp_client_packets',`
++	gen_require(`
++		type isakmp_client_packet_t;
++	')
++
++	allow $1 isakmp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive isakmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_isakmp_client_packets',`
++	gen_require(`
++		type isakmp_client_packet_t;
++	')
++
++	dontaudit $1 isakmp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive isakmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_isakmp_client_packets',`
++	corenet_send_isakmp_client_packets($1)
++	corenet_receive_isakmp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive isakmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_isakmp_client_packets',`
++	corenet_dontaudit_send_isakmp_client_packets($1)
++	corenet_dontaudit_receive_isakmp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to isakmp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_isakmp_client_packets',`
++	gen_require(`
++		type isakmp_client_packet_t;
++	')
++
++	allow $1 isakmp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send isakmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_isakmp_server_packets',`
++	gen_require(`
++		type isakmp_server_packet_t;
++	')
++
++	allow $1 isakmp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send isakmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_isakmp_server_packets',`
++	gen_require(`
++		type isakmp_server_packet_t;
++	')
++
++	dontaudit $1 isakmp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive isakmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_isakmp_server_packets',`
++	gen_require(`
++		type isakmp_server_packet_t;
++	')
++
++	allow $1 isakmp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive isakmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_isakmp_server_packets',`
++	gen_require(`
++		type isakmp_server_packet_t;
++	')
++
++	dontaudit $1 isakmp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive isakmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_isakmp_server_packets',`
++	corenet_send_isakmp_server_packets($1)
++	corenet_receive_isakmp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive isakmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_isakmp_server_packets',`
++	corenet_dontaudit_send_isakmp_server_packets($1)
++	corenet_dontaudit_receive_isakmp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to isakmp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_isakmp_server_packets',`
++	gen_require(`
++		type isakmp_server_packet_t;
++	')
++
++	allow $1 isakmp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	allow $1 iscsi_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	allow $1 iscsi_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	dontaudit $1 iscsi_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	allow $1 iscsi_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	dontaudit $1 iscsi_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_iscsi_port',`
++	corenet_udp_send_iscsi_port($1)
++	corenet_udp_receive_iscsi_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_iscsi_port',`
++	corenet_dontaudit_udp_send_iscsi_port($1)
++	corenet_dontaudit_udp_receive_iscsi_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	allow $1 iscsi_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	allow $1 iscsi_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the iscsi port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_iscsi_port',`
++	gen_require(`
++		type iscsi_port_t;
++	')
++
++	allow $1 iscsi_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send iscsi_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_iscsi_client_packets',`
++	gen_require(`
++		type iscsi_client_packet_t;
++	')
++
++	allow $1 iscsi_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send iscsi_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_iscsi_client_packets',`
++	gen_require(`
++		type iscsi_client_packet_t;
++	')
++
++	dontaudit $1 iscsi_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive iscsi_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_iscsi_client_packets',`
++	gen_require(`
++		type iscsi_client_packet_t;
++	')
++
++	allow $1 iscsi_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive iscsi_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_iscsi_client_packets',`
++	gen_require(`
++		type iscsi_client_packet_t;
++	')
++
++	dontaudit $1 iscsi_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive iscsi_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_iscsi_client_packets',`
++	corenet_send_iscsi_client_packets($1)
++	corenet_receive_iscsi_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive iscsi_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_iscsi_client_packets',`
++	corenet_dontaudit_send_iscsi_client_packets($1)
++	corenet_dontaudit_receive_iscsi_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to iscsi_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_iscsi_client_packets',`
++	gen_require(`
++		type iscsi_client_packet_t;
++	')
++
++	allow $1 iscsi_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send iscsi_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_iscsi_server_packets',`
++	gen_require(`
++		type iscsi_server_packet_t;
++	')
++
++	allow $1 iscsi_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send iscsi_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_iscsi_server_packets',`
++	gen_require(`
++		type iscsi_server_packet_t;
++	')
++
++	dontaudit $1 iscsi_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive iscsi_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_iscsi_server_packets',`
++	gen_require(`
++		type iscsi_server_packet_t;
++	')
++
++	allow $1 iscsi_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive iscsi_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_iscsi_server_packets',`
++	gen_require(`
++		type iscsi_server_packet_t;
++	')
++
++	dontaudit $1 iscsi_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive iscsi_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_iscsi_server_packets',`
++	corenet_send_iscsi_server_packets($1)
++	corenet_receive_iscsi_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive iscsi_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_iscsi_server_packets',`
++	corenet_dontaudit_send_iscsi_server_packets($1)
++	corenet_dontaudit_receive_iscsi_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to iscsi_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_iscsi_server_packets',`
++	gen_require(`
++		type iscsi_server_packet_t;
++	')
++
++	allow $1 iscsi_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	allow $1 isns_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	allow $1 isns_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	dontaudit $1 isns_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	allow $1 isns_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	dontaudit $1 isns_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_isns_port',`
++	corenet_udp_send_isns_port($1)
++	corenet_udp_receive_isns_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_isns_port',`
++	corenet_dontaudit_udp_send_isns_port($1)
++	corenet_dontaudit_udp_receive_isns_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	allow $1 isns_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	allow $1 isns_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the isns port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_isns_port',`
++	gen_require(`
++		type isns_port_t;
++	')
++
++	allow $1 isns_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send isns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_isns_client_packets',`
++	gen_require(`
++		type isns_client_packet_t;
++	')
++
++	allow $1 isns_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send isns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_isns_client_packets',`
++	gen_require(`
++		type isns_client_packet_t;
++	')
++
++	dontaudit $1 isns_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive isns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_isns_client_packets',`
++	gen_require(`
++		type isns_client_packet_t;
++	')
++
++	allow $1 isns_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive isns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_isns_client_packets',`
++	gen_require(`
++		type isns_client_packet_t;
++	')
++
++	dontaudit $1 isns_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive isns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_isns_client_packets',`
++	corenet_send_isns_client_packets($1)
++	corenet_receive_isns_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive isns_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_isns_client_packets',`
++	corenet_dontaudit_send_isns_client_packets($1)
++	corenet_dontaudit_receive_isns_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to isns_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_isns_client_packets',`
++	gen_require(`
++		type isns_client_packet_t;
++	')
++
++	allow $1 isns_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send isns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_isns_server_packets',`
++	gen_require(`
++		type isns_server_packet_t;
++	')
++
++	allow $1 isns_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send isns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_isns_server_packets',`
++	gen_require(`
++		type isns_server_packet_t;
++	')
++
++	dontaudit $1 isns_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive isns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_isns_server_packets',`
++	gen_require(`
++		type isns_server_packet_t;
++	')
++
++	allow $1 isns_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive isns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_isns_server_packets',`
++	gen_require(`
++		type isns_server_packet_t;
++	')
++
++	dontaudit $1 isns_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive isns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_isns_server_packets',`
++	corenet_send_isns_server_packets($1)
++	corenet_receive_isns_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive isns_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_isns_server_packets',`
++	corenet_dontaudit_send_isns_server_packets($1)
++	corenet_dontaudit_receive_isns_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to isns_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_isns_server_packets',`
++	gen_require(`
++		type isns_server_packet_t;
++	')
++
++	allow $1 isns_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	allow $1 jabber_client_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	allow $1 jabber_client_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	dontaudit $1 jabber_client_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	allow $1 jabber_client_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	dontaudit $1 jabber_client_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_jabber_client_port',`
++	corenet_udp_send_jabber_client_port($1)
++	corenet_udp_receive_jabber_client_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_jabber_client_port',`
++	corenet_dontaudit_udp_send_jabber_client_port($1)
++	corenet_dontaudit_udp_receive_jabber_client_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	allow $1 jabber_client_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	allow $1 jabber_client_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the jabber_client port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_jabber_client_port',`
++	gen_require(`
++		type jabber_client_port_t;
++	')
++
++	allow $1 jabber_client_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send jabber_client_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_jabber_client_client_packets',`
++	gen_require(`
++		type jabber_client_client_packet_t;
++	')
++
++	allow $1 jabber_client_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send jabber_client_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_jabber_client_client_packets',`
++	gen_require(`
++		type jabber_client_client_packet_t;
++	')
++
++	dontaudit $1 jabber_client_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive jabber_client_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_jabber_client_client_packets',`
++	gen_require(`
++		type jabber_client_client_packet_t;
++	')
++
++	allow $1 jabber_client_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive jabber_client_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_jabber_client_client_packets',`
++	gen_require(`
++		type jabber_client_client_packet_t;
++	')
++
++	dontaudit $1 jabber_client_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive jabber_client_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_jabber_client_client_packets',`
++	corenet_send_jabber_client_client_packets($1)
++	corenet_receive_jabber_client_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive jabber_client_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_jabber_client_client_packets',`
++	corenet_dontaudit_send_jabber_client_client_packets($1)
++	corenet_dontaudit_receive_jabber_client_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to jabber_client_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_jabber_client_client_packets',`
++	gen_require(`
++		type jabber_client_client_packet_t;
++	')
++
++	allow $1 jabber_client_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send jabber_client_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_jabber_client_server_packets',`
++	gen_require(`
++		type jabber_client_server_packet_t;
++	')
++
++	allow $1 jabber_client_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send jabber_client_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_jabber_client_server_packets',`
++	gen_require(`
++		type jabber_client_server_packet_t;
++	')
++
++	dontaudit $1 jabber_client_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive jabber_client_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_jabber_client_server_packets',`
++	gen_require(`
++		type jabber_client_server_packet_t;
++	')
++
++	allow $1 jabber_client_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive jabber_client_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_jabber_client_server_packets',`
++	gen_require(`
++		type jabber_client_server_packet_t;
++	')
++
++	dontaudit $1 jabber_client_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive jabber_client_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_jabber_client_server_packets',`
++	corenet_send_jabber_client_server_packets($1)
++	corenet_receive_jabber_client_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive jabber_client_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_jabber_client_server_packets',`
++	corenet_dontaudit_send_jabber_client_server_packets($1)
++	corenet_dontaudit_receive_jabber_client_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to jabber_client_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_jabber_client_server_packets',`
++	gen_require(`
++		type jabber_client_server_packet_t;
++	')
++
++	allow $1 jabber_client_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	allow $1 jabber_interserver_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	allow $1 jabber_interserver_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	dontaudit $1 jabber_interserver_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	allow $1 jabber_interserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	dontaudit $1 jabber_interserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_jabber_interserver_port',`
++	corenet_udp_send_jabber_interserver_port($1)
++	corenet_udp_receive_jabber_interserver_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_jabber_interserver_port',`
++	corenet_dontaudit_udp_send_jabber_interserver_port($1)
++	corenet_dontaudit_udp_receive_jabber_interserver_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	allow $1 jabber_interserver_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	allow $1 jabber_interserver_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the jabber_interserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_jabber_interserver_port',`
++	gen_require(`
++		type jabber_interserver_port_t;
++	')
++
++	allow $1 jabber_interserver_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send jabber_interserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_jabber_interserver_client_packets',`
++	gen_require(`
++		type jabber_interserver_client_packet_t;
++	')
++
++	allow $1 jabber_interserver_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send jabber_interserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_jabber_interserver_client_packets',`
++	gen_require(`
++		type jabber_interserver_client_packet_t;
++	')
++
++	dontaudit $1 jabber_interserver_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive jabber_interserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_jabber_interserver_client_packets',`
++	gen_require(`
++		type jabber_interserver_client_packet_t;
++	')
++
++	allow $1 jabber_interserver_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive jabber_interserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_jabber_interserver_client_packets',`
++	gen_require(`
++		type jabber_interserver_client_packet_t;
++	')
++
++	dontaudit $1 jabber_interserver_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive jabber_interserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_jabber_interserver_client_packets',`
++	corenet_send_jabber_interserver_client_packets($1)
++	corenet_receive_jabber_interserver_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive jabber_interserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_jabber_interserver_client_packets',`
++	corenet_dontaudit_send_jabber_interserver_client_packets($1)
++	corenet_dontaudit_receive_jabber_interserver_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to jabber_interserver_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_jabber_interserver_client_packets',`
++	gen_require(`
++		type jabber_interserver_client_packet_t;
++	')
++
++	allow $1 jabber_interserver_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send jabber_interserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_jabber_interserver_server_packets',`
++	gen_require(`
++		type jabber_interserver_server_packet_t;
++	')
++
++	allow $1 jabber_interserver_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send jabber_interserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_jabber_interserver_server_packets',`
++	gen_require(`
++		type jabber_interserver_server_packet_t;
++	')
++
++	dontaudit $1 jabber_interserver_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive jabber_interserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_jabber_interserver_server_packets',`
++	gen_require(`
++		type jabber_interserver_server_packet_t;
++	')
++
++	allow $1 jabber_interserver_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive jabber_interserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_jabber_interserver_server_packets',`
++	gen_require(`
++		type jabber_interserver_server_packet_t;
++	')
++
++	dontaudit $1 jabber_interserver_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive jabber_interserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_jabber_interserver_server_packets',`
++	corenet_send_jabber_interserver_server_packets($1)
++	corenet_receive_jabber_interserver_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive jabber_interserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_jabber_interserver_server_packets',`
++	corenet_dontaudit_send_jabber_interserver_server_packets($1)
++	corenet_dontaudit_receive_jabber_interserver_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to jabber_interserver_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_jabber_interserver_server_packets',`
++	gen_require(`
++		type jabber_interserver_server_packet_t;
++	')
++
++	allow $1 jabber_interserver_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	allow $1 kerberos_admin_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	allow $1 kerberos_admin_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	dontaudit $1 kerberos_admin_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	allow $1 kerberos_admin_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	dontaudit $1 kerberos_admin_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_kerberos_admin_port',`
++	corenet_udp_send_kerberos_admin_port($1)
++	corenet_udp_receive_kerberos_admin_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_kerberos_admin_port',`
++	corenet_dontaudit_udp_send_kerberos_admin_port($1)
++	corenet_dontaudit_udp_receive_kerberos_admin_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	allow $1 kerberos_admin_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	allow $1 kerberos_admin_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the kerberos_admin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_kerberos_admin_port',`
++	gen_require(`
++		type kerberos_admin_port_t;
++	')
++
++	allow $1 kerberos_admin_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send kerberos_admin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kerberos_admin_client_packets',`
++	gen_require(`
++		type kerberos_admin_client_packet_t;
++	')
++
++	allow $1 kerberos_admin_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kerberos_admin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kerberos_admin_client_packets',`
++	gen_require(`
++		type kerberos_admin_client_packet_t;
++	')
++
++	dontaudit $1 kerberos_admin_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kerberos_admin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kerberos_admin_client_packets',`
++	gen_require(`
++		type kerberos_admin_client_packet_t;
++	')
++
++	allow $1 kerberos_admin_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kerberos_admin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kerberos_admin_client_packets',`
++	gen_require(`
++		type kerberos_admin_client_packet_t;
++	')
++
++	dontaudit $1 kerberos_admin_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kerberos_admin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kerberos_admin_client_packets',`
++	corenet_send_kerberos_admin_client_packets($1)
++	corenet_receive_kerberos_admin_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kerberos_admin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_admin_client_packets',`
++	corenet_dontaudit_send_kerberos_admin_client_packets($1)
++	corenet_dontaudit_receive_kerberos_admin_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kerberos_admin_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kerberos_admin_client_packets',`
++	gen_require(`
++		type kerberos_admin_client_packet_t;
++	')
++
++	allow $1 kerberos_admin_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send kerberos_admin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kerberos_admin_server_packets',`
++	gen_require(`
++		type kerberos_admin_server_packet_t;
++	')
++
++	allow $1 kerberos_admin_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kerberos_admin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kerberos_admin_server_packets',`
++	gen_require(`
++		type kerberos_admin_server_packet_t;
++	')
++
++	dontaudit $1 kerberos_admin_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kerberos_admin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kerberos_admin_server_packets',`
++	gen_require(`
++		type kerberos_admin_server_packet_t;
++	')
++
++	allow $1 kerberos_admin_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kerberos_admin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kerberos_admin_server_packets',`
++	gen_require(`
++		type kerberos_admin_server_packet_t;
++	')
++
++	dontaudit $1 kerberos_admin_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kerberos_admin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kerberos_admin_server_packets',`
++	corenet_send_kerberos_admin_server_packets($1)
++	corenet_receive_kerberos_admin_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kerberos_admin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_admin_server_packets',`
++	corenet_dontaudit_send_kerberos_admin_server_packets($1)
++	corenet_dontaudit_receive_kerberos_admin_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kerberos_admin_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kerberos_admin_server_packets',`
++	gen_require(`
++		type kerberos_admin_server_packet_t;
++	')
++
++	allow $1 kerberos_admin_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	allow $1 kerberos_master_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	allow $1 kerberos_master_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	dontaudit $1 kerberos_master_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	allow $1 kerberos_master_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	dontaudit $1 kerberos_master_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_kerberos_master_port',`
++	corenet_udp_send_kerberos_master_port($1)
++	corenet_udp_receive_kerberos_master_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_kerberos_master_port',`
++	corenet_dontaudit_udp_send_kerberos_master_port($1)
++	corenet_dontaudit_udp_receive_kerberos_master_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	allow $1 kerberos_master_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	allow $1 kerberos_master_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the kerberos_master port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_kerberos_master_port',`
++	gen_require(`
++		type kerberos_master_port_t;
++	')
++
++	allow $1 kerberos_master_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send kerberos_master_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kerberos_master_client_packets',`
++	gen_require(`
++		type kerberos_master_client_packet_t;
++	')
++
++	allow $1 kerberos_master_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kerberos_master_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kerberos_master_client_packets',`
++	gen_require(`
++		type kerberos_master_client_packet_t;
++	')
++
++	dontaudit $1 kerberos_master_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kerberos_master_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kerberos_master_client_packets',`
++	gen_require(`
++		type kerberos_master_client_packet_t;
++	')
++
++	allow $1 kerberos_master_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kerberos_master_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kerberos_master_client_packets',`
++	gen_require(`
++		type kerberos_master_client_packet_t;
++	')
++
++	dontaudit $1 kerberos_master_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kerberos_master_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kerberos_master_client_packets',`
++	corenet_send_kerberos_master_client_packets($1)
++	corenet_receive_kerberos_master_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kerberos_master_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_master_client_packets',`
++	corenet_dontaudit_send_kerberos_master_client_packets($1)
++	corenet_dontaudit_receive_kerberos_master_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kerberos_master_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kerberos_master_client_packets',`
++	gen_require(`
++		type kerberos_master_client_packet_t;
++	')
++
++	allow $1 kerberos_master_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send kerberos_master_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kerberos_master_server_packets',`
++	gen_require(`
++		type kerberos_master_server_packet_t;
++	')
++
++	allow $1 kerberos_master_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kerberos_master_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kerberos_master_server_packets',`
++	gen_require(`
++		type kerberos_master_server_packet_t;
++	')
++
++	dontaudit $1 kerberos_master_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kerberos_master_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kerberos_master_server_packets',`
++	gen_require(`
++		type kerberos_master_server_packet_t;
++	')
++
++	allow $1 kerberos_master_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kerberos_master_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kerberos_master_server_packets',`
++	gen_require(`
++		type kerberos_master_server_packet_t;
++	')
++
++	dontaudit $1 kerberos_master_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kerberos_master_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kerberos_master_server_packets',`
++	corenet_send_kerberos_master_server_packets($1)
++	corenet_receive_kerberos_master_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kerberos_master_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_master_server_packets',`
++	corenet_dontaudit_send_kerberos_master_server_packets($1)
++	corenet_dontaudit_receive_kerberos_master_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kerberos_master_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kerberos_master_server_packets',`
++	gen_require(`
++		type kerberos_master_server_packet_t;
++	')
++
++	allow $1 kerberos_master_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	allow $1 kerberos_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	allow $1 kerberos_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	dontaudit $1 kerberos_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	allow $1 kerberos_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	dontaudit $1 kerberos_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_kerberos_port',`
++	corenet_udp_send_kerberos_port($1)
++	corenet_udp_receive_kerberos_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_kerberos_port',`
++	corenet_dontaudit_udp_send_kerberos_port($1)
++	corenet_dontaudit_udp_receive_kerberos_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	allow $1 kerberos_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	allow $1 kerberos_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the kerberos port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_kerberos_port',`
++	gen_require(`
++		type kerberos_port_t;
++	')
++
++	allow $1 kerberos_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send kerberos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kerberos_client_packets',`
++	gen_require(`
++		type kerberos_client_packet_t;
++	')
++
++	allow $1 kerberos_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kerberos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kerberos_client_packets',`
++	gen_require(`
++		type kerberos_client_packet_t;
++	')
++
++	dontaudit $1 kerberos_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kerberos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kerberos_client_packets',`
++	gen_require(`
++		type kerberos_client_packet_t;
++	')
++
++	allow $1 kerberos_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kerberos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kerberos_client_packets',`
++	gen_require(`
++		type kerberos_client_packet_t;
++	')
++
++	dontaudit $1 kerberos_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kerberos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kerberos_client_packets',`
++	corenet_send_kerberos_client_packets($1)
++	corenet_receive_kerberos_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kerberos_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_client_packets',`
++	corenet_dontaudit_send_kerberos_client_packets($1)
++	corenet_dontaudit_receive_kerberos_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kerberos_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kerberos_client_packets',`
++	gen_require(`
++		type kerberos_client_packet_t;
++	')
++
++	allow $1 kerberos_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send kerberos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kerberos_server_packets',`
++	gen_require(`
++		type kerberos_server_packet_t;
++	')
++
++	allow $1 kerberos_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kerberos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kerberos_server_packets',`
++	gen_require(`
++		type kerberos_server_packet_t;
++	')
++
++	dontaudit $1 kerberos_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kerberos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kerberos_server_packets',`
++	gen_require(`
++		type kerberos_server_packet_t;
++	')
++
++	allow $1 kerberos_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kerberos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kerberos_server_packets',`
++	gen_require(`
++		type kerberos_server_packet_t;
++	')
++
++	dontaudit $1 kerberos_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kerberos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kerberos_server_packets',`
++	corenet_send_kerberos_server_packets($1)
++	corenet_receive_kerberos_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kerberos_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_server_packets',`
++	corenet_dontaudit_send_kerberos_server_packets($1)
++	corenet_dontaudit_receive_kerberos_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kerberos_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kerberos_server_packets',`
++	gen_require(`
++		type kerberos_server_packet_t;
++	')
++
++	allow $1 kerberos_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	allow $1 kismet_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	allow $1 kismet_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	dontaudit $1 kismet_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	allow $1 kismet_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	dontaudit $1 kismet_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_kismet_port',`
++	corenet_udp_send_kismet_port($1)
++	corenet_udp_receive_kismet_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_kismet_port',`
++	corenet_dontaudit_udp_send_kismet_port($1)
++	corenet_dontaudit_udp_receive_kismet_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	allow $1 kismet_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	allow $1 kismet_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the kismet port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_kismet_port',`
++	gen_require(`
++		type kismet_port_t;
++	')
++
++	allow $1 kismet_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send kismet_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kismet_client_packets',`
++	gen_require(`
++		type kismet_client_packet_t;
++	')
++
++	allow $1 kismet_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kismet_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kismet_client_packets',`
++	gen_require(`
++		type kismet_client_packet_t;
++	')
++
++	dontaudit $1 kismet_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kismet_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kismet_client_packets',`
++	gen_require(`
++		type kismet_client_packet_t;
++	')
++
++	allow $1 kismet_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kismet_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kismet_client_packets',`
++	gen_require(`
++		type kismet_client_packet_t;
++	')
++
++	dontaudit $1 kismet_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kismet_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kismet_client_packets',`
++	corenet_send_kismet_client_packets($1)
++	corenet_receive_kismet_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kismet_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kismet_client_packets',`
++	corenet_dontaudit_send_kismet_client_packets($1)
++	corenet_dontaudit_receive_kismet_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kismet_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kismet_client_packets',`
++	gen_require(`
++		type kismet_client_packet_t;
++	')
++
++	allow $1 kismet_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send kismet_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kismet_server_packets',`
++	gen_require(`
++		type kismet_server_packet_t;
++	')
++
++	allow $1 kismet_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kismet_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kismet_server_packets',`
++	gen_require(`
++		type kismet_server_packet_t;
++	')
++
++	dontaudit $1 kismet_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kismet_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kismet_server_packets',`
++	gen_require(`
++		type kismet_server_packet_t;
++	')
++
++	allow $1 kismet_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kismet_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kismet_server_packets',`
++	gen_require(`
++		type kismet_server_packet_t;
++	')
++
++	dontaudit $1 kismet_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kismet_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kismet_server_packets',`
++	corenet_send_kismet_server_packets($1)
++	corenet_receive_kismet_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kismet_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kismet_server_packets',`
++	corenet_dontaudit_send_kismet_server_packets($1)
++	corenet_dontaudit_receive_kismet_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kismet_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kismet_server_packets',`
++	gen_require(`
++		type kismet_server_packet_t;
++	')
++
++	allow $1 kismet_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	allow $1 kprop_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	allow $1 kprop_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	dontaudit $1 kprop_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	allow $1 kprop_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	dontaudit $1 kprop_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_kprop_port',`
++	corenet_udp_send_kprop_port($1)
++	corenet_udp_receive_kprop_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_kprop_port',`
++	corenet_dontaudit_udp_send_kprop_port($1)
++	corenet_dontaudit_udp_receive_kprop_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	allow $1 kprop_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	allow $1 kprop_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the kprop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_kprop_port',`
++	gen_require(`
++		type kprop_port_t;
++	')
++
++	allow $1 kprop_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send kprop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kprop_client_packets',`
++	gen_require(`
++		type kprop_client_packet_t;
++	')
++
++	allow $1 kprop_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kprop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kprop_client_packets',`
++	gen_require(`
++		type kprop_client_packet_t;
++	')
++
++	dontaudit $1 kprop_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kprop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kprop_client_packets',`
++	gen_require(`
++		type kprop_client_packet_t;
++	')
++
++	allow $1 kprop_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kprop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kprop_client_packets',`
++	gen_require(`
++		type kprop_client_packet_t;
++	')
++
++	dontaudit $1 kprop_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kprop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kprop_client_packets',`
++	corenet_send_kprop_client_packets($1)
++	corenet_receive_kprop_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kprop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kprop_client_packets',`
++	corenet_dontaudit_send_kprop_client_packets($1)
++	corenet_dontaudit_receive_kprop_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kprop_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kprop_client_packets',`
++	gen_require(`
++		type kprop_client_packet_t;
++	')
++
++	allow $1 kprop_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send kprop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_kprop_server_packets',`
++	gen_require(`
++		type kprop_server_packet_t;
++	')
++
++	allow $1 kprop_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send kprop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_kprop_server_packets',`
++	gen_require(`
++		type kprop_server_packet_t;
++	')
++
++	dontaudit $1 kprop_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive kprop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_kprop_server_packets',`
++	gen_require(`
++		type kprop_server_packet_t;
++	')
++
++	allow $1 kprop_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive kprop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_kprop_server_packets',`
++	gen_require(`
++		type kprop_server_packet_t;
++	')
++
++	dontaudit $1 kprop_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive kprop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_kprop_server_packets',`
++	corenet_send_kprop_server_packets($1)
++	corenet_receive_kprop_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive kprop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_kprop_server_packets',`
++	corenet_dontaudit_send_kprop_server_packets($1)
++	corenet_dontaudit_receive_kprop_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to kprop_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_kprop_server_packets',`
++	gen_require(`
++		type kprop_server_packet_t;
++	')
++
++	allow $1 kprop_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	allow $1 ktalkd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	allow $1 ktalkd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	dontaudit $1 ktalkd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	allow $1 ktalkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	dontaudit $1 ktalkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ktalkd_port',`
++	corenet_udp_send_ktalkd_port($1)
++	corenet_udp_receive_ktalkd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ktalkd_port',`
++	corenet_dontaudit_udp_send_ktalkd_port($1)
++	corenet_dontaudit_udp_receive_ktalkd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	allow $1 ktalkd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	allow $1 ktalkd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ktalkd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ktalkd_port',`
++	gen_require(`
++		type ktalkd_port_t;
++	')
++
++	allow $1 ktalkd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ktalkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ktalkd_client_packets',`
++	gen_require(`
++		type ktalkd_client_packet_t;
++	')
++
++	allow $1 ktalkd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ktalkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ktalkd_client_packets',`
++	gen_require(`
++		type ktalkd_client_packet_t;
++	')
++
++	dontaudit $1 ktalkd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ktalkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ktalkd_client_packets',`
++	gen_require(`
++		type ktalkd_client_packet_t;
++	')
++
++	allow $1 ktalkd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ktalkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ktalkd_client_packets',`
++	gen_require(`
++		type ktalkd_client_packet_t;
++	')
++
++	dontaudit $1 ktalkd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ktalkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ktalkd_client_packets',`
++	corenet_send_ktalkd_client_packets($1)
++	corenet_receive_ktalkd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ktalkd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ktalkd_client_packets',`
++	corenet_dontaudit_send_ktalkd_client_packets($1)
++	corenet_dontaudit_receive_ktalkd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ktalkd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ktalkd_client_packets',`
++	gen_require(`
++		type ktalkd_client_packet_t;
++	')
++
++	allow $1 ktalkd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ktalkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ktalkd_server_packets',`
++	gen_require(`
++		type ktalkd_server_packet_t;
++	')
++
++	allow $1 ktalkd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ktalkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ktalkd_server_packets',`
++	gen_require(`
++		type ktalkd_server_packet_t;
++	')
++
++	dontaudit $1 ktalkd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ktalkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ktalkd_server_packets',`
++	gen_require(`
++		type ktalkd_server_packet_t;
++	')
++
++	allow $1 ktalkd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ktalkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ktalkd_server_packets',`
++	gen_require(`
++		type ktalkd_server_packet_t;
++	')
++
++	dontaudit $1 ktalkd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ktalkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ktalkd_server_packets',`
++	corenet_send_ktalkd_server_packets($1)
++	corenet_receive_ktalkd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ktalkd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ktalkd_server_packets',`
++	corenet_dontaudit_send_ktalkd_server_packets($1)
++	corenet_dontaudit_receive_ktalkd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ktalkd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ktalkd_server_packets',`
++	gen_require(`
++		type ktalkd_server_packet_t;
++	')
++
++	allow $1 ktalkd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	allow $1 ldap_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	dontaudit $1 ldap_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	allow $1 ldap_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	dontaudit $1 ldap_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ldap_port',`
++	corenet_udp_send_ldap_port($1)
++	corenet_udp_receive_ldap_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ldap_port',`
++	corenet_dontaudit_udp_send_ldap_port($1)
++	corenet_dontaudit_udp_receive_ldap_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	allow $1 ldap_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	allow $1 ldap_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ldap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ldap_port',`
++	gen_require(`
++		type ldap_port_t;
++	')
++
++	allow $1 ldap_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ldap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ldap_client_packets',`
++	gen_require(`
++		type ldap_client_packet_t;
++	')
++
++	allow $1 ldap_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ldap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ldap_client_packets',`
++	gen_require(`
++		type ldap_client_packet_t;
++	')
++
++	dontaudit $1 ldap_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ldap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ldap_client_packets',`
++	gen_require(`
++		type ldap_client_packet_t;
++	')
++
++	allow $1 ldap_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ldap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ldap_client_packets',`
++	gen_require(`
++		type ldap_client_packet_t;
++	')
++
++	dontaudit $1 ldap_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ldap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ldap_client_packets',`
++	corenet_send_ldap_client_packets($1)
++	corenet_receive_ldap_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ldap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ldap_client_packets',`
++	corenet_dontaudit_send_ldap_client_packets($1)
++	corenet_dontaudit_receive_ldap_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ldap_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ldap_client_packets',`
++	gen_require(`
++		type ldap_client_packet_t;
++	')
++
++	allow $1 ldap_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ldap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ldap_server_packets',`
++	gen_require(`
++		type ldap_server_packet_t;
++	')
++
++	allow $1 ldap_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ldap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ldap_server_packets',`
++	gen_require(`
++		type ldap_server_packet_t;
++	')
++
++	dontaudit $1 ldap_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ldap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ldap_server_packets',`
++	gen_require(`
++		type ldap_server_packet_t;
++	')
++
++	allow $1 ldap_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ldap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ldap_server_packets',`
++	gen_require(`
++		type ldap_server_packet_t;
++	')
++
++	dontaudit $1 ldap_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ldap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ldap_server_packets',`
++	corenet_send_ldap_server_packets($1)
++	corenet_receive_ldap_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ldap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ldap_server_packets',`
++	corenet_dontaudit_send_ldap_server_packets($1)
++	corenet_dontaudit_receive_ldap_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ldap_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ldap_server_packets',`
++	gen_require(`
++		type ldap_server_packet_t;
++	')
++
++	allow $1 ldap_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	allow $1 lmtp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	allow $1 lmtp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	dontaudit $1 lmtp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	allow $1 lmtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	dontaudit $1 lmtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_lmtp_port',`
++	corenet_udp_send_lmtp_port($1)
++	corenet_udp_receive_lmtp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_lmtp_port',`
++	corenet_dontaudit_udp_send_lmtp_port($1)
++	corenet_dontaudit_udp_receive_lmtp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	allow $1 lmtp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	allow $1 lmtp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the lmtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_lmtp_port',`
++	gen_require(`
++		type lmtp_port_t;
++	')
++
++	allow $1 lmtp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send lmtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_lmtp_client_packets',`
++	gen_require(`
++		type lmtp_client_packet_t;
++	')
++
++	allow $1 lmtp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send lmtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_lmtp_client_packets',`
++	gen_require(`
++		type lmtp_client_packet_t;
++	')
++
++	dontaudit $1 lmtp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive lmtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_lmtp_client_packets',`
++	gen_require(`
++		type lmtp_client_packet_t;
++	')
++
++	allow $1 lmtp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive lmtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_lmtp_client_packets',`
++	gen_require(`
++		type lmtp_client_packet_t;
++	')
++
++	dontaudit $1 lmtp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive lmtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_lmtp_client_packets',`
++	corenet_send_lmtp_client_packets($1)
++	corenet_receive_lmtp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive lmtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_lmtp_client_packets',`
++	corenet_dontaudit_send_lmtp_client_packets($1)
++	corenet_dontaudit_receive_lmtp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to lmtp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_lmtp_client_packets',`
++	gen_require(`
++		type lmtp_client_packet_t;
++	')
++
++	allow $1 lmtp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send lmtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_lmtp_server_packets',`
++	gen_require(`
++		type lmtp_server_packet_t;
++	')
++
++	allow $1 lmtp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send lmtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_lmtp_server_packets',`
++	gen_require(`
++		type lmtp_server_packet_t;
++	')
++
++	dontaudit $1 lmtp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive lmtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_lmtp_server_packets',`
++	gen_require(`
++		type lmtp_server_packet_t;
++	')
++
++	allow $1 lmtp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive lmtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_lmtp_server_packets',`
++	gen_require(`
++		type lmtp_server_packet_t;
++	')
++
++	dontaudit $1 lmtp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive lmtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_lmtp_server_packets',`
++	corenet_send_lmtp_server_packets($1)
++	corenet_receive_lmtp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive lmtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_lmtp_server_packets',`
++	corenet_dontaudit_send_lmtp_server_packets($1)
++	corenet_dontaudit_receive_lmtp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to lmtp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_lmtp_server_packets',`
++	gen_require(`
++		type lmtp_server_packet_t;
++	')
++
++	allow $1 lmtp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	allow $1 mail_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	allow $1 mail_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	dontaudit $1 mail_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	allow $1 mail_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	dontaudit $1 mail_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_mail_port',`
++	corenet_udp_send_mail_port($1)
++	corenet_udp_receive_mail_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_mail_port',`
++	corenet_dontaudit_udp_send_mail_port($1)
++	corenet_dontaudit_udp_receive_mail_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	allow $1 mail_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	allow $1 mail_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the mail port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_mail_port',`
++	gen_require(`
++		type mail_port_t;
++	')
++
++	allow $1 mail_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send mail_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mail_client_packets',`
++	gen_require(`
++		type mail_client_packet_t;
++	')
++
++	allow $1 mail_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mail_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mail_client_packets',`
++	gen_require(`
++		type mail_client_packet_t;
++	')
++
++	dontaudit $1 mail_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mail_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mail_client_packets',`
++	gen_require(`
++		type mail_client_packet_t;
++	')
++
++	allow $1 mail_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mail_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mail_client_packets',`
++	gen_require(`
++		type mail_client_packet_t;
++	')
++
++	dontaudit $1 mail_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mail_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mail_client_packets',`
++	corenet_send_mail_client_packets($1)
++	corenet_receive_mail_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mail_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mail_client_packets',`
++	corenet_dontaudit_send_mail_client_packets($1)
++	corenet_dontaudit_receive_mail_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mail_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mail_client_packets',`
++	gen_require(`
++		type mail_client_packet_t;
++	')
++
++	allow $1 mail_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send mail_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mail_server_packets',`
++	gen_require(`
++		type mail_server_packet_t;
++	')
++
++	allow $1 mail_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mail_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mail_server_packets',`
++	gen_require(`
++		type mail_server_packet_t;
++	')
++
++	dontaudit $1 mail_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mail_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mail_server_packets',`
++	gen_require(`
++		type mail_server_packet_t;
++	')
++
++	allow $1 mail_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mail_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mail_server_packets',`
++	gen_require(`
++		type mail_server_packet_t;
++	')
++
++	dontaudit $1 mail_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mail_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mail_server_packets',`
++	corenet_send_mail_server_packets($1)
++	corenet_receive_mail_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mail_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mail_server_packets',`
++	corenet_dontaudit_send_mail_server_packets($1)
++	corenet_dontaudit_receive_mail_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mail_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mail_server_packets',`
++	gen_require(`
++		type mail_server_packet_t;
++	')
++
++	allow $1 mail_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	allow $1 mmcc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	allow $1 mmcc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	dontaudit $1 mmcc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	allow $1 mmcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	dontaudit $1 mmcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_mmcc_port',`
++	corenet_udp_send_mmcc_port($1)
++	corenet_udp_receive_mmcc_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_mmcc_port',`
++	corenet_dontaudit_udp_send_mmcc_port($1)
++	corenet_dontaudit_udp_receive_mmcc_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	allow $1 mmcc_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	allow $1 mmcc_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the mmcc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_mmcc_port',`
++	gen_require(`
++		type mmcc_port_t;
++	')
++
++	allow $1 mmcc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send mmcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mmcc_client_packets',`
++	gen_require(`
++		type mmcc_client_packet_t;
++	')
++
++	allow $1 mmcc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mmcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mmcc_client_packets',`
++	gen_require(`
++		type mmcc_client_packet_t;
++	')
++
++	dontaudit $1 mmcc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mmcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mmcc_client_packets',`
++	gen_require(`
++		type mmcc_client_packet_t;
++	')
++
++	allow $1 mmcc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mmcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mmcc_client_packets',`
++	gen_require(`
++		type mmcc_client_packet_t;
++	')
++
++	dontaudit $1 mmcc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mmcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mmcc_client_packets',`
++	corenet_send_mmcc_client_packets($1)
++	corenet_receive_mmcc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mmcc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mmcc_client_packets',`
++	corenet_dontaudit_send_mmcc_client_packets($1)
++	corenet_dontaudit_receive_mmcc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mmcc_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mmcc_client_packets',`
++	gen_require(`
++		type mmcc_client_packet_t;
++	')
++
++	allow $1 mmcc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send mmcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mmcc_server_packets',`
++	gen_require(`
++		type mmcc_server_packet_t;
++	')
++
++	allow $1 mmcc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mmcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mmcc_server_packets',`
++	gen_require(`
++		type mmcc_server_packet_t;
++	')
++
++	dontaudit $1 mmcc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mmcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mmcc_server_packets',`
++	gen_require(`
++		type mmcc_server_packet_t;
++	')
++
++	allow $1 mmcc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mmcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mmcc_server_packets',`
++	gen_require(`
++		type mmcc_server_packet_t;
++	')
++
++	dontaudit $1 mmcc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mmcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mmcc_server_packets',`
++	corenet_send_mmcc_server_packets($1)
++	corenet_receive_mmcc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mmcc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mmcc_server_packets',`
++	corenet_dontaudit_send_mmcc_server_packets($1)
++	corenet_dontaudit_receive_mmcc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mmcc_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mmcc_server_packets',`
++	gen_require(`
++		type mmcc_server_packet_t;
++	')
++
++	allow $1 mmcc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	allow $1 monopd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	allow $1 monopd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	dontaudit $1 monopd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	allow $1 monopd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	dontaudit $1 monopd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_monopd_port',`
++	corenet_udp_send_monopd_port($1)
++	corenet_udp_receive_monopd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_monopd_port',`
++	corenet_dontaudit_udp_send_monopd_port($1)
++	corenet_dontaudit_udp_receive_monopd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	allow $1 monopd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	allow $1 monopd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the monopd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_monopd_port',`
++	gen_require(`
++		type monopd_port_t;
++	')
++
++	allow $1 monopd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send monopd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_monopd_client_packets',`
++	gen_require(`
++		type monopd_client_packet_t;
++	')
++
++	allow $1 monopd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send monopd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_monopd_client_packets',`
++	gen_require(`
++		type monopd_client_packet_t;
++	')
++
++	dontaudit $1 monopd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive monopd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_monopd_client_packets',`
++	gen_require(`
++		type monopd_client_packet_t;
++	')
++
++	allow $1 monopd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive monopd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_monopd_client_packets',`
++	gen_require(`
++		type monopd_client_packet_t;
++	')
++
++	dontaudit $1 monopd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive monopd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_monopd_client_packets',`
++	corenet_send_monopd_client_packets($1)
++	corenet_receive_monopd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive monopd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_monopd_client_packets',`
++	corenet_dontaudit_send_monopd_client_packets($1)
++	corenet_dontaudit_receive_monopd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to monopd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_monopd_client_packets',`
++	gen_require(`
++		type monopd_client_packet_t;
++	')
++
++	allow $1 monopd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send monopd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_monopd_server_packets',`
++	gen_require(`
++		type monopd_server_packet_t;
++	')
++
++	allow $1 monopd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send monopd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_monopd_server_packets',`
++	gen_require(`
++		type monopd_server_packet_t;
++	')
++
++	dontaudit $1 monopd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive monopd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_monopd_server_packets',`
++	gen_require(`
++		type monopd_server_packet_t;
++	')
++
++	allow $1 monopd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive monopd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_monopd_server_packets',`
++	gen_require(`
++		type monopd_server_packet_t;
++	')
++
++	dontaudit $1 monopd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive monopd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_monopd_server_packets',`
++	corenet_send_monopd_server_packets($1)
++	corenet_receive_monopd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive monopd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_monopd_server_packets',`
++	corenet_dontaudit_send_monopd_server_packets($1)
++	corenet_dontaudit_receive_monopd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to monopd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_monopd_server_packets',`
++	gen_require(`
++		type monopd_server_packet_t;
++	')
++
++	allow $1 monopd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	allow $1 msnp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	allow $1 msnp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	dontaudit $1 msnp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	allow $1 msnp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	dontaudit $1 msnp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_msnp_port',`
++	corenet_udp_send_msnp_port($1)
++	corenet_udp_receive_msnp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_msnp_port',`
++	corenet_dontaudit_udp_send_msnp_port($1)
++	corenet_dontaudit_udp_receive_msnp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	allow $1 msnp_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	allow $1 msnp_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the msnp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_msnp_port',`
++	gen_require(`
++		type msnp_port_t;
++	')
++
++	allow $1 msnp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send msnp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_msnp_client_packets',`
++	gen_require(`
++		type msnp_client_packet_t;
++	')
++
++	allow $1 msnp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send msnp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_msnp_client_packets',`
++	gen_require(`
++		type msnp_client_packet_t;
++	')
++
++	dontaudit $1 msnp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive msnp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_msnp_client_packets',`
++	gen_require(`
++		type msnp_client_packet_t;
++	')
++
++	allow $1 msnp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive msnp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_msnp_client_packets',`
++	gen_require(`
++		type msnp_client_packet_t;
++	')
++
++	dontaudit $1 msnp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive msnp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_msnp_client_packets',`
++	corenet_send_msnp_client_packets($1)
++	corenet_receive_msnp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive msnp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_msnp_client_packets',`
++	corenet_dontaudit_send_msnp_client_packets($1)
++	corenet_dontaudit_receive_msnp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to msnp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_msnp_client_packets',`
++	gen_require(`
++		type msnp_client_packet_t;
++	')
++
++	allow $1 msnp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send msnp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_msnp_server_packets',`
++	gen_require(`
++		type msnp_server_packet_t;
++	')
++
++	allow $1 msnp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send msnp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_msnp_server_packets',`
++	gen_require(`
++		type msnp_server_packet_t;
++	')
++
++	dontaudit $1 msnp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive msnp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_msnp_server_packets',`
++	gen_require(`
++		type msnp_server_packet_t;
++	')
++
++	allow $1 msnp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive msnp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_msnp_server_packets',`
++	gen_require(`
++		type msnp_server_packet_t;
++	')
++
++	dontaudit $1 msnp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive msnp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_msnp_server_packets',`
++	corenet_send_msnp_server_packets($1)
++	corenet_receive_msnp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive msnp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_msnp_server_packets',`
++	corenet_dontaudit_send_msnp_server_packets($1)
++	corenet_dontaudit_receive_msnp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to msnp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_msnp_server_packets',`
++	gen_require(`
++		type msnp_server_packet_t;
++	')
++
++	allow $1 msnp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	allow $1 munin_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	allow $1 munin_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	dontaudit $1 munin_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	allow $1 munin_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	dontaudit $1 munin_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_munin_port',`
++	corenet_udp_send_munin_port($1)
++	corenet_udp_receive_munin_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_munin_port',`
++	corenet_dontaudit_udp_send_munin_port($1)
++	corenet_dontaudit_udp_receive_munin_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	allow $1 munin_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	allow $1 munin_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the munin port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_munin_port',`
++	gen_require(`
++		type munin_port_t;
++	')
++
++	allow $1 munin_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send munin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_munin_client_packets',`
++	gen_require(`
++		type munin_client_packet_t;
++	')
++
++	allow $1 munin_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send munin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_munin_client_packets',`
++	gen_require(`
++		type munin_client_packet_t;
++	')
++
++	dontaudit $1 munin_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive munin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_munin_client_packets',`
++	gen_require(`
++		type munin_client_packet_t;
++	')
++
++	allow $1 munin_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive munin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_munin_client_packets',`
++	gen_require(`
++		type munin_client_packet_t;
++	')
++
++	dontaudit $1 munin_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive munin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_munin_client_packets',`
++	corenet_send_munin_client_packets($1)
++	corenet_receive_munin_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive munin_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_munin_client_packets',`
++	corenet_dontaudit_send_munin_client_packets($1)
++	corenet_dontaudit_receive_munin_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to munin_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_munin_client_packets',`
++	gen_require(`
++		type munin_client_packet_t;
++	')
++
++	allow $1 munin_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send munin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_munin_server_packets',`
++	gen_require(`
++		type munin_server_packet_t;
++	')
++
++	allow $1 munin_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send munin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_munin_server_packets',`
++	gen_require(`
++		type munin_server_packet_t;
++	')
++
++	dontaudit $1 munin_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive munin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_munin_server_packets',`
++	gen_require(`
++		type munin_server_packet_t;
++	')
++
++	allow $1 munin_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive munin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_munin_server_packets',`
++	gen_require(`
++		type munin_server_packet_t;
++	')
++
++	dontaudit $1 munin_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive munin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_munin_server_packets',`
++	corenet_send_munin_server_packets($1)
++	corenet_receive_munin_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive munin_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_munin_server_packets',`
++	corenet_dontaudit_send_munin_server_packets($1)
++	corenet_dontaudit_receive_munin_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to munin_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_munin_server_packets',`
++	gen_require(`
++		type munin_server_packet_t;
++	')
++
++	allow $1 munin_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	allow $1 mythtv_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	allow $1 mythtv_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	dontaudit $1 mythtv_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	allow $1 mythtv_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	dontaudit $1 mythtv_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_mythtv_port',`
++	corenet_udp_send_mythtv_port($1)
++	corenet_udp_receive_mythtv_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_mythtv_port',`
++	corenet_dontaudit_udp_send_mythtv_port($1)
++	corenet_dontaudit_udp_receive_mythtv_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	allow $1 mythtv_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	allow $1 mythtv_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the mythtv port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_mythtv_port',`
++	gen_require(`
++		type mythtv_port_t;
++	')
++
++	allow $1 mythtv_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send mythtv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mythtv_client_packets',`
++	gen_require(`
++		type mythtv_client_packet_t;
++	')
++
++	allow $1 mythtv_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mythtv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mythtv_client_packets',`
++	gen_require(`
++		type mythtv_client_packet_t;
++	')
++
++	dontaudit $1 mythtv_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mythtv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mythtv_client_packets',`
++	gen_require(`
++		type mythtv_client_packet_t;
++	')
++
++	allow $1 mythtv_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mythtv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mythtv_client_packets',`
++	gen_require(`
++		type mythtv_client_packet_t;
++	')
++
++	dontaudit $1 mythtv_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mythtv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mythtv_client_packets',`
++	corenet_send_mythtv_client_packets($1)
++	corenet_receive_mythtv_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mythtv_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mythtv_client_packets',`
++	corenet_dontaudit_send_mythtv_client_packets($1)
++	corenet_dontaudit_receive_mythtv_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mythtv_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mythtv_client_packets',`
++	gen_require(`
++		type mythtv_client_packet_t;
++	')
++
++	allow $1 mythtv_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send mythtv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mythtv_server_packets',`
++	gen_require(`
++		type mythtv_server_packet_t;
++	')
++
++	allow $1 mythtv_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mythtv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mythtv_server_packets',`
++	gen_require(`
++		type mythtv_server_packet_t;
++	')
++
++	dontaudit $1 mythtv_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mythtv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mythtv_server_packets',`
++	gen_require(`
++		type mythtv_server_packet_t;
++	')
++
++	allow $1 mythtv_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mythtv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mythtv_server_packets',`
++	gen_require(`
++		type mythtv_server_packet_t;
++	')
++
++	dontaudit $1 mythtv_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mythtv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mythtv_server_packets',`
++	corenet_send_mythtv_server_packets($1)
++	corenet_receive_mythtv_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mythtv_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mythtv_server_packets',`
++	corenet_dontaudit_send_mythtv_server_packets($1)
++	corenet_dontaudit_receive_mythtv_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mythtv_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mythtv_server_packets',`
++	gen_require(`
++		type mythtv_server_packet_t;
++	')
++
++	allow $1 mythtv_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	allow $1 mysqld_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	allow $1 mysqld_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	dontaudit $1 mysqld_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	allow $1 mysqld_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	dontaudit $1 mysqld_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_mysqld_port',`
++	corenet_udp_send_mysqld_port($1)
++	corenet_udp_receive_mysqld_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_mysqld_port',`
++	corenet_dontaudit_udp_send_mysqld_port($1)
++	corenet_dontaudit_udp_receive_mysqld_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	allow $1 mysqld_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	allow $1 mysqld_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the mysqld port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_mysqld_port',`
++	gen_require(`
++		type mysqld_port_t;
++	')
++
++	allow $1 mysqld_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send mysqld_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mysqld_client_packets',`
++	gen_require(`
++		type mysqld_client_packet_t;
++	')
++
++	allow $1 mysqld_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mysqld_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mysqld_client_packets',`
++	gen_require(`
++		type mysqld_client_packet_t;
++	')
++
++	dontaudit $1 mysqld_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mysqld_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mysqld_client_packets',`
++	gen_require(`
++		type mysqld_client_packet_t;
++	')
++
++	allow $1 mysqld_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mysqld_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mysqld_client_packets',`
++	gen_require(`
++		type mysqld_client_packet_t;
++	')
++
++	dontaudit $1 mysqld_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mysqld_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mysqld_client_packets',`
++	corenet_send_mysqld_client_packets($1)
++	corenet_receive_mysqld_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mysqld_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mysqld_client_packets',`
++	corenet_dontaudit_send_mysqld_client_packets($1)
++	corenet_dontaudit_receive_mysqld_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mysqld_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mysqld_client_packets',`
++	gen_require(`
++		type mysqld_client_packet_t;
++	')
++
++	allow $1 mysqld_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send mysqld_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_mysqld_server_packets',`
++	gen_require(`
++		type mysqld_server_packet_t;
++	')
++
++	allow $1 mysqld_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send mysqld_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_mysqld_server_packets',`
++	gen_require(`
++		type mysqld_server_packet_t;
++	')
++
++	dontaudit $1 mysqld_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive mysqld_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_mysqld_server_packets',`
++	gen_require(`
++		type mysqld_server_packet_t;
++	')
++
++	allow $1 mysqld_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive mysqld_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_mysqld_server_packets',`
++	gen_require(`
++		type mysqld_server_packet_t;
++	')
++
++	dontaudit $1 mysqld_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive mysqld_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_mysqld_server_packets',`
++	corenet_send_mysqld_server_packets($1)
++	corenet_receive_mysqld_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive mysqld_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_mysqld_server_packets',`
++	corenet_dontaudit_send_mysqld_server_packets($1)
++	corenet_dontaudit_receive_mysqld_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to mysqld_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_mysqld_server_packets',`
++	gen_require(`
++		type mysqld_server_packet_t;
++	')
++
++	allow $1 mysqld_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	allow $1 nessus_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	allow $1 nessus_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	dontaudit $1 nessus_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	allow $1 nessus_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	dontaudit $1 nessus_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_nessus_port',`
++	corenet_udp_send_nessus_port($1)
++	corenet_udp_receive_nessus_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_nessus_port',`
++	corenet_dontaudit_udp_send_nessus_port($1)
++	corenet_dontaudit_udp_receive_nessus_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	allow $1 nessus_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	allow $1 nessus_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the nessus port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_nessus_port',`
++	gen_require(`
++		type nessus_port_t;
++	')
++
++	allow $1 nessus_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send nessus_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_nessus_client_packets',`
++	gen_require(`
++		type nessus_client_packet_t;
++	')
++
++	allow $1 nessus_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send nessus_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_nessus_client_packets',`
++	gen_require(`
++		type nessus_client_packet_t;
++	')
++
++	dontaudit $1 nessus_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive nessus_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_nessus_client_packets',`
++	gen_require(`
++		type nessus_client_packet_t;
++	')
++
++	allow $1 nessus_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive nessus_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_nessus_client_packets',`
++	gen_require(`
++		type nessus_client_packet_t;
++	')
++
++	dontaudit $1 nessus_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive nessus_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_nessus_client_packets',`
++	corenet_send_nessus_client_packets($1)
++	corenet_receive_nessus_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive nessus_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_nessus_client_packets',`
++	corenet_dontaudit_send_nessus_client_packets($1)
++	corenet_dontaudit_receive_nessus_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to nessus_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_nessus_client_packets',`
++	gen_require(`
++		type nessus_client_packet_t;
++	')
++
++	allow $1 nessus_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send nessus_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_nessus_server_packets',`
++	gen_require(`
++		type nessus_server_packet_t;
++	')
++
++	allow $1 nessus_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send nessus_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_nessus_server_packets',`
++	gen_require(`
++		type nessus_server_packet_t;
++	')
++
++	dontaudit $1 nessus_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive nessus_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_nessus_server_packets',`
++	gen_require(`
++		type nessus_server_packet_t;
++	')
++
++	allow $1 nessus_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive nessus_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_nessus_server_packets',`
++	gen_require(`
++		type nessus_server_packet_t;
++	')
++
++	dontaudit $1 nessus_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive nessus_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_nessus_server_packets',`
++	corenet_send_nessus_server_packets($1)
++	corenet_receive_nessus_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive nessus_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_nessus_server_packets',`
++	corenet_dontaudit_send_nessus_server_packets($1)
++	corenet_dontaudit_receive_nessus_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to nessus_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_nessus_server_packets',`
++	gen_require(`
++		type nessus_server_packet_t;
++	')
++
++	allow $1 nessus_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	allow $1 netsupport_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	allow $1 netsupport_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	dontaudit $1 netsupport_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	allow $1 netsupport_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	dontaudit $1 netsupport_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_netsupport_port',`
++	corenet_udp_send_netsupport_port($1)
++	corenet_udp_receive_netsupport_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_netsupport_port',`
++	corenet_dontaudit_udp_send_netsupport_port($1)
++	corenet_dontaudit_udp_receive_netsupport_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	allow $1 netsupport_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	allow $1 netsupport_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the netsupport port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_netsupport_port',`
++	gen_require(`
++		type netsupport_port_t;
++	')
++
++	allow $1 netsupport_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send netsupport_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_netsupport_client_packets',`
++	gen_require(`
++		type netsupport_client_packet_t;
++	')
++
++	allow $1 netsupport_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send netsupport_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_netsupport_client_packets',`
++	gen_require(`
++		type netsupport_client_packet_t;
++	')
++
++	dontaudit $1 netsupport_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive netsupport_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_netsupport_client_packets',`
++	gen_require(`
++		type netsupport_client_packet_t;
++	')
++
++	allow $1 netsupport_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive netsupport_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_netsupport_client_packets',`
++	gen_require(`
++		type netsupport_client_packet_t;
++	')
++
++	dontaudit $1 netsupport_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive netsupport_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_netsupport_client_packets',`
++	corenet_send_netsupport_client_packets($1)
++	corenet_receive_netsupport_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive netsupport_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_netsupport_client_packets',`
++	corenet_dontaudit_send_netsupport_client_packets($1)
++	corenet_dontaudit_receive_netsupport_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to netsupport_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_netsupport_client_packets',`
++	gen_require(`
++		type netsupport_client_packet_t;
++	')
++
++	allow $1 netsupport_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send netsupport_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_netsupport_server_packets',`
++	gen_require(`
++		type netsupport_server_packet_t;
++	')
++
++	allow $1 netsupport_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send netsupport_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_netsupport_server_packets',`
++	gen_require(`
++		type netsupport_server_packet_t;
++	')
++
++	dontaudit $1 netsupport_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive netsupport_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_netsupport_server_packets',`
++	gen_require(`
++		type netsupport_server_packet_t;
++	')
++
++	allow $1 netsupport_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive netsupport_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_netsupport_server_packets',`
++	gen_require(`
++		type netsupport_server_packet_t;
++	')
++
++	dontaudit $1 netsupport_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive netsupport_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_netsupport_server_packets',`
++	corenet_send_netsupport_server_packets($1)
++	corenet_receive_netsupport_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive netsupport_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_netsupport_server_packets',`
++	corenet_dontaudit_send_netsupport_server_packets($1)
++	corenet_dontaudit_receive_netsupport_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to netsupport_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_netsupport_server_packets',`
++	gen_require(`
++		type netsupport_server_packet_t;
++	')
++
++	allow $1 netsupport_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	allow $1 nmbd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	allow $1 nmbd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	dontaudit $1 nmbd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	allow $1 nmbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	dontaudit $1 nmbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_nmbd_port',`
++	corenet_udp_send_nmbd_port($1)
++	corenet_udp_receive_nmbd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_nmbd_port',`
++	corenet_dontaudit_udp_send_nmbd_port($1)
++	corenet_dontaudit_udp_receive_nmbd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	allow $1 nmbd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	allow $1 nmbd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the nmbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_nmbd_port',`
++	gen_require(`
++		type nmbd_port_t;
++	')
++
++	allow $1 nmbd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send nmbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_nmbd_client_packets',`
++	gen_require(`
++		type nmbd_client_packet_t;
++	')
++
++	allow $1 nmbd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send nmbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_nmbd_client_packets',`
++	gen_require(`
++		type nmbd_client_packet_t;
++	')
++
++	dontaudit $1 nmbd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive nmbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_nmbd_client_packets',`
++	gen_require(`
++		type nmbd_client_packet_t;
++	')
++
++	allow $1 nmbd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive nmbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_nmbd_client_packets',`
++	gen_require(`
++		type nmbd_client_packet_t;
++	')
++
++	dontaudit $1 nmbd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive nmbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_nmbd_client_packets',`
++	corenet_send_nmbd_client_packets($1)
++	corenet_receive_nmbd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive nmbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_nmbd_client_packets',`
++	corenet_dontaudit_send_nmbd_client_packets($1)
++	corenet_dontaudit_receive_nmbd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to nmbd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_nmbd_client_packets',`
++	gen_require(`
++		type nmbd_client_packet_t;
++	')
++
++	allow $1 nmbd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send nmbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_nmbd_server_packets',`
++	gen_require(`
++		type nmbd_server_packet_t;
++	')
++
++	allow $1 nmbd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send nmbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_nmbd_server_packets',`
++	gen_require(`
++		type nmbd_server_packet_t;
++	')
++
++	dontaudit $1 nmbd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive nmbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_nmbd_server_packets',`
++	gen_require(`
++		type nmbd_server_packet_t;
++	')
++
++	allow $1 nmbd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive nmbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_nmbd_server_packets',`
++	gen_require(`
++		type nmbd_server_packet_t;
++	')
++
++	dontaudit $1 nmbd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive nmbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_nmbd_server_packets',`
++	corenet_send_nmbd_server_packets($1)
++	corenet_receive_nmbd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive nmbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_nmbd_server_packets',`
++	corenet_dontaudit_send_nmbd_server_packets($1)
++	corenet_dontaudit_receive_nmbd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to nmbd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_nmbd_server_packets',`
++	gen_require(`
++		type nmbd_server_packet_t;
++	')
++
++	allow $1 nmbd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	allow $1 ntp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	allow $1 ntp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	dontaudit $1 ntp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	allow $1 ntp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	dontaudit $1 ntp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ntp_port',`
++	corenet_udp_send_ntp_port($1)
++	corenet_udp_receive_ntp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ntp_port',`
++	corenet_dontaudit_udp_send_ntp_port($1)
++	corenet_dontaudit_udp_receive_ntp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	allow $1 ntp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	allow $1 ntp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ntp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ntp_port',`
++	gen_require(`
++		type ntp_port_t;
++	')
++
++	allow $1 ntp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ntp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ntp_client_packets',`
++	gen_require(`
++		type ntp_client_packet_t;
++	')
++
++	allow $1 ntp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ntp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ntp_client_packets',`
++	gen_require(`
++		type ntp_client_packet_t;
++	')
++
++	dontaudit $1 ntp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ntp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ntp_client_packets',`
++	gen_require(`
++		type ntp_client_packet_t;
++	')
++
++	allow $1 ntp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ntp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ntp_client_packets',`
++	gen_require(`
++		type ntp_client_packet_t;
++	')
++
++	dontaudit $1 ntp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ntp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ntp_client_packets',`
++	corenet_send_ntp_client_packets($1)
++	corenet_receive_ntp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ntp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ntp_client_packets',`
++	corenet_dontaudit_send_ntp_client_packets($1)
++	corenet_dontaudit_receive_ntp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ntp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ntp_client_packets',`
++	gen_require(`
++		type ntp_client_packet_t;
++	')
++
++	allow $1 ntp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ntp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ntp_server_packets',`
++	gen_require(`
++		type ntp_server_packet_t;
++	')
++
++	allow $1 ntp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ntp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ntp_server_packets',`
++	gen_require(`
++		type ntp_server_packet_t;
++	')
++
++	dontaudit $1 ntp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ntp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ntp_server_packets',`
++	gen_require(`
++		type ntp_server_packet_t;
++	')
++
++	allow $1 ntp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ntp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ntp_server_packets',`
++	gen_require(`
++		type ntp_server_packet_t;
++	')
++
++	dontaudit $1 ntp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ntp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ntp_server_packets',`
++	corenet_send_ntp_server_packets($1)
++	corenet_receive_ntp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ntp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ntp_server_packets',`
++	corenet_dontaudit_send_ntp_server_packets($1)
++	corenet_dontaudit_receive_ntp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ntp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ntp_server_packets',`
++	gen_require(`
++		type ntp_server_packet_t;
++	')
++
++	allow $1 ntp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	allow $1 ocsp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	allow $1 ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	dontaudit $1 ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	allow $1 ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	dontaudit $1 ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ocsp_port',`
++	corenet_udp_send_ocsp_port($1)
++	corenet_udp_receive_ocsp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ocsp_port',`
++	corenet_dontaudit_udp_send_ocsp_port($1)
++	corenet_dontaudit_udp_receive_ocsp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	allow $1 ocsp_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	allow $1 ocsp_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ocsp_port',`
++	gen_require(`
++		type ocsp_port_t;
++	')
++
++	allow $1 ocsp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ocsp_client_packets',`
++	gen_require(`
++		type ocsp_client_packet_t;
++	')
++
++	allow $1 ocsp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ocsp_client_packets',`
++	gen_require(`
++		type ocsp_client_packet_t;
++	')
++
++	dontaudit $1 ocsp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ocsp_client_packets',`
++	gen_require(`
++		type ocsp_client_packet_t;
++	')
++
++	allow $1 ocsp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ocsp_client_packets',`
++	gen_require(`
++		type ocsp_client_packet_t;
++	')
++
++	dontaudit $1 ocsp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ocsp_client_packets',`
++	corenet_send_ocsp_client_packets($1)
++	corenet_receive_ocsp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ocsp_client_packets',`
++	corenet_dontaudit_send_ocsp_client_packets($1)
++	corenet_dontaudit_receive_ocsp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ocsp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ocsp_client_packets',`
++	gen_require(`
++		type ocsp_client_packet_t;
++	')
++
++	allow $1 ocsp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ocsp_server_packets',`
++	gen_require(`
++		type ocsp_server_packet_t;
++	')
++
++	allow $1 ocsp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ocsp_server_packets',`
++	gen_require(`
++		type ocsp_server_packet_t;
++	')
++
++	dontaudit $1 ocsp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ocsp_server_packets',`
++	gen_require(`
++		type ocsp_server_packet_t;
++	')
++
++	allow $1 ocsp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ocsp_server_packets',`
++	gen_require(`
++		type ocsp_server_packet_t;
++	')
++
++	dontaudit $1 ocsp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ocsp_server_packets',`
++	corenet_send_ocsp_server_packets($1)
++	corenet_receive_ocsp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ocsp_server_packets',`
++	corenet_dontaudit_send_ocsp_server_packets($1)
++	corenet_dontaudit_receive_ocsp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ocsp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ocsp_server_packets',`
++	gen_require(`
++		type ocsp_server_packet_t;
++	')
++
++	allow $1 ocsp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	allow $1 openvpn_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	allow $1 openvpn_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	dontaudit $1 openvpn_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	allow $1 openvpn_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	dontaudit $1 openvpn_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_openvpn_port',`
++	corenet_udp_send_openvpn_port($1)
++	corenet_udp_receive_openvpn_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_openvpn_port',`
++	corenet_dontaudit_udp_send_openvpn_port($1)
++	corenet_dontaudit_udp_receive_openvpn_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	allow $1 openvpn_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	allow $1 openvpn_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the openvpn port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_openvpn_port',`
++	gen_require(`
++		type openvpn_port_t;
++	')
++
++	allow $1 openvpn_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send openvpn_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_openvpn_client_packets',`
++	gen_require(`
++		type openvpn_client_packet_t;
++	')
++
++	allow $1 openvpn_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send openvpn_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_openvpn_client_packets',`
++	gen_require(`
++		type openvpn_client_packet_t;
++	')
++
++	dontaudit $1 openvpn_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive openvpn_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_openvpn_client_packets',`
++	gen_require(`
++		type openvpn_client_packet_t;
++	')
++
++	allow $1 openvpn_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive openvpn_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_openvpn_client_packets',`
++	gen_require(`
++		type openvpn_client_packet_t;
++	')
++
++	dontaudit $1 openvpn_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive openvpn_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_openvpn_client_packets',`
++	corenet_send_openvpn_client_packets($1)
++	corenet_receive_openvpn_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive openvpn_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_openvpn_client_packets',`
++	corenet_dontaudit_send_openvpn_client_packets($1)
++	corenet_dontaudit_receive_openvpn_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to openvpn_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_openvpn_client_packets',`
++	gen_require(`
++		type openvpn_client_packet_t;
++	')
++
++	allow $1 openvpn_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send openvpn_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_openvpn_server_packets',`
++	gen_require(`
++		type openvpn_server_packet_t;
++	')
++
++	allow $1 openvpn_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send openvpn_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_openvpn_server_packets',`
++	gen_require(`
++		type openvpn_server_packet_t;
++	')
++
++	dontaudit $1 openvpn_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive openvpn_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_openvpn_server_packets',`
++	gen_require(`
++		type openvpn_server_packet_t;
++	')
++
++	allow $1 openvpn_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive openvpn_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_openvpn_server_packets',`
++	gen_require(`
++		type openvpn_server_packet_t;
++	')
++
++	dontaudit $1 openvpn_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive openvpn_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_openvpn_server_packets',`
++	corenet_send_openvpn_server_packets($1)
++	corenet_receive_openvpn_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive openvpn_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_openvpn_server_packets',`
++	corenet_dontaudit_send_openvpn_server_packets($1)
++	corenet_dontaudit_receive_openvpn_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to openvpn_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_openvpn_server_packets',`
++	gen_require(`
++		type openvpn_server_packet_t;
++	')
++
++	allow $1 openvpn_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	allow $1 pegasus_http_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	allow $1 pegasus_http_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	dontaudit $1 pegasus_http_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	allow $1 pegasus_http_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	dontaudit $1 pegasus_http_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pegasus_http_port',`
++	corenet_udp_send_pegasus_http_port($1)
++	corenet_udp_receive_pegasus_http_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pegasus_http_port',`
++	corenet_dontaudit_udp_send_pegasus_http_port($1)
++	corenet_dontaudit_udp_receive_pegasus_http_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	allow $1 pegasus_http_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	allow $1 pegasus_http_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pegasus_http port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pegasus_http_port',`
++	gen_require(`
++		type pegasus_http_port_t;
++	')
++
++	allow $1 pegasus_http_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pegasus_http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pegasus_http_client_packets',`
++	gen_require(`
++		type pegasus_http_client_packet_t;
++	')
++
++	allow $1 pegasus_http_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pegasus_http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pegasus_http_client_packets',`
++	gen_require(`
++		type pegasus_http_client_packet_t;
++	')
++
++	dontaudit $1 pegasus_http_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pegasus_http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pegasus_http_client_packets',`
++	gen_require(`
++		type pegasus_http_client_packet_t;
++	')
++
++	allow $1 pegasus_http_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pegasus_http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pegasus_http_client_packets',`
++	gen_require(`
++		type pegasus_http_client_packet_t;
++	')
++
++	dontaudit $1 pegasus_http_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pegasus_http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pegasus_http_client_packets',`
++	corenet_send_pegasus_http_client_packets($1)
++	corenet_receive_pegasus_http_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pegasus_http_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_http_client_packets',`
++	corenet_dontaudit_send_pegasus_http_client_packets($1)
++	corenet_dontaudit_receive_pegasus_http_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pegasus_http_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pegasus_http_client_packets',`
++	gen_require(`
++		type pegasus_http_client_packet_t;
++	')
++
++	allow $1 pegasus_http_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pegasus_http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pegasus_http_server_packets',`
++	gen_require(`
++		type pegasus_http_server_packet_t;
++	')
++
++	allow $1 pegasus_http_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pegasus_http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pegasus_http_server_packets',`
++	gen_require(`
++		type pegasus_http_server_packet_t;
++	')
++
++	dontaudit $1 pegasus_http_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pegasus_http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pegasus_http_server_packets',`
++	gen_require(`
++		type pegasus_http_server_packet_t;
++	')
++
++	allow $1 pegasus_http_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pegasus_http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pegasus_http_server_packets',`
++	gen_require(`
++		type pegasus_http_server_packet_t;
++	')
++
++	dontaudit $1 pegasus_http_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pegasus_http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pegasus_http_server_packets',`
++	corenet_send_pegasus_http_server_packets($1)
++	corenet_receive_pegasus_http_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pegasus_http_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_http_server_packets',`
++	corenet_dontaudit_send_pegasus_http_server_packets($1)
++	corenet_dontaudit_receive_pegasus_http_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pegasus_http_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pegasus_http_server_packets',`
++	gen_require(`
++		type pegasus_http_server_packet_t;
++	')
++
++	allow $1 pegasus_http_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	allow $1 pegasus_https_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	allow $1 pegasus_https_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	dontaudit $1 pegasus_https_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	allow $1 pegasus_https_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	dontaudit $1 pegasus_https_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pegasus_https_port',`
++	corenet_udp_send_pegasus_https_port($1)
++	corenet_udp_receive_pegasus_https_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pegasus_https_port',`
++	corenet_dontaudit_udp_send_pegasus_https_port($1)
++	corenet_dontaudit_udp_receive_pegasus_https_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	allow $1 pegasus_https_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	allow $1 pegasus_https_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pegasus_https port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pegasus_https_port',`
++	gen_require(`
++		type pegasus_https_port_t;
++	')
++
++	allow $1 pegasus_https_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pegasus_https_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pegasus_https_client_packets',`
++	gen_require(`
++		type pegasus_https_client_packet_t;
++	')
++
++	allow $1 pegasus_https_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pegasus_https_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pegasus_https_client_packets',`
++	gen_require(`
++		type pegasus_https_client_packet_t;
++	')
++
++	dontaudit $1 pegasus_https_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pegasus_https_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pegasus_https_client_packets',`
++	gen_require(`
++		type pegasus_https_client_packet_t;
++	')
++
++	allow $1 pegasus_https_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pegasus_https_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pegasus_https_client_packets',`
++	gen_require(`
++		type pegasus_https_client_packet_t;
++	')
++
++	dontaudit $1 pegasus_https_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pegasus_https_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pegasus_https_client_packets',`
++	corenet_send_pegasus_https_client_packets($1)
++	corenet_receive_pegasus_https_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pegasus_https_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_https_client_packets',`
++	corenet_dontaudit_send_pegasus_https_client_packets($1)
++	corenet_dontaudit_receive_pegasus_https_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pegasus_https_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pegasus_https_client_packets',`
++	gen_require(`
++		type pegasus_https_client_packet_t;
++	')
++
++	allow $1 pegasus_https_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pegasus_https_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pegasus_https_server_packets',`
++	gen_require(`
++		type pegasus_https_server_packet_t;
++	')
++
++	allow $1 pegasus_https_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pegasus_https_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pegasus_https_server_packets',`
++	gen_require(`
++		type pegasus_https_server_packet_t;
++	')
++
++	dontaudit $1 pegasus_https_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pegasus_https_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pegasus_https_server_packets',`
++	gen_require(`
++		type pegasus_https_server_packet_t;
++	')
++
++	allow $1 pegasus_https_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pegasus_https_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pegasus_https_server_packets',`
++	gen_require(`
++		type pegasus_https_server_packet_t;
++	')
++
++	dontaudit $1 pegasus_https_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pegasus_https_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pegasus_https_server_packets',`
++	corenet_send_pegasus_https_server_packets($1)
++	corenet_receive_pegasus_https_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pegasus_https_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_https_server_packets',`
++	corenet_dontaudit_send_pegasus_https_server_packets($1)
++	corenet_dontaudit_receive_pegasus_https_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pegasus_https_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pegasus_https_server_packets',`
++	gen_require(`
++		type pegasus_https_server_packet_t;
++	')
++
++	allow $1 pegasus_https_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	allow $1 pki_ca_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	allow $1 pki_ca_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	dontaudit $1 pki_ca_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	allow $1 pki_ca_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	dontaudit $1 pki_ca_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pki_ca_port',`
++	corenet_udp_send_pki_ca_port($1)
++	corenet_udp_receive_pki_ca_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_ca_port',`
++	corenet_dontaudit_udp_send_pki_ca_port($1)
++	corenet_dontaudit_udp_receive_pki_ca_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	allow $1 pki_ca_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	allow $1 pki_ca_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pki_ca port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pki_ca_port',`
++	gen_require(`
++		type pki_ca_port_t;
++	')
++
++	allow $1 pki_ca_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pki_ca_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_ca_client_packets',`
++	gen_require(`
++		type pki_ca_client_packet_t;
++	')
++
++	allow $1 pki_ca_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_ca_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_ca_client_packets',`
++	gen_require(`
++		type pki_ca_client_packet_t;
++	')
++
++	dontaudit $1 pki_ca_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_ca_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_ca_client_packets',`
++	gen_require(`
++		type pki_ca_client_packet_t;
++	')
++
++	allow $1 pki_ca_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_ca_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_ca_client_packets',`
++	gen_require(`
++		type pki_ca_client_packet_t;
++	')
++
++	dontaudit $1 pki_ca_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_ca_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_ca_client_packets',`
++	corenet_send_pki_ca_client_packets($1)
++	corenet_receive_pki_ca_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_ca_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_ca_client_packets',`
++	corenet_dontaudit_send_pki_ca_client_packets($1)
++	corenet_dontaudit_receive_pki_ca_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_ca_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_ca_client_packets',`
++	gen_require(`
++		type pki_ca_client_packet_t;
++	')
++
++	allow $1 pki_ca_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pki_ca_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_ca_server_packets',`
++	gen_require(`
++		type pki_ca_server_packet_t;
++	')
++
++	allow $1 pki_ca_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_ca_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_ca_server_packets',`
++	gen_require(`
++		type pki_ca_server_packet_t;
++	')
++
++	dontaudit $1 pki_ca_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_ca_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_ca_server_packets',`
++	gen_require(`
++		type pki_ca_server_packet_t;
++	')
++
++	allow $1 pki_ca_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_ca_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_ca_server_packets',`
++	gen_require(`
++		type pki_ca_server_packet_t;
++	')
++
++	dontaudit $1 pki_ca_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_ca_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_ca_server_packets',`
++	corenet_send_pki_ca_server_packets($1)
++	corenet_receive_pki_ca_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_ca_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_ca_server_packets',`
++	corenet_dontaudit_send_pki_ca_server_packets($1)
++	corenet_dontaudit_receive_pki_ca_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_ca_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_ca_server_packets',`
++	gen_require(`
++		type pki_ca_server_packet_t;
++	')
++
++	allow $1 pki_ca_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	allow $1 pki_kra_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	allow $1 pki_kra_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	dontaudit $1 pki_kra_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	allow $1 pki_kra_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	dontaudit $1 pki_kra_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pki_kra_port',`
++	corenet_udp_send_pki_kra_port($1)
++	corenet_udp_receive_pki_kra_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_kra_port',`
++	corenet_dontaudit_udp_send_pki_kra_port($1)
++	corenet_dontaudit_udp_receive_pki_kra_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	allow $1 pki_kra_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	allow $1 pki_kra_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pki_kra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pki_kra_port',`
++	gen_require(`
++		type pki_kra_port_t;
++	')
++
++	allow $1 pki_kra_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pki_kra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_kra_client_packets',`
++	gen_require(`
++		type pki_kra_client_packet_t;
++	')
++
++	allow $1 pki_kra_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_kra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_kra_client_packets',`
++	gen_require(`
++		type pki_kra_client_packet_t;
++	')
++
++	dontaudit $1 pki_kra_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_kra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_kra_client_packets',`
++	gen_require(`
++		type pki_kra_client_packet_t;
++	')
++
++	allow $1 pki_kra_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_kra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_kra_client_packets',`
++	gen_require(`
++		type pki_kra_client_packet_t;
++	')
++
++	dontaudit $1 pki_kra_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_kra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_kra_client_packets',`
++	corenet_send_pki_kra_client_packets($1)
++	corenet_receive_pki_kra_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_kra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_kra_client_packets',`
++	corenet_dontaudit_send_pki_kra_client_packets($1)
++	corenet_dontaudit_receive_pki_kra_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_kra_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_kra_client_packets',`
++	gen_require(`
++		type pki_kra_client_packet_t;
++	')
++
++	allow $1 pki_kra_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pki_kra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_kra_server_packets',`
++	gen_require(`
++		type pki_kra_server_packet_t;
++	')
++
++	allow $1 pki_kra_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_kra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_kra_server_packets',`
++	gen_require(`
++		type pki_kra_server_packet_t;
++	')
++
++	dontaudit $1 pki_kra_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_kra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_kra_server_packets',`
++	gen_require(`
++		type pki_kra_server_packet_t;
++	')
++
++	allow $1 pki_kra_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_kra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_kra_server_packets',`
++	gen_require(`
++		type pki_kra_server_packet_t;
++	')
++
++	dontaudit $1 pki_kra_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_kra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_kra_server_packets',`
++	corenet_send_pki_kra_server_packets($1)
++	corenet_receive_pki_kra_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_kra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_kra_server_packets',`
++	corenet_dontaudit_send_pki_kra_server_packets($1)
++	corenet_dontaudit_receive_pki_kra_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_kra_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_kra_server_packets',`
++	gen_require(`
++		type pki_kra_server_packet_t;
++	')
++
++	allow $1 pki_kra_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	allow $1 pki_ocsp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	allow $1 pki_ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	dontaudit $1 pki_ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	allow $1 pki_ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	dontaudit $1 pki_ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pki_ocsp_port',`
++	corenet_udp_send_pki_ocsp_port($1)
++	corenet_udp_receive_pki_ocsp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_ocsp_port',`
++	corenet_dontaudit_udp_send_pki_ocsp_port($1)
++	corenet_dontaudit_udp_receive_pki_ocsp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	allow $1 pki_ocsp_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	allow $1 pki_ocsp_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pki_ocsp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pki_ocsp_port',`
++	gen_require(`
++		type pki_ocsp_port_t;
++	')
++
++	allow $1 pki_ocsp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pki_ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_ocsp_client_packets',`
++	gen_require(`
++		type pki_ocsp_client_packet_t;
++	')
++
++	allow $1 pki_ocsp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_ocsp_client_packets',`
++	gen_require(`
++		type pki_ocsp_client_packet_t;
++	')
++
++	dontaudit $1 pki_ocsp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_ocsp_client_packets',`
++	gen_require(`
++		type pki_ocsp_client_packet_t;
++	')
++
++	allow $1 pki_ocsp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_ocsp_client_packets',`
++	gen_require(`
++		type pki_ocsp_client_packet_t;
++	')
++
++	dontaudit $1 pki_ocsp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_ocsp_client_packets',`
++	corenet_send_pki_ocsp_client_packets($1)
++	corenet_receive_pki_ocsp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_ocsp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_ocsp_client_packets',`
++	corenet_dontaudit_send_pki_ocsp_client_packets($1)
++	corenet_dontaudit_receive_pki_ocsp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_ocsp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_ocsp_client_packets',`
++	gen_require(`
++		type pki_ocsp_client_packet_t;
++	')
++
++	allow $1 pki_ocsp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pki_ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_ocsp_server_packets',`
++	gen_require(`
++		type pki_ocsp_server_packet_t;
++	')
++
++	allow $1 pki_ocsp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_ocsp_server_packets',`
++	gen_require(`
++		type pki_ocsp_server_packet_t;
++	')
++
++	dontaudit $1 pki_ocsp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_ocsp_server_packets',`
++	gen_require(`
++		type pki_ocsp_server_packet_t;
++	')
++
++	allow $1 pki_ocsp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_ocsp_server_packets',`
++	gen_require(`
++		type pki_ocsp_server_packet_t;
++	')
++
++	dontaudit $1 pki_ocsp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_ocsp_server_packets',`
++	corenet_send_pki_ocsp_server_packets($1)
++	corenet_receive_pki_ocsp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_ocsp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_ocsp_server_packets',`
++	corenet_dontaudit_send_pki_ocsp_server_packets($1)
++	corenet_dontaudit_receive_pki_ocsp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_ocsp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_ocsp_server_packets',`
++	gen_require(`
++		type pki_ocsp_server_packet_t;
++	')
++
++	allow $1 pki_ocsp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	allow $1 pki_tks_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	allow $1 pki_tks_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	dontaudit $1 pki_tks_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	allow $1 pki_tks_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	dontaudit $1 pki_tks_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pki_tks_port',`
++	corenet_udp_send_pki_tks_port($1)
++	corenet_udp_receive_pki_tks_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_tks_port',`
++	corenet_dontaudit_udp_send_pki_tks_port($1)
++	corenet_dontaudit_udp_receive_pki_tks_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	allow $1 pki_tks_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	allow $1 pki_tks_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pki_tks port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pki_tks_port',`
++	gen_require(`
++		type pki_tks_port_t;
++	')
++
++	allow $1 pki_tks_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pki_tks_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_tks_client_packets',`
++	gen_require(`
++		type pki_tks_client_packet_t;
++	')
++
++	allow $1 pki_tks_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_tks_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_tks_client_packets',`
++	gen_require(`
++		type pki_tks_client_packet_t;
++	')
++
++	dontaudit $1 pki_tks_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_tks_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_tks_client_packets',`
++	gen_require(`
++		type pki_tks_client_packet_t;
++	')
++
++	allow $1 pki_tks_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_tks_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_tks_client_packets',`
++	gen_require(`
++		type pki_tks_client_packet_t;
++	')
++
++	dontaudit $1 pki_tks_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_tks_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_tks_client_packets',`
++	corenet_send_pki_tks_client_packets($1)
++	corenet_receive_pki_tks_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_tks_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_tks_client_packets',`
++	corenet_dontaudit_send_pki_tks_client_packets($1)
++	corenet_dontaudit_receive_pki_tks_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_tks_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_tks_client_packets',`
++	gen_require(`
++		type pki_tks_client_packet_t;
++	')
++
++	allow $1 pki_tks_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pki_tks_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_tks_server_packets',`
++	gen_require(`
++		type pki_tks_server_packet_t;
++	')
++
++	allow $1 pki_tks_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_tks_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_tks_server_packets',`
++	gen_require(`
++		type pki_tks_server_packet_t;
++	')
++
++	dontaudit $1 pki_tks_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_tks_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_tks_server_packets',`
++	gen_require(`
++		type pki_tks_server_packet_t;
++	')
++
++	allow $1 pki_tks_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_tks_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_tks_server_packets',`
++	gen_require(`
++		type pki_tks_server_packet_t;
++	')
++
++	dontaudit $1 pki_tks_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_tks_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_tks_server_packets',`
++	corenet_send_pki_tks_server_packets($1)
++	corenet_receive_pki_tks_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_tks_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_tks_server_packets',`
++	corenet_dontaudit_send_pki_tks_server_packets($1)
++	corenet_dontaudit_receive_pki_tks_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_tks_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_tks_server_packets',`
++	gen_require(`
++		type pki_tks_server_packet_t;
++	')
++
++	allow $1 pki_tks_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	allow $1 pki_ra_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	allow $1 pki_ra_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	dontaudit $1 pki_ra_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	allow $1 pki_ra_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	dontaudit $1 pki_ra_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pki_ra_port',`
++	corenet_udp_send_pki_ra_port($1)
++	corenet_udp_receive_pki_ra_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_ra_port',`
++	corenet_dontaudit_udp_send_pki_ra_port($1)
++	corenet_dontaudit_udp_receive_pki_ra_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	allow $1 pki_ra_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	allow $1 pki_ra_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pki_ra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pki_ra_port',`
++	gen_require(`
++		type pki_ra_port_t;
++	')
++
++	allow $1 pki_ra_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pki_ra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_ra_client_packets',`
++	gen_require(`
++		type pki_ra_client_packet_t;
++	')
++
++	allow $1 pki_ra_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_ra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_ra_client_packets',`
++	gen_require(`
++		type pki_ra_client_packet_t;
++	')
++
++	dontaudit $1 pki_ra_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_ra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_ra_client_packets',`
++	gen_require(`
++		type pki_ra_client_packet_t;
++	')
++
++	allow $1 pki_ra_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_ra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_ra_client_packets',`
++	gen_require(`
++		type pki_ra_client_packet_t;
++	')
++
++	dontaudit $1 pki_ra_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_ra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_ra_client_packets',`
++	corenet_send_pki_ra_client_packets($1)
++	corenet_receive_pki_ra_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_ra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_ra_client_packets',`
++	corenet_dontaudit_send_pki_ra_client_packets($1)
++	corenet_dontaudit_receive_pki_ra_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_ra_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_ra_client_packets',`
++	gen_require(`
++		type pki_ra_client_packet_t;
++	')
++
++	allow $1 pki_ra_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pki_ra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_ra_server_packets',`
++	gen_require(`
++		type pki_ra_server_packet_t;
++	')
++
++	allow $1 pki_ra_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_ra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_ra_server_packets',`
++	gen_require(`
++		type pki_ra_server_packet_t;
++	')
++
++	dontaudit $1 pki_ra_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_ra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_ra_server_packets',`
++	gen_require(`
++		type pki_ra_server_packet_t;
++	')
++
++	allow $1 pki_ra_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_ra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_ra_server_packets',`
++	gen_require(`
++		type pki_ra_server_packet_t;
++	')
++
++	dontaudit $1 pki_ra_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_ra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_ra_server_packets',`
++	corenet_send_pki_ra_server_packets($1)
++	corenet_receive_pki_ra_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_ra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_ra_server_packets',`
++	corenet_dontaudit_send_pki_ra_server_packets($1)
++	corenet_dontaudit_receive_pki_ra_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_ra_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_ra_server_packets',`
++	gen_require(`
++		type pki_ra_server_packet_t;
++	')
++
++	allow $1 pki_ra_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	allow $1 pki_tps_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	allow $1 pki_tps_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	dontaudit $1 pki_tps_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	allow $1 pki_tps_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	dontaudit $1 pki_tps_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pki_tps_port',`
++	corenet_udp_send_pki_tps_port($1)
++	corenet_udp_receive_pki_tps_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_tps_port',`
++	corenet_dontaudit_udp_send_pki_tps_port($1)
++	corenet_dontaudit_udp_receive_pki_tps_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	allow $1 pki_tps_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	allow $1 pki_tps_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pki_tps port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pki_tps_port',`
++	gen_require(`
++		type pki_tps_port_t;
++	')
++
++	allow $1 pki_tps_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pki_tps_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_tps_client_packets',`
++	gen_require(`
++		type pki_tps_client_packet_t;
++	')
++
++	allow $1 pki_tps_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_tps_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_tps_client_packets',`
++	gen_require(`
++		type pki_tps_client_packet_t;
++	')
++
++	dontaudit $1 pki_tps_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_tps_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_tps_client_packets',`
++	gen_require(`
++		type pki_tps_client_packet_t;
++	')
++
++	allow $1 pki_tps_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_tps_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_tps_client_packets',`
++	gen_require(`
++		type pki_tps_client_packet_t;
++	')
++
++	dontaudit $1 pki_tps_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_tps_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_tps_client_packets',`
++	corenet_send_pki_tps_client_packets($1)
++	corenet_receive_pki_tps_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_tps_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_tps_client_packets',`
++	corenet_dontaudit_send_pki_tps_client_packets($1)
++	corenet_dontaudit_receive_pki_tps_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_tps_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_tps_client_packets',`
++	gen_require(`
++		type pki_tps_client_packet_t;
++	')
++
++	allow $1 pki_tps_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pki_tps_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pki_tps_server_packets',`
++	gen_require(`
++		type pki_tps_server_packet_t;
++	')
++
++	allow $1 pki_tps_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pki_tps_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pki_tps_server_packets',`
++	gen_require(`
++		type pki_tps_server_packet_t;
++	')
++
++	dontaudit $1 pki_tps_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pki_tps_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pki_tps_server_packets',`
++	gen_require(`
++		type pki_tps_server_packet_t;
++	')
++
++	allow $1 pki_tps_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pki_tps_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pki_tps_server_packets',`
++	gen_require(`
++		type pki_tps_server_packet_t;
++	')
++
++	dontaudit $1 pki_tps_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pki_tps_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pki_tps_server_packets',`
++	corenet_send_pki_tps_server_packets($1)
++	corenet_receive_pki_tps_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pki_tps_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pki_tps_server_packets',`
++	corenet_dontaudit_send_pki_tps_server_packets($1)
++	corenet_dontaudit_receive_pki_tps_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pki_tps_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pki_tps_server_packets',`
++	gen_require(`
++		type pki_tps_server_packet_t;
++	')
++
++	allow $1 pki_tps_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	allow $1 postfix_policyd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	allow $1 postfix_policyd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	dontaudit $1 postfix_policyd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	allow $1 postfix_policyd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	dontaudit $1 postfix_policyd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_postfix_policyd_port',`
++	corenet_udp_send_postfix_policyd_port($1)
++	corenet_udp_receive_postfix_policyd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_postfix_policyd_port',`
++	corenet_dontaudit_udp_send_postfix_policyd_port($1)
++	corenet_dontaudit_udp_receive_postfix_policyd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	allow $1 postfix_policyd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	allow $1 postfix_policyd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the postfix_policyd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_postfix_policyd_port',`
++	gen_require(`
++		type postfix_policyd_port_t;
++	')
++
++	allow $1 postfix_policyd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send postfix_policyd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_postfix_policyd_client_packets',`
++	gen_require(`
++		type postfix_policyd_client_packet_t;
++	')
++
++	allow $1 postfix_policyd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send postfix_policyd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_postfix_policyd_client_packets',`
++	gen_require(`
++		type postfix_policyd_client_packet_t;
++	')
++
++	dontaudit $1 postfix_policyd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive postfix_policyd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_postfix_policyd_client_packets',`
++	gen_require(`
++		type postfix_policyd_client_packet_t;
++	')
++
++	allow $1 postfix_policyd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive postfix_policyd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_postfix_policyd_client_packets',`
++	gen_require(`
++		type postfix_policyd_client_packet_t;
++	')
++
++	dontaudit $1 postfix_policyd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive postfix_policyd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_postfix_policyd_client_packets',`
++	corenet_send_postfix_policyd_client_packets($1)
++	corenet_receive_postfix_policyd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive postfix_policyd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_postfix_policyd_client_packets',`
++	corenet_dontaudit_send_postfix_policyd_client_packets($1)
++	corenet_dontaudit_receive_postfix_policyd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to postfix_policyd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_postfix_policyd_client_packets',`
++	gen_require(`
++		type postfix_policyd_client_packet_t;
++	')
++
++	allow $1 postfix_policyd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send postfix_policyd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_postfix_policyd_server_packets',`
++	gen_require(`
++		type postfix_policyd_server_packet_t;
++	')
++
++	allow $1 postfix_policyd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send postfix_policyd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_postfix_policyd_server_packets',`
++	gen_require(`
++		type postfix_policyd_server_packet_t;
++	')
++
++	dontaudit $1 postfix_policyd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive postfix_policyd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_postfix_policyd_server_packets',`
++	gen_require(`
++		type postfix_policyd_server_packet_t;
++	')
++
++	allow $1 postfix_policyd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive postfix_policyd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_postfix_policyd_server_packets',`
++	gen_require(`
++		type postfix_policyd_server_packet_t;
++	')
++
++	dontaudit $1 postfix_policyd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive postfix_policyd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_postfix_policyd_server_packets',`
++	corenet_send_postfix_policyd_server_packets($1)
++	corenet_receive_postfix_policyd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive postfix_policyd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_postfix_policyd_server_packets',`
++	corenet_dontaudit_send_postfix_policyd_server_packets($1)
++	corenet_dontaudit_receive_postfix_policyd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to postfix_policyd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_postfix_policyd_server_packets',`
++	gen_require(`
++		type postfix_policyd_server_packet_t;
++	')
++
++	allow $1 postfix_policyd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	allow $1 pulseaudio_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	allow $1 pulseaudio_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	dontaudit $1 pulseaudio_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	allow $1 pulseaudio_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	dontaudit $1 pulseaudio_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pulseaudio_port',`
++	corenet_udp_send_pulseaudio_port($1)
++	corenet_udp_receive_pulseaudio_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pulseaudio_port',`
++	corenet_dontaudit_udp_send_pulseaudio_port($1)
++	corenet_dontaudit_udp_receive_pulseaudio_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	allow $1 pulseaudio_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	allow $1 pulseaudio_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pulseaudio port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pulseaudio_port',`
++	gen_require(`
++		type pulseaudio_port_t;
++	')
++
++	allow $1 pulseaudio_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pulseaudio_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pulseaudio_client_packets',`
++	gen_require(`
++		type pulseaudio_client_packet_t;
++	')
++
++	allow $1 pulseaudio_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pulseaudio_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pulseaudio_client_packets',`
++	gen_require(`
++		type pulseaudio_client_packet_t;
++	')
++
++	dontaudit $1 pulseaudio_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pulseaudio_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pulseaudio_client_packets',`
++	gen_require(`
++		type pulseaudio_client_packet_t;
++	')
++
++	allow $1 pulseaudio_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pulseaudio_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pulseaudio_client_packets',`
++	gen_require(`
++		type pulseaudio_client_packet_t;
++	')
++
++	dontaudit $1 pulseaudio_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pulseaudio_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pulseaudio_client_packets',`
++	corenet_send_pulseaudio_client_packets($1)
++	corenet_receive_pulseaudio_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pulseaudio_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pulseaudio_client_packets',`
++	corenet_dontaudit_send_pulseaudio_client_packets($1)
++	corenet_dontaudit_receive_pulseaudio_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pulseaudio_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pulseaudio_client_packets',`
++	gen_require(`
++		type pulseaudio_client_packet_t;
++	')
++
++	allow $1 pulseaudio_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pulseaudio_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pulseaudio_server_packets',`
++	gen_require(`
++		type pulseaudio_server_packet_t;
++	')
++
++	allow $1 pulseaudio_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pulseaudio_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pulseaudio_server_packets',`
++	gen_require(`
++		type pulseaudio_server_packet_t;
++	')
++
++	dontaudit $1 pulseaudio_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pulseaudio_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pulseaudio_server_packets',`
++	gen_require(`
++		type pulseaudio_server_packet_t;
++	')
++
++	allow $1 pulseaudio_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pulseaudio_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pulseaudio_server_packets',`
++	gen_require(`
++		type pulseaudio_server_packet_t;
++	')
++
++	dontaudit $1 pulseaudio_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pulseaudio_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pulseaudio_server_packets',`
++	corenet_send_pulseaudio_server_packets($1)
++	corenet_receive_pulseaudio_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pulseaudio_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pulseaudio_server_packets',`
++	corenet_dontaudit_send_pulseaudio_server_packets($1)
++	corenet_dontaudit_receive_pulseaudio_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pulseaudio_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pulseaudio_server_packets',`
++	gen_require(`
++		type pulseaudio_server_packet_t;
++	')
++
++	allow $1 pulseaudio_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	allow $1 pgpkeyserver_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	allow $1 pgpkeyserver_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	dontaudit $1 pgpkeyserver_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	allow $1 pgpkeyserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	dontaudit $1 pgpkeyserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pgpkeyserver_port',`
++	corenet_udp_send_pgpkeyserver_port($1)
++	corenet_udp_receive_pgpkeyserver_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pgpkeyserver_port',`
++	corenet_dontaudit_udp_send_pgpkeyserver_port($1)
++	corenet_dontaudit_udp_receive_pgpkeyserver_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	allow $1 pgpkeyserver_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	allow $1 pgpkeyserver_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pgpkeyserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pgpkeyserver_port',`
++	gen_require(`
++		type pgpkeyserver_port_t;
++	')
++
++	allow $1 pgpkeyserver_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pgpkeyserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pgpkeyserver_client_packets',`
++	gen_require(`
++		type pgpkeyserver_client_packet_t;
++	')
++
++	allow $1 pgpkeyserver_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pgpkeyserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pgpkeyserver_client_packets',`
++	gen_require(`
++		type pgpkeyserver_client_packet_t;
++	')
++
++	dontaudit $1 pgpkeyserver_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pgpkeyserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pgpkeyserver_client_packets',`
++	gen_require(`
++		type pgpkeyserver_client_packet_t;
++	')
++
++	allow $1 pgpkeyserver_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pgpkeyserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pgpkeyserver_client_packets',`
++	gen_require(`
++		type pgpkeyserver_client_packet_t;
++	')
++
++	dontaudit $1 pgpkeyserver_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pgpkeyserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pgpkeyserver_client_packets',`
++	corenet_send_pgpkeyserver_client_packets($1)
++	corenet_receive_pgpkeyserver_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pgpkeyserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pgpkeyserver_client_packets',`
++	corenet_dontaudit_send_pgpkeyserver_client_packets($1)
++	corenet_dontaudit_receive_pgpkeyserver_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pgpkeyserver_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pgpkeyserver_client_packets',`
++	gen_require(`
++		type pgpkeyserver_client_packet_t;
++	')
++
++	allow $1 pgpkeyserver_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pgpkeyserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pgpkeyserver_server_packets',`
++	gen_require(`
++		type pgpkeyserver_server_packet_t;
++	')
++
++	allow $1 pgpkeyserver_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pgpkeyserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pgpkeyserver_server_packets',`
++	gen_require(`
++		type pgpkeyserver_server_packet_t;
++	')
++
++	dontaudit $1 pgpkeyserver_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pgpkeyserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pgpkeyserver_server_packets',`
++	gen_require(`
++		type pgpkeyserver_server_packet_t;
++	')
++
++	allow $1 pgpkeyserver_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pgpkeyserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pgpkeyserver_server_packets',`
++	gen_require(`
++		type pgpkeyserver_server_packet_t;
++	')
++
++	dontaudit $1 pgpkeyserver_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pgpkeyserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pgpkeyserver_server_packets',`
++	corenet_send_pgpkeyserver_server_packets($1)
++	corenet_receive_pgpkeyserver_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pgpkeyserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pgpkeyserver_server_packets',`
++	corenet_dontaudit_send_pgpkeyserver_server_packets($1)
++	corenet_dontaudit_receive_pgpkeyserver_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pgpkeyserver_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pgpkeyserver_server_packets',`
++	gen_require(`
++		type pgpkeyserver_server_packet_t;
++	')
++
++	allow $1 pgpkeyserver_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	allow $1 pop_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	allow $1 pop_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	dontaudit $1 pop_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	allow $1 pop_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	dontaudit $1 pop_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pop_port',`
++	corenet_udp_send_pop_port($1)
++	corenet_udp_receive_pop_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pop_port',`
++	corenet_dontaudit_udp_send_pop_port($1)
++	corenet_dontaudit_udp_receive_pop_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	allow $1 pop_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	allow $1 pop_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pop port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pop_port',`
++	gen_require(`
++		type pop_port_t;
++	')
++
++	allow $1 pop_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pop_client_packets',`
++	gen_require(`
++		type pop_client_packet_t;
++	')
++
++	allow $1 pop_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pop_client_packets',`
++	gen_require(`
++		type pop_client_packet_t;
++	')
++
++	dontaudit $1 pop_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pop_client_packets',`
++	gen_require(`
++		type pop_client_packet_t;
++	')
++
++	allow $1 pop_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pop_client_packets',`
++	gen_require(`
++		type pop_client_packet_t;
++	')
++
++	dontaudit $1 pop_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pop_client_packets',`
++	corenet_send_pop_client_packets($1)
++	corenet_receive_pop_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pop_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pop_client_packets',`
++	corenet_dontaudit_send_pop_client_packets($1)
++	corenet_dontaudit_receive_pop_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pop_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pop_client_packets',`
++	gen_require(`
++		type pop_client_packet_t;
++	')
++
++	allow $1 pop_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pop_server_packets',`
++	gen_require(`
++		type pop_server_packet_t;
++	')
++
++	allow $1 pop_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pop_server_packets',`
++	gen_require(`
++		type pop_server_packet_t;
++	')
++
++	dontaudit $1 pop_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pop_server_packets',`
++	gen_require(`
++		type pop_server_packet_t;
++	')
++
++	allow $1 pop_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pop_server_packets',`
++	gen_require(`
++		type pop_server_packet_t;
++	')
++
++	dontaudit $1 pop_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pop_server_packets',`
++	corenet_send_pop_server_packets($1)
++	corenet_receive_pop_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pop_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pop_server_packets',`
++	corenet_dontaudit_send_pop_server_packets($1)
++	corenet_dontaudit_receive_pop_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pop_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pop_server_packets',`
++	gen_require(`
++		type pop_server_packet_t;
++	')
++
++	allow $1 pop_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	allow $1 portmap_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	allow $1 portmap_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	dontaudit $1 portmap_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	allow $1 portmap_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	dontaudit $1 portmap_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_portmap_port',`
++	corenet_udp_send_portmap_port($1)
++	corenet_udp_receive_portmap_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_portmap_port',`
++	corenet_dontaudit_udp_send_portmap_port($1)
++	corenet_dontaudit_udp_receive_portmap_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	allow $1 portmap_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	allow $1 portmap_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the portmap port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_portmap_port',`
++	gen_require(`
++		type portmap_port_t;
++	')
++
++	allow $1 portmap_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send portmap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_portmap_client_packets',`
++	gen_require(`
++		type portmap_client_packet_t;
++	')
++
++	allow $1 portmap_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send portmap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_portmap_client_packets',`
++	gen_require(`
++		type portmap_client_packet_t;
++	')
++
++	dontaudit $1 portmap_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive portmap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_portmap_client_packets',`
++	gen_require(`
++		type portmap_client_packet_t;
++	')
++
++	allow $1 portmap_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive portmap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_portmap_client_packets',`
++	gen_require(`
++		type portmap_client_packet_t;
++	')
++
++	dontaudit $1 portmap_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive portmap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_portmap_client_packets',`
++	corenet_send_portmap_client_packets($1)
++	corenet_receive_portmap_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive portmap_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_portmap_client_packets',`
++	corenet_dontaudit_send_portmap_client_packets($1)
++	corenet_dontaudit_receive_portmap_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to portmap_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_portmap_client_packets',`
++	gen_require(`
++		type portmap_client_packet_t;
++	')
++
++	allow $1 portmap_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send portmap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_portmap_server_packets',`
++	gen_require(`
++		type portmap_server_packet_t;
++	')
++
++	allow $1 portmap_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send portmap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_portmap_server_packets',`
++	gen_require(`
++		type portmap_server_packet_t;
++	')
++
++	dontaudit $1 portmap_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive portmap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_portmap_server_packets',`
++	gen_require(`
++		type portmap_server_packet_t;
++	')
++
++	allow $1 portmap_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive portmap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_portmap_server_packets',`
++	gen_require(`
++		type portmap_server_packet_t;
++	')
++
++	dontaudit $1 portmap_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive portmap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_portmap_server_packets',`
++	corenet_send_portmap_server_packets($1)
++	corenet_receive_portmap_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive portmap_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_portmap_server_packets',`
++	corenet_dontaudit_send_portmap_server_packets($1)
++	corenet_dontaudit_receive_portmap_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to portmap_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_portmap_server_packets',`
++	gen_require(`
++		type portmap_server_packet_t;
++	')
++
++	allow $1 portmap_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	allow $1 postgresql_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	allow $1 postgresql_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	dontaudit $1 postgresql_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	allow $1 postgresql_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	dontaudit $1 postgresql_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_postgresql_port',`
++	corenet_udp_send_postgresql_port($1)
++	corenet_udp_receive_postgresql_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_postgresql_port',`
++	corenet_dontaudit_udp_send_postgresql_port($1)
++	corenet_dontaudit_udp_receive_postgresql_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	allow $1 postgresql_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	allow $1 postgresql_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the postgresql port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_postgresql_port',`
++	gen_require(`
++		type postgresql_port_t;
++	')
++
++	allow $1 postgresql_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send postgresql_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_postgresql_client_packets',`
++	gen_require(`
++		type postgresql_client_packet_t;
++	')
++
++	allow $1 postgresql_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send postgresql_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_postgresql_client_packets',`
++	gen_require(`
++		type postgresql_client_packet_t;
++	')
++
++	dontaudit $1 postgresql_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive postgresql_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_postgresql_client_packets',`
++	gen_require(`
++		type postgresql_client_packet_t;
++	')
++
++	allow $1 postgresql_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive postgresql_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_postgresql_client_packets',`
++	gen_require(`
++		type postgresql_client_packet_t;
++	')
++
++	dontaudit $1 postgresql_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive postgresql_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_postgresql_client_packets',`
++	corenet_send_postgresql_client_packets($1)
++	corenet_receive_postgresql_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive postgresql_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_postgresql_client_packets',`
++	corenet_dontaudit_send_postgresql_client_packets($1)
++	corenet_dontaudit_receive_postgresql_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to postgresql_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_postgresql_client_packets',`
++	gen_require(`
++		type postgresql_client_packet_t;
++	')
++
++	allow $1 postgresql_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send postgresql_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_postgresql_server_packets',`
++	gen_require(`
++		type postgresql_server_packet_t;
++	')
++
++	allow $1 postgresql_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send postgresql_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_postgresql_server_packets',`
++	gen_require(`
++		type postgresql_server_packet_t;
++	')
++
++	dontaudit $1 postgresql_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive postgresql_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_postgresql_server_packets',`
++	gen_require(`
++		type postgresql_server_packet_t;
++	')
++
++	allow $1 postgresql_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive postgresql_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_postgresql_server_packets',`
++	gen_require(`
++		type postgresql_server_packet_t;
++	')
++
++	dontaudit $1 postgresql_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive postgresql_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_postgresql_server_packets',`
++	corenet_send_postgresql_server_packets($1)
++	corenet_receive_postgresql_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive postgresql_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_postgresql_server_packets',`
++	corenet_dontaudit_send_postgresql_server_packets($1)
++	corenet_dontaudit_receive_postgresql_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to postgresql_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_postgresql_server_packets',`
++	gen_require(`
++		type postgresql_server_packet_t;
++	')
++
++	allow $1 postgresql_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	allow $1 postgrey_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	allow $1 postgrey_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	dontaudit $1 postgrey_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	allow $1 postgrey_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	dontaudit $1 postgrey_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_postgrey_port',`
++	corenet_udp_send_postgrey_port($1)
++	corenet_udp_receive_postgrey_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_postgrey_port',`
++	corenet_dontaudit_udp_send_postgrey_port($1)
++	corenet_dontaudit_udp_receive_postgrey_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	allow $1 postgrey_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	allow $1 postgrey_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the postgrey port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_postgrey_port',`
++	gen_require(`
++		type postgrey_port_t;
++	')
++
++	allow $1 postgrey_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send postgrey_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_postgrey_client_packets',`
++	gen_require(`
++		type postgrey_client_packet_t;
++	')
++
++	allow $1 postgrey_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send postgrey_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_postgrey_client_packets',`
++	gen_require(`
++		type postgrey_client_packet_t;
++	')
++
++	dontaudit $1 postgrey_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive postgrey_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_postgrey_client_packets',`
++	gen_require(`
++		type postgrey_client_packet_t;
++	')
++
++	allow $1 postgrey_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive postgrey_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_postgrey_client_packets',`
++	gen_require(`
++		type postgrey_client_packet_t;
++	')
++
++	dontaudit $1 postgrey_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive postgrey_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_postgrey_client_packets',`
++	corenet_send_postgrey_client_packets($1)
++	corenet_receive_postgrey_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive postgrey_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_postgrey_client_packets',`
++	corenet_dontaudit_send_postgrey_client_packets($1)
++	corenet_dontaudit_receive_postgrey_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to postgrey_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_postgrey_client_packets',`
++	gen_require(`
++		type postgrey_client_packet_t;
++	')
++
++	allow $1 postgrey_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send postgrey_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_postgrey_server_packets',`
++	gen_require(`
++		type postgrey_server_packet_t;
++	')
++
++	allow $1 postgrey_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send postgrey_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_postgrey_server_packets',`
++	gen_require(`
++		type postgrey_server_packet_t;
++	')
++
++	dontaudit $1 postgrey_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive postgrey_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_postgrey_server_packets',`
++	gen_require(`
++		type postgrey_server_packet_t;
++	')
++
++	allow $1 postgrey_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive postgrey_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_postgrey_server_packets',`
++	gen_require(`
++		type postgrey_server_packet_t;
++	')
++
++	dontaudit $1 postgrey_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive postgrey_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_postgrey_server_packets',`
++	corenet_send_postgrey_server_packets($1)
++	corenet_receive_postgrey_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive postgrey_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_postgrey_server_packets',`
++	corenet_dontaudit_send_postgrey_server_packets($1)
++	corenet_dontaudit_receive_postgrey_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to postgrey_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_postgrey_server_packets',`
++	gen_require(`
++		type postgrey_server_packet_t;
++	')
++
++	allow $1 postgrey_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	allow $1 prelude_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	allow $1 prelude_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	dontaudit $1 prelude_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	allow $1 prelude_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	dontaudit $1 prelude_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_prelude_port',`
++	corenet_udp_send_prelude_port($1)
++	corenet_udp_receive_prelude_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_prelude_port',`
++	corenet_dontaudit_udp_send_prelude_port($1)
++	corenet_dontaudit_udp_receive_prelude_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	allow $1 prelude_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	allow $1 prelude_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the prelude port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_prelude_port',`
++	gen_require(`
++		type prelude_port_t;
++	')
++
++	allow $1 prelude_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send prelude_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_prelude_client_packets',`
++	gen_require(`
++		type prelude_client_packet_t;
++	')
++
++	allow $1 prelude_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send prelude_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_prelude_client_packets',`
++	gen_require(`
++		type prelude_client_packet_t;
++	')
++
++	dontaudit $1 prelude_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive prelude_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_prelude_client_packets',`
++	gen_require(`
++		type prelude_client_packet_t;
++	')
++
++	allow $1 prelude_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive prelude_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_prelude_client_packets',`
++	gen_require(`
++		type prelude_client_packet_t;
++	')
++
++	dontaudit $1 prelude_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive prelude_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_prelude_client_packets',`
++	corenet_send_prelude_client_packets($1)
++	corenet_receive_prelude_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive prelude_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_prelude_client_packets',`
++	corenet_dontaudit_send_prelude_client_packets($1)
++	corenet_dontaudit_receive_prelude_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to prelude_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_prelude_client_packets',`
++	gen_require(`
++		type prelude_client_packet_t;
++	')
++
++	allow $1 prelude_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send prelude_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_prelude_server_packets',`
++	gen_require(`
++		type prelude_server_packet_t;
++	')
++
++	allow $1 prelude_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send prelude_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_prelude_server_packets',`
++	gen_require(`
++		type prelude_server_packet_t;
++	')
++
++	dontaudit $1 prelude_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive prelude_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_prelude_server_packets',`
++	gen_require(`
++		type prelude_server_packet_t;
++	')
++
++	allow $1 prelude_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive prelude_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_prelude_server_packets',`
++	gen_require(`
++		type prelude_server_packet_t;
++	')
++
++	dontaudit $1 prelude_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive prelude_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_prelude_server_packets',`
++	corenet_send_prelude_server_packets($1)
++	corenet_receive_prelude_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive prelude_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_prelude_server_packets',`
++	corenet_dontaudit_send_prelude_server_packets($1)
++	corenet_dontaudit_receive_prelude_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to prelude_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_prelude_server_packets',`
++	gen_require(`
++		type prelude_server_packet_t;
++	')
++
++	allow $1 prelude_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	allow $1 printer_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	allow $1 printer_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	dontaudit $1 printer_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	allow $1 printer_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	dontaudit $1 printer_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_printer_port',`
++	corenet_udp_send_printer_port($1)
++	corenet_udp_receive_printer_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_printer_port',`
++	corenet_dontaudit_udp_send_printer_port($1)
++	corenet_dontaudit_udp_receive_printer_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	allow $1 printer_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	allow $1 printer_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the printer port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_printer_port',`
++	gen_require(`
++		type printer_port_t;
++	')
++
++	allow $1 printer_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send printer_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_printer_client_packets',`
++	gen_require(`
++		type printer_client_packet_t;
++	')
++
++	allow $1 printer_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send printer_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_printer_client_packets',`
++	gen_require(`
++		type printer_client_packet_t;
++	')
++
++	dontaudit $1 printer_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive printer_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_printer_client_packets',`
++	gen_require(`
++		type printer_client_packet_t;
++	')
++
++	allow $1 printer_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive printer_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_printer_client_packets',`
++	gen_require(`
++		type printer_client_packet_t;
++	')
++
++	dontaudit $1 printer_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive printer_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_printer_client_packets',`
++	corenet_send_printer_client_packets($1)
++	corenet_receive_printer_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive printer_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_printer_client_packets',`
++	corenet_dontaudit_send_printer_client_packets($1)
++	corenet_dontaudit_receive_printer_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to printer_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_printer_client_packets',`
++	gen_require(`
++		type printer_client_packet_t;
++	')
++
++	allow $1 printer_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send printer_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_printer_server_packets',`
++	gen_require(`
++		type printer_server_packet_t;
++	')
++
++	allow $1 printer_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send printer_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_printer_server_packets',`
++	gen_require(`
++		type printer_server_packet_t;
++	')
++
++	dontaudit $1 printer_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive printer_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_printer_server_packets',`
++	gen_require(`
++		type printer_server_packet_t;
++	')
++
++	allow $1 printer_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive printer_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_printer_server_packets',`
++	gen_require(`
++		type printer_server_packet_t;
++	')
++
++	dontaudit $1 printer_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive printer_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_printer_server_packets',`
++	corenet_send_printer_server_packets($1)
++	corenet_receive_printer_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive printer_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_printer_server_packets',`
++	corenet_dontaudit_send_printer_server_packets($1)
++	corenet_dontaudit_receive_printer_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to printer_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_printer_server_packets',`
++	gen_require(`
++		type printer_server_packet_t;
++	')
++
++	allow $1 printer_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	allow $1 ptal_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	allow $1 ptal_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	dontaudit $1 ptal_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	allow $1 ptal_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	dontaudit $1 ptal_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ptal_port',`
++	corenet_udp_send_ptal_port($1)
++	corenet_udp_receive_ptal_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ptal_port',`
++	corenet_dontaudit_udp_send_ptal_port($1)
++	corenet_dontaudit_udp_receive_ptal_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	allow $1 ptal_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	allow $1 ptal_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ptal port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ptal_port',`
++	gen_require(`
++		type ptal_port_t;
++	')
++
++	allow $1 ptal_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ptal_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ptal_client_packets',`
++	gen_require(`
++		type ptal_client_packet_t;
++	')
++
++	allow $1 ptal_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ptal_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ptal_client_packets',`
++	gen_require(`
++		type ptal_client_packet_t;
++	')
++
++	dontaudit $1 ptal_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ptal_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ptal_client_packets',`
++	gen_require(`
++		type ptal_client_packet_t;
++	')
++
++	allow $1 ptal_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ptal_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ptal_client_packets',`
++	gen_require(`
++		type ptal_client_packet_t;
++	')
++
++	dontaudit $1 ptal_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ptal_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ptal_client_packets',`
++	corenet_send_ptal_client_packets($1)
++	corenet_receive_ptal_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ptal_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ptal_client_packets',`
++	corenet_dontaudit_send_ptal_client_packets($1)
++	corenet_dontaudit_receive_ptal_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ptal_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ptal_client_packets',`
++	gen_require(`
++		type ptal_client_packet_t;
++	')
++
++	allow $1 ptal_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ptal_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ptal_server_packets',`
++	gen_require(`
++		type ptal_server_packet_t;
++	')
++
++	allow $1 ptal_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ptal_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ptal_server_packets',`
++	gen_require(`
++		type ptal_server_packet_t;
++	')
++
++	dontaudit $1 ptal_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ptal_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ptal_server_packets',`
++	gen_require(`
++		type ptal_server_packet_t;
++	')
++
++	allow $1 ptal_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ptal_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ptal_server_packets',`
++	gen_require(`
++		type ptal_server_packet_t;
++	')
++
++	dontaudit $1 ptal_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ptal_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ptal_server_packets',`
++	corenet_send_ptal_server_packets($1)
++	corenet_receive_ptal_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ptal_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ptal_server_packets',`
++	corenet_dontaudit_send_ptal_server_packets($1)
++	corenet_dontaudit_receive_ptal_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ptal_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ptal_server_packets',`
++	gen_require(`
++		type ptal_server_packet_t;
++	')
++
++	allow $1 ptal_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	allow $1 pxe_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	allow $1 pxe_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	dontaudit $1 pxe_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	allow $1 pxe_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	dontaudit $1 pxe_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pxe_port',`
++	corenet_udp_send_pxe_port($1)
++	corenet_udp_receive_pxe_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pxe_port',`
++	corenet_dontaudit_udp_send_pxe_port($1)
++	corenet_dontaudit_udp_receive_pxe_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	allow $1 pxe_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	allow $1 pxe_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pxe port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pxe_port',`
++	gen_require(`
++		type pxe_port_t;
++	')
++
++	allow $1 pxe_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pxe_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pxe_client_packets',`
++	gen_require(`
++		type pxe_client_packet_t;
++	')
++
++	allow $1 pxe_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pxe_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pxe_client_packets',`
++	gen_require(`
++		type pxe_client_packet_t;
++	')
++
++	dontaudit $1 pxe_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pxe_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pxe_client_packets',`
++	gen_require(`
++		type pxe_client_packet_t;
++	')
++
++	allow $1 pxe_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pxe_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pxe_client_packets',`
++	gen_require(`
++		type pxe_client_packet_t;
++	')
++
++	dontaudit $1 pxe_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pxe_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pxe_client_packets',`
++	corenet_send_pxe_client_packets($1)
++	corenet_receive_pxe_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pxe_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pxe_client_packets',`
++	corenet_dontaudit_send_pxe_client_packets($1)
++	corenet_dontaudit_receive_pxe_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pxe_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pxe_client_packets',`
++	gen_require(`
++		type pxe_client_packet_t;
++	')
++
++	allow $1 pxe_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pxe_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pxe_server_packets',`
++	gen_require(`
++		type pxe_server_packet_t;
++	')
++
++	allow $1 pxe_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pxe_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pxe_server_packets',`
++	gen_require(`
++		type pxe_server_packet_t;
++	')
++
++	dontaudit $1 pxe_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pxe_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pxe_server_packets',`
++	gen_require(`
++		type pxe_server_packet_t;
++	')
++
++	allow $1 pxe_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pxe_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pxe_server_packets',`
++	gen_require(`
++		type pxe_server_packet_t;
++	')
++
++	dontaudit $1 pxe_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pxe_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pxe_server_packets',`
++	corenet_send_pxe_server_packets($1)
++	corenet_receive_pxe_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pxe_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pxe_server_packets',`
++	corenet_dontaudit_send_pxe_server_packets($1)
++	corenet_dontaudit_receive_pxe_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pxe_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pxe_server_packets',`
++	gen_require(`
++		type pxe_server_packet_t;
++	')
++
++	allow $1 pxe_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	allow $1 pyzor_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	allow $1 pyzor_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	dontaudit $1 pyzor_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	allow $1 pyzor_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	dontaudit $1 pyzor_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_pyzor_port',`
++	corenet_udp_send_pyzor_port($1)
++	corenet_udp_receive_pyzor_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_pyzor_port',`
++	corenet_dontaudit_udp_send_pyzor_port($1)
++	corenet_dontaudit_udp_receive_pyzor_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	allow $1 pyzor_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	allow $1 pyzor_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the pyzor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_pyzor_port',`
++	gen_require(`
++		type pyzor_port_t;
++	')
++
++	allow $1 pyzor_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send pyzor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pyzor_client_packets',`
++	gen_require(`
++		type pyzor_client_packet_t;
++	')
++
++	allow $1 pyzor_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pyzor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pyzor_client_packets',`
++	gen_require(`
++		type pyzor_client_packet_t;
++	')
++
++	dontaudit $1 pyzor_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pyzor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pyzor_client_packets',`
++	gen_require(`
++		type pyzor_client_packet_t;
++	')
++
++	allow $1 pyzor_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pyzor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pyzor_client_packets',`
++	gen_require(`
++		type pyzor_client_packet_t;
++	')
++
++	dontaudit $1 pyzor_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pyzor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pyzor_client_packets',`
++	corenet_send_pyzor_client_packets($1)
++	corenet_receive_pyzor_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pyzor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pyzor_client_packets',`
++	corenet_dontaudit_send_pyzor_client_packets($1)
++	corenet_dontaudit_receive_pyzor_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pyzor_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pyzor_client_packets',`
++	gen_require(`
++		type pyzor_client_packet_t;
++	')
++
++	allow $1 pyzor_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send pyzor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_pyzor_server_packets',`
++	gen_require(`
++		type pyzor_server_packet_t;
++	')
++
++	allow $1 pyzor_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send pyzor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_pyzor_server_packets',`
++	gen_require(`
++		type pyzor_server_packet_t;
++	')
++
++	dontaudit $1 pyzor_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive pyzor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_pyzor_server_packets',`
++	gen_require(`
++		type pyzor_server_packet_t;
++	')
++
++	allow $1 pyzor_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive pyzor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_pyzor_server_packets',`
++	gen_require(`
++		type pyzor_server_packet_t;
++	')
++
++	dontaudit $1 pyzor_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive pyzor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_pyzor_server_packets',`
++	corenet_send_pyzor_server_packets($1)
++	corenet_receive_pyzor_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive pyzor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_pyzor_server_packets',`
++	corenet_dontaudit_send_pyzor_server_packets($1)
++	corenet_dontaudit_receive_pyzor_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to pyzor_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_pyzor_server_packets',`
++	gen_require(`
++		type pyzor_server_packet_t;
++	')
++
++	allow $1 pyzor_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	allow $1 radacct_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	allow $1 radacct_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	dontaudit $1 radacct_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	allow $1 radacct_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	dontaudit $1 radacct_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_radacct_port',`
++	corenet_udp_send_radacct_port($1)
++	corenet_udp_receive_radacct_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_radacct_port',`
++	corenet_dontaudit_udp_send_radacct_port($1)
++	corenet_dontaudit_udp_receive_radacct_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	allow $1 radacct_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	allow $1 radacct_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the radacct port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_radacct_port',`
++	gen_require(`
++		type radacct_port_t;
++	')
++
++	allow $1 radacct_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send radacct_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_radacct_client_packets',`
++	gen_require(`
++		type radacct_client_packet_t;
++	')
++
++	allow $1 radacct_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send radacct_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_radacct_client_packets',`
++	gen_require(`
++		type radacct_client_packet_t;
++	')
++
++	dontaudit $1 radacct_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive radacct_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_radacct_client_packets',`
++	gen_require(`
++		type radacct_client_packet_t;
++	')
++
++	allow $1 radacct_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive radacct_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_radacct_client_packets',`
++	gen_require(`
++		type radacct_client_packet_t;
++	')
++
++	dontaudit $1 radacct_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive radacct_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_radacct_client_packets',`
++	corenet_send_radacct_client_packets($1)
++	corenet_receive_radacct_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive radacct_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_radacct_client_packets',`
++	corenet_dontaudit_send_radacct_client_packets($1)
++	corenet_dontaudit_receive_radacct_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to radacct_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_radacct_client_packets',`
++	gen_require(`
++		type radacct_client_packet_t;
++	')
++
++	allow $1 radacct_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send radacct_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_radacct_server_packets',`
++	gen_require(`
++		type radacct_server_packet_t;
++	')
++
++	allow $1 radacct_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send radacct_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_radacct_server_packets',`
++	gen_require(`
++		type radacct_server_packet_t;
++	')
++
++	dontaudit $1 radacct_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive radacct_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_radacct_server_packets',`
++	gen_require(`
++		type radacct_server_packet_t;
++	')
++
++	allow $1 radacct_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive radacct_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_radacct_server_packets',`
++	gen_require(`
++		type radacct_server_packet_t;
++	')
++
++	dontaudit $1 radacct_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive radacct_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_radacct_server_packets',`
++	corenet_send_radacct_server_packets($1)
++	corenet_receive_radacct_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive radacct_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_radacct_server_packets',`
++	corenet_dontaudit_send_radacct_server_packets($1)
++	corenet_dontaudit_receive_radacct_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to radacct_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_radacct_server_packets',`
++	gen_require(`
++		type radacct_server_packet_t;
++	')
++
++	allow $1 radacct_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	allow $1 radius_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	allow $1 radius_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	dontaudit $1 radius_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	allow $1 radius_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	dontaudit $1 radius_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_radius_port',`
++	corenet_udp_send_radius_port($1)
++	corenet_udp_receive_radius_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_radius_port',`
++	corenet_dontaudit_udp_send_radius_port($1)
++	corenet_dontaudit_udp_receive_radius_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	allow $1 radius_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	allow $1 radius_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the radius port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_radius_port',`
++	gen_require(`
++		type radius_port_t;
++	')
++
++	allow $1 radius_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send radius_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_radius_client_packets',`
++	gen_require(`
++		type radius_client_packet_t;
++	')
++
++	allow $1 radius_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send radius_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_radius_client_packets',`
++	gen_require(`
++		type radius_client_packet_t;
++	')
++
++	dontaudit $1 radius_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive radius_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_radius_client_packets',`
++	gen_require(`
++		type radius_client_packet_t;
++	')
++
++	allow $1 radius_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive radius_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_radius_client_packets',`
++	gen_require(`
++		type radius_client_packet_t;
++	')
++
++	dontaudit $1 radius_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive radius_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_radius_client_packets',`
++	corenet_send_radius_client_packets($1)
++	corenet_receive_radius_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive radius_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_radius_client_packets',`
++	corenet_dontaudit_send_radius_client_packets($1)
++	corenet_dontaudit_receive_radius_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to radius_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_radius_client_packets',`
++	gen_require(`
++		type radius_client_packet_t;
++	')
++
++	allow $1 radius_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send radius_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_radius_server_packets',`
++	gen_require(`
++		type radius_server_packet_t;
++	')
++
++	allow $1 radius_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send radius_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_radius_server_packets',`
++	gen_require(`
++		type radius_server_packet_t;
++	')
++
++	dontaudit $1 radius_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive radius_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_radius_server_packets',`
++	gen_require(`
++		type radius_server_packet_t;
++	')
++
++	allow $1 radius_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive radius_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_radius_server_packets',`
++	gen_require(`
++		type radius_server_packet_t;
++	')
++
++	dontaudit $1 radius_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive radius_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_radius_server_packets',`
++	corenet_send_radius_server_packets($1)
++	corenet_receive_radius_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive radius_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_radius_server_packets',`
++	corenet_dontaudit_send_radius_server_packets($1)
++	corenet_dontaudit_receive_radius_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to radius_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_radius_server_packets',`
++	gen_require(`
++		type radius_server_packet_t;
++	')
++
++	allow $1 radius_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	allow $1 razor_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	allow $1 razor_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	dontaudit $1 razor_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	allow $1 razor_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	dontaudit $1 razor_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_razor_port',`
++	corenet_udp_send_razor_port($1)
++	corenet_udp_receive_razor_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_razor_port',`
++	corenet_dontaudit_udp_send_razor_port($1)
++	corenet_dontaudit_udp_receive_razor_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	allow $1 razor_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	allow $1 razor_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the razor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_razor_port',`
++	gen_require(`
++		type razor_port_t;
++	')
++
++	allow $1 razor_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send razor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_razor_client_packets',`
++	gen_require(`
++		type razor_client_packet_t;
++	')
++
++	allow $1 razor_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send razor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_razor_client_packets',`
++	gen_require(`
++		type razor_client_packet_t;
++	')
++
++	dontaudit $1 razor_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive razor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_razor_client_packets',`
++	gen_require(`
++		type razor_client_packet_t;
++	')
++
++	allow $1 razor_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive razor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_razor_client_packets',`
++	gen_require(`
++		type razor_client_packet_t;
++	')
++
++	dontaudit $1 razor_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive razor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_razor_client_packets',`
++	corenet_send_razor_client_packets($1)
++	corenet_receive_razor_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive razor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_razor_client_packets',`
++	corenet_dontaudit_send_razor_client_packets($1)
++	corenet_dontaudit_receive_razor_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to razor_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_razor_client_packets',`
++	gen_require(`
++		type razor_client_packet_t;
++	')
++
++	allow $1 razor_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send razor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_razor_server_packets',`
++	gen_require(`
++		type razor_server_packet_t;
++	')
++
++	allow $1 razor_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send razor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_razor_server_packets',`
++	gen_require(`
++		type razor_server_packet_t;
++	')
++
++	dontaudit $1 razor_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive razor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_razor_server_packets',`
++	gen_require(`
++		type razor_server_packet_t;
++	')
++
++	allow $1 razor_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive razor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_razor_server_packets',`
++	gen_require(`
++		type razor_server_packet_t;
++	')
++
++	dontaudit $1 razor_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive razor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_razor_server_packets',`
++	corenet_send_razor_server_packets($1)
++	corenet_receive_razor_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive razor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_razor_server_packets',`
++	corenet_dontaudit_send_razor_server_packets($1)
++	corenet_dontaudit_receive_razor_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to razor_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_razor_server_packets',`
++	gen_require(`
++		type razor_server_packet_t;
++	')
++
++	allow $1 razor_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	allow $1 ricci_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	allow $1 ricci_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	dontaudit $1 ricci_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	allow $1 ricci_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	dontaudit $1 ricci_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ricci_port',`
++	corenet_udp_send_ricci_port($1)
++	corenet_udp_receive_ricci_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ricci_port',`
++	corenet_dontaudit_udp_send_ricci_port($1)
++	corenet_dontaudit_udp_receive_ricci_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	allow $1 ricci_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	allow $1 ricci_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ricci port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ricci_port',`
++	gen_require(`
++		type ricci_port_t;
++	')
++
++	allow $1 ricci_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ricci_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ricci_client_packets',`
++	gen_require(`
++		type ricci_client_packet_t;
++	')
++
++	allow $1 ricci_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ricci_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ricci_client_packets',`
++	gen_require(`
++		type ricci_client_packet_t;
++	')
++
++	dontaudit $1 ricci_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ricci_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ricci_client_packets',`
++	gen_require(`
++		type ricci_client_packet_t;
++	')
++
++	allow $1 ricci_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ricci_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ricci_client_packets',`
++	gen_require(`
++		type ricci_client_packet_t;
++	')
++
++	dontaudit $1 ricci_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ricci_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ricci_client_packets',`
++	corenet_send_ricci_client_packets($1)
++	corenet_receive_ricci_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ricci_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ricci_client_packets',`
++	corenet_dontaudit_send_ricci_client_packets($1)
++	corenet_dontaudit_receive_ricci_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ricci_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ricci_client_packets',`
++	gen_require(`
++		type ricci_client_packet_t;
++	')
++
++	allow $1 ricci_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ricci_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ricci_server_packets',`
++	gen_require(`
++		type ricci_server_packet_t;
++	')
++
++	allow $1 ricci_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ricci_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ricci_server_packets',`
++	gen_require(`
++		type ricci_server_packet_t;
++	')
++
++	dontaudit $1 ricci_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ricci_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ricci_server_packets',`
++	gen_require(`
++		type ricci_server_packet_t;
++	')
++
++	allow $1 ricci_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ricci_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ricci_server_packets',`
++	gen_require(`
++		type ricci_server_packet_t;
++	')
++
++	dontaudit $1 ricci_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ricci_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ricci_server_packets',`
++	corenet_send_ricci_server_packets($1)
++	corenet_receive_ricci_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ricci_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ricci_server_packets',`
++	corenet_dontaudit_send_ricci_server_packets($1)
++	corenet_dontaudit_receive_ricci_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ricci_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ricci_server_packets',`
++	gen_require(`
++		type ricci_server_packet_t;
++	')
++
++	allow $1 ricci_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	allow $1 ricci_modcluster_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	allow $1 ricci_modcluster_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	dontaudit $1 ricci_modcluster_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	allow $1 ricci_modcluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	dontaudit $1 ricci_modcluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ricci_modcluster_port',`
++	corenet_udp_send_ricci_modcluster_port($1)
++	corenet_udp_receive_ricci_modcluster_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ricci_modcluster_port',`
++	corenet_dontaudit_udp_send_ricci_modcluster_port($1)
++	corenet_dontaudit_udp_receive_ricci_modcluster_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	allow $1 ricci_modcluster_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	allow $1 ricci_modcluster_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ricci_modcluster port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ricci_modcluster_port',`
++	gen_require(`
++		type ricci_modcluster_port_t;
++	')
++
++	allow $1 ricci_modcluster_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ricci_modcluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ricci_modcluster_client_packets',`
++	gen_require(`
++		type ricci_modcluster_client_packet_t;
++	')
++
++	allow $1 ricci_modcluster_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ricci_modcluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ricci_modcluster_client_packets',`
++	gen_require(`
++		type ricci_modcluster_client_packet_t;
++	')
++
++	dontaudit $1 ricci_modcluster_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ricci_modcluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ricci_modcluster_client_packets',`
++	gen_require(`
++		type ricci_modcluster_client_packet_t;
++	')
++
++	allow $1 ricci_modcluster_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ricci_modcluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ricci_modcluster_client_packets',`
++	gen_require(`
++		type ricci_modcluster_client_packet_t;
++	')
++
++	dontaudit $1 ricci_modcluster_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ricci_modcluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ricci_modcluster_client_packets',`
++	corenet_send_ricci_modcluster_client_packets($1)
++	corenet_receive_ricci_modcluster_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ricci_modcluster_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ricci_modcluster_client_packets',`
++	corenet_dontaudit_send_ricci_modcluster_client_packets($1)
++	corenet_dontaudit_receive_ricci_modcluster_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ricci_modcluster_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ricci_modcluster_client_packets',`
++	gen_require(`
++		type ricci_modcluster_client_packet_t;
++	')
++
++	allow $1 ricci_modcluster_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ricci_modcluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ricci_modcluster_server_packets',`
++	gen_require(`
++		type ricci_modcluster_server_packet_t;
++	')
++
++	allow $1 ricci_modcluster_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ricci_modcluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ricci_modcluster_server_packets',`
++	gen_require(`
++		type ricci_modcluster_server_packet_t;
++	')
++
++	dontaudit $1 ricci_modcluster_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ricci_modcluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ricci_modcluster_server_packets',`
++	gen_require(`
++		type ricci_modcluster_server_packet_t;
++	')
++
++	allow $1 ricci_modcluster_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ricci_modcluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ricci_modcluster_server_packets',`
++	gen_require(`
++		type ricci_modcluster_server_packet_t;
++	')
++
++	dontaudit $1 ricci_modcluster_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ricci_modcluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ricci_modcluster_server_packets',`
++	corenet_send_ricci_modcluster_server_packets($1)
++	corenet_receive_ricci_modcluster_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ricci_modcluster_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ricci_modcluster_server_packets',`
++	corenet_dontaudit_send_ricci_modcluster_server_packets($1)
++	corenet_dontaudit_receive_ricci_modcluster_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ricci_modcluster_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ricci_modcluster_server_packets',`
++	gen_require(`
++		type ricci_modcluster_server_packet_t;
++	')
++
++	allow $1 ricci_modcluster_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	allow $1 rlogind_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	allow $1 rlogind_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	dontaudit $1 rlogind_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	allow $1 rlogind_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	dontaudit $1 rlogind_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_rlogind_port',`
++	corenet_udp_send_rlogind_port($1)
++	corenet_udp_receive_rlogind_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_rlogind_port',`
++	corenet_dontaudit_udp_send_rlogind_port($1)
++	corenet_dontaudit_udp_receive_rlogind_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	allow $1 rlogind_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	allow $1 rlogind_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the rlogind port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_rlogind_port',`
++	gen_require(`
++		type rlogind_port_t;
++	')
++
++	allow $1 rlogind_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send rlogind_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rlogind_client_packets',`
++	gen_require(`
++		type rlogind_client_packet_t;
++	')
++
++	allow $1 rlogind_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rlogind_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rlogind_client_packets',`
++	gen_require(`
++		type rlogind_client_packet_t;
++	')
++
++	dontaudit $1 rlogind_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rlogind_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rlogind_client_packets',`
++	gen_require(`
++		type rlogind_client_packet_t;
++	')
++
++	allow $1 rlogind_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rlogind_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rlogind_client_packets',`
++	gen_require(`
++		type rlogind_client_packet_t;
++	')
++
++	dontaudit $1 rlogind_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rlogind_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rlogind_client_packets',`
++	corenet_send_rlogind_client_packets($1)
++	corenet_receive_rlogind_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rlogind_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rlogind_client_packets',`
++	corenet_dontaudit_send_rlogind_client_packets($1)
++	corenet_dontaudit_receive_rlogind_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rlogind_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rlogind_client_packets',`
++	gen_require(`
++		type rlogind_client_packet_t;
++	')
++
++	allow $1 rlogind_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send rlogind_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rlogind_server_packets',`
++	gen_require(`
++		type rlogind_server_packet_t;
++	')
++
++	allow $1 rlogind_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rlogind_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rlogind_server_packets',`
++	gen_require(`
++		type rlogind_server_packet_t;
++	')
++
++	dontaudit $1 rlogind_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rlogind_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rlogind_server_packets',`
++	gen_require(`
++		type rlogind_server_packet_t;
++	')
++
++	allow $1 rlogind_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rlogind_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rlogind_server_packets',`
++	gen_require(`
++		type rlogind_server_packet_t;
++	')
++
++	dontaudit $1 rlogind_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rlogind_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rlogind_server_packets',`
++	corenet_send_rlogind_server_packets($1)
++	corenet_receive_rlogind_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rlogind_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rlogind_server_packets',`
++	corenet_dontaudit_send_rlogind_server_packets($1)
++	corenet_dontaudit_receive_rlogind_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rlogind_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rlogind_server_packets',`
++	gen_require(`
++		type rlogind_server_packet_t;
++	')
++
++	allow $1 rlogind_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	allow $1 rndc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	allow $1 rndc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	dontaudit $1 rndc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	allow $1 rndc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	dontaudit $1 rndc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_rndc_port',`
++	corenet_udp_send_rndc_port($1)
++	corenet_udp_receive_rndc_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_rndc_port',`
++	corenet_dontaudit_udp_send_rndc_port($1)
++	corenet_dontaudit_udp_receive_rndc_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	allow $1 rndc_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	allow $1 rndc_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the rndc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_rndc_port',`
++	gen_require(`
++		type rndc_port_t;
++	')
++
++	allow $1 rndc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send rndc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rndc_client_packets',`
++	gen_require(`
++		type rndc_client_packet_t;
++	')
++
++	allow $1 rndc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rndc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rndc_client_packets',`
++	gen_require(`
++		type rndc_client_packet_t;
++	')
++
++	dontaudit $1 rndc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rndc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rndc_client_packets',`
++	gen_require(`
++		type rndc_client_packet_t;
++	')
++
++	allow $1 rndc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rndc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rndc_client_packets',`
++	gen_require(`
++		type rndc_client_packet_t;
++	')
++
++	dontaudit $1 rndc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rndc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rndc_client_packets',`
++	corenet_send_rndc_client_packets($1)
++	corenet_receive_rndc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rndc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rndc_client_packets',`
++	corenet_dontaudit_send_rndc_client_packets($1)
++	corenet_dontaudit_receive_rndc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rndc_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rndc_client_packets',`
++	gen_require(`
++		type rndc_client_packet_t;
++	')
++
++	allow $1 rndc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send rndc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rndc_server_packets',`
++	gen_require(`
++		type rndc_server_packet_t;
++	')
++
++	allow $1 rndc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rndc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rndc_server_packets',`
++	gen_require(`
++		type rndc_server_packet_t;
++	')
++
++	dontaudit $1 rndc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rndc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rndc_server_packets',`
++	gen_require(`
++		type rndc_server_packet_t;
++	')
++
++	allow $1 rndc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rndc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rndc_server_packets',`
++	gen_require(`
++		type rndc_server_packet_t;
++	')
++
++	dontaudit $1 rndc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rndc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rndc_server_packets',`
++	corenet_send_rndc_server_packets($1)
++	corenet_receive_rndc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rndc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rndc_server_packets',`
++	corenet_dontaudit_send_rndc_server_packets($1)
++	corenet_dontaudit_receive_rndc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rndc_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rndc_server_packets',`
++	gen_require(`
++		type rndc_server_packet_t;
++	')
++
++	allow $1 rndc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	allow $1 router_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	allow $1 router_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	dontaudit $1 router_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	allow $1 router_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	dontaudit $1 router_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_router_port',`
++	corenet_udp_send_router_port($1)
++	corenet_udp_receive_router_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_router_port',`
++	corenet_dontaudit_udp_send_router_port($1)
++	corenet_dontaudit_udp_receive_router_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	allow $1 router_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	allow $1 router_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the router port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_router_port',`
++	gen_require(`
++		type router_port_t;
++	')
++
++	allow $1 router_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send router_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_router_client_packets',`
++	gen_require(`
++		type router_client_packet_t;
++	')
++
++	allow $1 router_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send router_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_router_client_packets',`
++	gen_require(`
++		type router_client_packet_t;
++	')
++
++	dontaudit $1 router_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive router_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_router_client_packets',`
++	gen_require(`
++		type router_client_packet_t;
++	')
++
++	allow $1 router_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive router_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_router_client_packets',`
++	gen_require(`
++		type router_client_packet_t;
++	')
++
++	dontaudit $1 router_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive router_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_router_client_packets',`
++	corenet_send_router_client_packets($1)
++	corenet_receive_router_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive router_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_router_client_packets',`
++	corenet_dontaudit_send_router_client_packets($1)
++	corenet_dontaudit_receive_router_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to router_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_router_client_packets',`
++	gen_require(`
++		type router_client_packet_t;
++	')
++
++	allow $1 router_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send router_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_router_server_packets',`
++	gen_require(`
++		type router_server_packet_t;
++	')
++
++	allow $1 router_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send router_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_router_server_packets',`
++	gen_require(`
++		type router_server_packet_t;
++	')
++
++	dontaudit $1 router_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive router_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_router_server_packets',`
++	gen_require(`
++		type router_server_packet_t;
++	')
++
++	allow $1 router_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive router_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_router_server_packets',`
++	gen_require(`
++		type router_server_packet_t;
++	')
++
++	dontaudit $1 router_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive router_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_router_server_packets',`
++	corenet_send_router_server_packets($1)
++	corenet_receive_router_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive router_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_router_server_packets',`
++	corenet_dontaudit_send_router_server_packets($1)
++	corenet_dontaudit_receive_router_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to router_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_router_server_packets',`
++	gen_require(`
++		type router_server_packet_t;
++	')
++
++	allow $1 router_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	allow $1 rsh_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	allow $1 rsh_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	dontaudit $1 rsh_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	allow $1 rsh_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	dontaudit $1 rsh_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_rsh_port',`
++	corenet_udp_send_rsh_port($1)
++	corenet_udp_receive_rsh_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_rsh_port',`
++	corenet_dontaudit_udp_send_rsh_port($1)
++	corenet_dontaudit_udp_receive_rsh_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	allow $1 rsh_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	allow $1 rsh_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the rsh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_rsh_port',`
++	gen_require(`
++		type rsh_port_t;
++	')
++
++	allow $1 rsh_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send rsh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rsh_client_packets',`
++	gen_require(`
++		type rsh_client_packet_t;
++	')
++
++	allow $1 rsh_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rsh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rsh_client_packets',`
++	gen_require(`
++		type rsh_client_packet_t;
++	')
++
++	dontaudit $1 rsh_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rsh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rsh_client_packets',`
++	gen_require(`
++		type rsh_client_packet_t;
++	')
++
++	allow $1 rsh_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rsh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rsh_client_packets',`
++	gen_require(`
++		type rsh_client_packet_t;
++	')
++
++	dontaudit $1 rsh_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rsh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rsh_client_packets',`
++	corenet_send_rsh_client_packets($1)
++	corenet_receive_rsh_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rsh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rsh_client_packets',`
++	corenet_dontaudit_send_rsh_client_packets($1)
++	corenet_dontaudit_receive_rsh_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rsh_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rsh_client_packets',`
++	gen_require(`
++		type rsh_client_packet_t;
++	')
++
++	allow $1 rsh_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send rsh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rsh_server_packets',`
++	gen_require(`
++		type rsh_server_packet_t;
++	')
++
++	allow $1 rsh_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rsh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rsh_server_packets',`
++	gen_require(`
++		type rsh_server_packet_t;
++	')
++
++	dontaudit $1 rsh_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rsh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rsh_server_packets',`
++	gen_require(`
++		type rsh_server_packet_t;
++	')
++
++	allow $1 rsh_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rsh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rsh_server_packets',`
++	gen_require(`
++		type rsh_server_packet_t;
++	')
++
++	dontaudit $1 rsh_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rsh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rsh_server_packets',`
++	corenet_send_rsh_server_packets($1)
++	corenet_receive_rsh_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rsh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rsh_server_packets',`
++	corenet_dontaudit_send_rsh_server_packets($1)
++	corenet_dontaudit_receive_rsh_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rsh_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rsh_server_packets',`
++	gen_require(`
++		type rsh_server_packet_t;
++	')
++
++	allow $1 rsh_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	allow $1 rsync_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	allow $1 rsync_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	dontaudit $1 rsync_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	allow $1 rsync_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	dontaudit $1 rsync_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_rsync_port',`
++	corenet_udp_send_rsync_port($1)
++	corenet_udp_receive_rsync_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_rsync_port',`
++	corenet_dontaudit_udp_send_rsync_port($1)
++	corenet_dontaudit_udp_receive_rsync_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	allow $1 rsync_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	allow $1 rsync_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the rsync port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_rsync_port',`
++	gen_require(`
++		type rsync_port_t;
++	')
++
++	allow $1 rsync_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send rsync_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rsync_client_packets',`
++	gen_require(`
++		type rsync_client_packet_t;
++	')
++
++	allow $1 rsync_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rsync_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rsync_client_packets',`
++	gen_require(`
++		type rsync_client_packet_t;
++	')
++
++	dontaudit $1 rsync_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rsync_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rsync_client_packets',`
++	gen_require(`
++		type rsync_client_packet_t;
++	')
++
++	allow $1 rsync_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rsync_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rsync_client_packets',`
++	gen_require(`
++		type rsync_client_packet_t;
++	')
++
++	dontaudit $1 rsync_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rsync_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rsync_client_packets',`
++	corenet_send_rsync_client_packets($1)
++	corenet_receive_rsync_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rsync_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rsync_client_packets',`
++	corenet_dontaudit_send_rsync_client_packets($1)
++	corenet_dontaudit_receive_rsync_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rsync_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rsync_client_packets',`
++	gen_require(`
++		type rsync_client_packet_t;
++	')
++
++	allow $1 rsync_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send rsync_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rsync_server_packets',`
++	gen_require(`
++		type rsync_server_packet_t;
++	')
++
++	allow $1 rsync_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rsync_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rsync_server_packets',`
++	gen_require(`
++		type rsync_server_packet_t;
++	')
++
++	dontaudit $1 rsync_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rsync_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rsync_server_packets',`
++	gen_require(`
++		type rsync_server_packet_t;
++	')
++
++	allow $1 rsync_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rsync_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rsync_server_packets',`
++	gen_require(`
++		type rsync_server_packet_t;
++	')
++
++	dontaudit $1 rsync_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rsync_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rsync_server_packets',`
++	corenet_send_rsync_server_packets($1)
++	corenet_receive_rsync_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rsync_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rsync_server_packets',`
++	corenet_dontaudit_send_rsync_server_packets($1)
++	corenet_dontaudit_receive_rsync_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rsync_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rsync_server_packets',`
++	gen_require(`
++		type rsync_server_packet_t;
++	')
++
++	allow $1 rsync_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	allow $1 rwho_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	allow $1 rwho_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	dontaudit $1 rwho_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	allow $1 rwho_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	dontaudit $1 rwho_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_rwho_port',`
++	corenet_udp_send_rwho_port($1)
++	corenet_udp_receive_rwho_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_rwho_port',`
++	corenet_dontaudit_udp_send_rwho_port($1)
++	corenet_dontaudit_udp_receive_rwho_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	allow $1 rwho_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	allow $1 rwho_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the rwho port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_rwho_port',`
++	gen_require(`
++		type rwho_port_t;
++	')
++
++	allow $1 rwho_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send rwho_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rwho_client_packets',`
++	gen_require(`
++		type rwho_client_packet_t;
++	')
++
++	allow $1 rwho_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rwho_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rwho_client_packets',`
++	gen_require(`
++		type rwho_client_packet_t;
++	')
++
++	dontaudit $1 rwho_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rwho_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rwho_client_packets',`
++	gen_require(`
++		type rwho_client_packet_t;
++	')
++
++	allow $1 rwho_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rwho_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rwho_client_packets',`
++	gen_require(`
++		type rwho_client_packet_t;
++	')
++
++	dontaudit $1 rwho_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rwho_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rwho_client_packets',`
++	corenet_send_rwho_client_packets($1)
++	corenet_receive_rwho_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rwho_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rwho_client_packets',`
++	corenet_dontaudit_send_rwho_client_packets($1)
++	corenet_dontaudit_receive_rwho_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rwho_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rwho_client_packets',`
++	gen_require(`
++		type rwho_client_packet_t;
++	')
++
++	allow $1 rwho_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send rwho_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_rwho_server_packets',`
++	gen_require(`
++		type rwho_server_packet_t;
++	')
++
++	allow $1 rwho_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send rwho_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_rwho_server_packets',`
++	gen_require(`
++		type rwho_server_packet_t;
++	')
++
++	dontaudit $1 rwho_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive rwho_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_rwho_server_packets',`
++	gen_require(`
++		type rwho_server_packet_t;
++	')
++
++	allow $1 rwho_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive rwho_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_rwho_server_packets',`
++	gen_require(`
++		type rwho_server_packet_t;
++	')
++
++	dontaudit $1 rwho_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive rwho_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_rwho_server_packets',`
++	corenet_send_rwho_server_packets($1)
++	corenet_receive_rwho_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive rwho_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_rwho_server_packets',`
++	corenet_dontaudit_send_rwho_server_packets($1)
++	corenet_dontaudit_receive_rwho_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to rwho_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_rwho_server_packets',`
++	gen_require(`
++		type rwho_server_packet_t;
++	')
++
++	allow $1 rwho_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	allow $1 smbd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	allow $1 smbd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	dontaudit $1 smbd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	allow $1 smbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	dontaudit $1 smbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_smbd_port',`
++	corenet_udp_send_smbd_port($1)
++	corenet_udp_receive_smbd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_smbd_port',`
++	corenet_dontaudit_udp_send_smbd_port($1)
++	corenet_dontaudit_udp_receive_smbd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	allow $1 smbd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	allow $1 smbd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the smbd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_smbd_port',`
++	gen_require(`
++		type smbd_port_t;
++	')
++
++	allow $1 smbd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send smbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_smbd_client_packets',`
++	gen_require(`
++		type smbd_client_packet_t;
++	')
++
++	allow $1 smbd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send smbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_smbd_client_packets',`
++	gen_require(`
++		type smbd_client_packet_t;
++	')
++
++	dontaudit $1 smbd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive smbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_smbd_client_packets',`
++	gen_require(`
++		type smbd_client_packet_t;
++	')
++
++	allow $1 smbd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive smbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_smbd_client_packets',`
++	gen_require(`
++		type smbd_client_packet_t;
++	')
++
++	dontaudit $1 smbd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive smbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_smbd_client_packets',`
++	corenet_send_smbd_client_packets($1)
++	corenet_receive_smbd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive smbd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_smbd_client_packets',`
++	corenet_dontaudit_send_smbd_client_packets($1)
++	corenet_dontaudit_receive_smbd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to smbd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_smbd_client_packets',`
++	gen_require(`
++		type smbd_client_packet_t;
++	')
++
++	allow $1 smbd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send smbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_smbd_server_packets',`
++	gen_require(`
++		type smbd_server_packet_t;
++	')
++
++	allow $1 smbd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send smbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_smbd_server_packets',`
++	gen_require(`
++		type smbd_server_packet_t;
++	')
++
++	dontaudit $1 smbd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive smbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_smbd_server_packets',`
++	gen_require(`
++		type smbd_server_packet_t;
++	')
++
++	allow $1 smbd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive smbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_smbd_server_packets',`
++	gen_require(`
++		type smbd_server_packet_t;
++	')
++
++	dontaudit $1 smbd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive smbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_smbd_server_packets',`
++	corenet_send_smbd_server_packets($1)
++	corenet_receive_smbd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive smbd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_smbd_server_packets',`
++	corenet_dontaudit_send_smbd_server_packets($1)
++	corenet_dontaudit_receive_smbd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to smbd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_smbd_server_packets',`
++	gen_require(`
++		type smbd_server_packet_t;
++	')
++
++	allow $1 smbd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	allow $1 smtp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	allow $1 smtp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	dontaudit $1 smtp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	allow $1 smtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	dontaudit $1 smtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_smtp_port',`
++	corenet_udp_send_smtp_port($1)
++	corenet_udp_receive_smtp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_smtp_port',`
++	corenet_dontaudit_udp_send_smtp_port($1)
++	corenet_dontaudit_udp_receive_smtp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	allow $1 smtp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	allow $1 smtp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the smtp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_smtp_port',`
++	gen_require(`
++		type smtp_port_t;
++	')
++
++	allow $1 smtp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send smtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_smtp_client_packets',`
++	gen_require(`
++		type smtp_client_packet_t;
++	')
++
++	allow $1 smtp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send smtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_smtp_client_packets',`
++	gen_require(`
++		type smtp_client_packet_t;
++	')
++
++	dontaudit $1 smtp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive smtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_smtp_client_packets',`
++	gen_require(`
++		type smtp_client_packet_t;
++	')
++
++	allow $1 smtp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive smtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_smtp_client_packets',`
++	gen_require(`
++		type smtp_client_packet_t;
++	')
++
++	dontaudit $1 smtp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive smtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_smtp_client_packets',`
++	corenet_send_smtp_client_packets($1)
++	corenet_receive_smtp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive smtp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_smtp_client_packets',`
++	corenet_dontaudit_send_smtp_client_packets($1)
++	corenet_dontaudit_receive_smtp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to smtp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_smtp_client_packets',`
++	gen_require(`
++		type smtp_client_packet_t;
++	')
++
++	allow $1 smtp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send smtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_smtp_server_packets',`
++	gen_require(`
++		type smtp_server_packet_t;
++	')
++
++	allow $1 smtp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send smtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_smtp_server_packets',`
++	gen_require(`
++		type smtp_server_packet_t;
++	')
++
++	dontaudit $1 smtp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive smtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_smtp_server_packets',`
++	gen_require(`
++		type smtp_server_packet_t;
++	')
++
++	allow $1 smtp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive smtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_smtp_server_packets',`
++	gen_require(`
++		type smtp_server_packet_t;
++	')
++
++	dontaudit $1 smtp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive smtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_smtp_server_packets',`
++	corenet_send_smtp_server_packets($1)
++	corenet_receive_smtp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive smtp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_smtp_server_packets',`
++	corenet_dontaudit_send_smtp_server_packets($1)
++	corenet_dontaudit_receive_smtp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to smtp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_smtp_server_packets',`
++	gen_require(`
++		type smtp_server_packet_t;
++	')
++
++	allow $1 smtp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	allow $1 snmp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	allow $1 snmp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	dontaudit $1 snmp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	allow $1 snmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	dontaudit $1 snmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_snmp_port',`
++	corenet_udp_send_snmp_port($1)
++	corenet_udp_receive_snmp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_snmp_port',`
++	corenet_dontaudit_udp_send_snmp_port($1)
++	corenet_dontaudit_udp_receive_snmp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	allow $1 snmp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	allow $1 snmp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the snmp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_snmp_port',`
++	gen_require(`
++		type snmp_port_t;
++	')
++
++	allow $1 snmp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send snmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_snmp_client_packets',`
++	gen_require(`
++		type snmp_client_packet_t;
++	')
++
++	allow $1 snmp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send snmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_snmp_client_packets',`
++	gen_require(`
++		type snmp_client_packet_t;
++	')
++
++	dontaudit $1 snmp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive snmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_snmp_client_packets',`
++	gen_require(`
++		type snmp_client_packet_t;
++	')
++
++	allow $1 snmp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive snmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_snmp_client_packets',`
++	gen_require(`
++		type snmp_client_packet_t;
++	')
++
++	dontaudit $1 snmp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive snmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_snmp_client_packets',`
++	corenet_send_snmp_client_packets($1)
++	corenet_receive_snmp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive snmp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_snmp_client_packets',`
++	corenet_dontaudit_send_snmp_client_packets($1)
++	corenet_dontaudit_receive_snmp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to snmp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_snmp_client_packets',`
++	gen_require(`
++		type snmp_client_packet_t;
++	')
++
++	allow $1 snmp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send snmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_snmp_server_packets',`
++	gen_require(`
++		type snmp_server_packet_t;
++	')
++
++	allow $1 snmp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send snmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_snmp_server_packets',`
++	gen_require(`
++		type snmp_server_packet_t;
++	')
++
++	dontaudit $1 snmp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive snmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_snmp_server_packets',`
++	gen_require(`
++		type snmp_server_packet_t;
++	')
++
++	allow $1 snmp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive snmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_snmp_server_packets',`
++	gen_require(`
++		type snmp_server_packet_t;
++	')
++
++	dontaudit $1 snmp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive snmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_snmp_server_packets',`
++	corenet_send_snmp_server_packets($1)
++	corenet_receive_snmp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive snmp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_snmp_server_packets',`
++	corenet_dontaudit_send_snmp_server_packets($1)
++	corenet_dontaudit_receive_snmp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to snmp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_snmp_server_packets',`
++	gen_require(`
++		type snmp_server_packet_t;
++	')
++
++	allow $1 snmp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	allow $1 spamd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	allow $1 spamd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	dontaudit $1 spamd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	allow $1 spamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	dontaudit $1 spamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_spamd_port',`
++	corenet_udp_send_spamd_port($1)
++	corenet_udp_receive_spamd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_spamd_port',`
++	corenet_dontaudit_udp_send_spamd_port($1)
++	corenet_dontaudit_udp_receive_spamd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	allow $1 spamd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	allow $1 spamd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the spamd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_spamd_port',`
++	gen_require(`
++		type spamd_port_t;
++	')
++
++	allow $1 spamd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send spamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_spamd_client_packets',`
++	gen_require(`
++		type spamd_client_packet_t;
++	')
++
++	allow $1 spamd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send spamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_spamd_client_packets',`
++	gen_require(`
++		type spamd_client_packet_t;
++	')
++
++	dontaudit $1 spamd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive spamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_spamd_client_packets',`
++	gen_require(`
++		type spamd_client_packet_t;
++	')
++
++	allow $1 spamd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive spamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_spamd_client_packets',`
++	gen_require(`
++		type spamd_client_packet_t;
++	')
++
++	dontaudit $1 spamd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive spamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_spamd_client_packets',`
++	corenet_send_spamd_client_packets($1)
++	corenet_receive_spamd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive spamd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_spamd_client_packets',`
++	corenet_dontaudit_send_spamd_client_packets($1)
++	corenet_dontaudit_receive_spamd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to spamd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_spamd_client_packets',`
++	gen_require(`
++		type spamd_client_packet_t;
++	')
++
++	allow $1 spamd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send spamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_spamd_server_packets',`
++	gen_require(`
++		type spamd_server_packet_t;
++	')
++
++	allow $1 spamd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send spamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_spamd_server_packets',`
++	gen_require(`
++		type spamd_server_packet_t;
++	')
++
++	dontaudit $1 spamd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive spamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_spamd_server_packets',`
++	gen_require(`
++		type spamd_server_packet_t;
++	')
++
++	allow $1 spamd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive spamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_spamd_server_packets',`
++	gen_require(`
++		type spamd_server_packet_t;
++	')
++
++	dontaudit $1 spamd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive spamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_spamd_server_packets',`
++	corenet_send_spamd_server_packets($1)
++	corenet_receive_spamd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive spamd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_spamd_server_packets',`
++	corenet_dontaudit_send_spamd_server_packets($1)
++	corenet_dontaudit_receive_spamd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to spamd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_spamd_server_packets',`
++	gen_require(`
++		type spamd_server_packet_t;
++	')
++
++	allow $1 spamd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	allow $1 ssh_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	allow $1 ssh_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	dontaudit $1 ssh_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	allow $1 ssh_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	dontaudit $1 ssh_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_ssh_port',`
++	corenet_udp_send_ssh_port($1)
++	corenet_udp_receive_ssh_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_ssh_port',`
++	corenet_dontaudit_udp_send_ssh_port($1)
++	corenet_dontaudit_udp_receive_ssh_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	allow $1 ssh_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	allow $1 ssh_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the ssh port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_ssh_port',`
++	gen_require(`
++		type ssh_port_t;
++	')
++
++	allow $1 ssh_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send ssh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ssh_client_packets',`
++	gen_require(`
++		type ssh_client_packet_t;
++	')
++
++	allow $1 ssh_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ssh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ssh_client_packets',`
++	gen_require(`
++		type ssh_client_packet_t;
++	')
++
++	dontaudit $1 ssh_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ssh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ssh_client_packets',`
++	gen_require(`
++		type ssh_client_packet_t;
++	')
++
++	allow $1 ssh_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ssh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ssh_client_packets',`
++	gen_require(`
++		type ssh_client_packet_t;
++	')
++
++	dontaudit $1 ssh_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ssh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ssh_client_packets',`
++	corenet_send_ssh_client_packets($1)
++	corenet_receive_ssh_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ssh_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ssh_client_packets',`
++	corenet_dontaudit_send_ssh_client_packets($1)
++	corenet_dontaudit_receive_ssh_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ssh_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ssh_client_packets',`
++	gen_require(`
++		type ssh_client_packet_t;
++	')
++
++	allow $1 ssh_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send ssh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_ssh_server_packets',`
++	gen_require(`
++		type ssh_server_packet_t;
++	')
++
++	allow $1 ssh_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send ssh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_ssh_server_packets',`
++	gen_require(`
++		type ssh_server_packet_t;
++	')
++
++	dontaudit $1 ssh_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive ssh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_ssh_server_packets',`
++	gen_require(`
++		type ssh_server_packet_t;
++	')
++
++	allow $1 ssh_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive ssh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_ssh_server_packets',`
++	gen_require(`
++		type ssh_server_packet_t;
++	')
++
++	dontaudit $1 ssh_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive ssh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_ssh_server_packets',`
++	corenet_send_ssh_server_packets($1)
++	corenet_receive_ssh_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive ssh_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_ssh_server_packets',`
++	corenet_dontaudit_send_ssh_server_packets($1)
++	corenet_dontaudit_receive_ssh_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to ssh_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_ssh_server_packets',`
++	gen_require(`
++		type ssh_server_packet_t;
++	')
++
++	allow $1 ssh_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	allow $1 soundd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	allow $1 soundd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	dontaudit $1 soundd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	allow $1 soundd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	dontaudit $1 soundd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_soundd_port',`
++	corenet_udp_send_soundd_port($1)
++	corenet_udp_receive_soundd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_soundd_port',`
++	corenet_dontaudit_udp_send_soundd_port($1)
++	corenet_dontaudit_udp_receive_soundd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	allow $1 soundd_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	allow $1 soundd_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the soundd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_soundd_port',`
++	gen_require(`
++		type soundd_port_t;
++	')
++
++	allow $1 soundd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send soundd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_soundd_client_packets',`
++	gen_require(`
++		type soundd_client_packet_t;
++	')
++
++	allow $1 soundd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send soundd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_soundd_client_packets',`
++	gen_require(`
++		type soundd_client_packet_t;
++	')
++
++	dontaudit $1 soundd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive soundd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_soundd_client_packets',`
++	gen_require(`
++		type soundd_client_packet_t;
++	')
++
++	allow $1 soundd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive soundd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_soundd_client_packets',`
++	gen_require(`
++		type soundd_client_packet_t;
++	')
++
++	dontaudit $1 soundd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive soundd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_soundd_client_packets',`
++	corenet_send_soundd_client_packets($1)
++	corenet_receive_soundd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive soundd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_soundd_client_packets',`
++	corenet_dontaudit_send_soundd_client_packets($1)
++	corenet_dontaudit_receive_soundd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to soundd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_soundd_client_packets',`
++	gen_require(`
++		type soundd_client_packet_t;
++	')
++
++	allow $1 soundd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send soundd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_soundd_server_packets',`
++	gen_require(`
++		type soundd_server_packet_t;
++	')
++
++	allow $1 soundd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send soundd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_soundd_server_packets',`
++	gen_require(`
++		type soundd_server_packet_t;
++	')
++
++	dontaudit $1 soundd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive soundd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_soundd_server_packets',`
++	gen_require(`
++		type soundd_server_packet_t;
++	')
++
++	allow $1 soundd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive soundd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_soundd_server_packets',`
++	gen_require(`
++		type soundd_server_packet_t;
++	')
++
++	dontaudit $1 soundd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive soundd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_soundd_server_packets',`
++	corenet_send_soundd_server_packets($1)
++	corenet_receive_soundd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive soundd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_soundd_server_packets',`
++	corenet_dontaudit_send_soundd_server_packets($1)
++	corenet_dontaudit_receive_soundd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to soundd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_soundd_server_packets',`
++	gen_require(`
++		type soundd_server_packet_t;
++	')
++
++	allow $1 soundd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	allow $1 squid_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	allow $1 squid_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	dontaudit $1 squid_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	allow $1 squid_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	dontaudit $1 squid_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_squid_port',`
++	corenet_udp_send_squid_port($1)
++	corenet_udp_receive_squid_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_squid_port',`
++	corenet_dontaudit_udp_send_squid_port($1)
++	corenet_dontaudit_udp_receive_squid_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	allow $1 squid_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	allow $1 squid_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the squid port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_squid_port',`
++	gen_require(`
++		type squid_port_t;
++	')
++
++	allow $1 squid_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send squid_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_squid_client_packets',`
++	gen_require(`
++		type squid_client_packet_t;
++	')
++
++	allow $1 squid_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send squid_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_squid_client_packets',`
++	gen_require(`
++		type squid_client_packet_t;
++	')
++
++	dontaudit $1 squid_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive squid_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_squid_client_packets',`
++	gen_require(`
++		type squid_client_packet_t;
++	')
++
++	allow $1 squid_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive squid_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_squid_client_packets',`
++	gen_require(`
++		type squid_client_packet_t;
++	')
++
++	dontaudit $1 squid_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive squid_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_squid_client_packets',`
++	corenet_send_squid_client_packets($1)
++	corenet_receive_squid_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive squid_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_squid_client_packets',`
++	corenet_dontaudit_send_squid_client_packets($1)
++	corenet_dontaudit_receive_squid_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to squid_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_squid_client_packets',`
++	gen_require(`
++		type squid_client_packet_t;
++	')
++
++	allow $1 squid_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send squid_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_squid_server_packets',`
++	gen_require(`
++		type squid_server_packet_t;
++	')
++
++	allow $1 squid_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send squid_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_squid_server_packets',`
++	gen_require(`
++		type squid_server_packet_t;
++	')
++
++	dontaudit $1 squid_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive squid_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_squid_server_packets',`
++	gen_require(`
++		type squid_server_packet_t;
++	')
++
++	allow $1 squid_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive squid_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_squid_server_packets',`
++	gen_require(`
++		type squid_server_packet_t;
++	')
++
++	dontaudit $1 squid_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive squid_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_squid_server_packets',`
++	corenet_send_squid_server_packets($1)
++	corenet_receive_squid_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive squid_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_squid_server_packets',`
++	corenet_dontaudit_send_squid_server_packets($1)
++	corenet_dontaudit_receive_squid_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to squid_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_squid_server_packets',`
++	gen_require(`
++		type squid_server_packet_t;
++	')
++
++	allow $1 squid_server_packet_t:packet relabelto;
++')
++
++ # snmp and htcp
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	allow $1 swat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	allow $1 swat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	dontaudit $1 swat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	allow $1 swat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	dontaudit $1 swat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_swat_port',`
++	corenet_udp_send_swat_port($1)
++	corenet_udp_receive_swat_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_swat_port',`
++	corenet_dontaudit_udp_send_swat_port($1)
++	corenet_dontaudit_udp_receive_swat_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	allow $1 swat_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	allow $1 swat_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the swat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_swat_port',`
++	gen_require(`
++		type swat_port_t;
++	')
++
++	allow $1 swat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send swat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_swat_client_packets',`
++	gen_require(`
++		type swat_client_packet_t;
++	')
++
++	allow $1 swat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send swat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_swat_client_packets',`
++	gen_require(`
++		type swat_client_packet_t;
++	')
++
++	dontaudit $1 swat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive swat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_swat_client_packets',`
++	gen_require(`
++		type swat_client_packet_t;
++	')
++
++	allow $1 swat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive swat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_swat_client_packets',`
++	gen_require(`
++		type swat_client_packet_t;
++	')
++
++	dontaudit $1 swat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive swat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_swat_client_packets',`
++	corenet_send_swat_client_packets($1)
++	corenet_receive_swat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive swat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_swat_client_packets',`
++	corenet_dontaudit_send_swat_client_packets($1)
++	corenet_dontaudit_receive_swat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to swat_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_swat_client_packets',`
++	gen_require(`
++		type swat_client_packet_t;
++	')
++
++	allow $1 swat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send swat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_swat_server_packets',`
++	gen_require(`
++		type swat_server_packet_t;
++	')
++
++	allow $1 swat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send swat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_swat_server_packets',`
++	gen_require(`
++		type swat_server_packet_t;
++	')
++
++	dontaudit $1 swat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive swat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_swat_server_packets',`
++	gen_require(`
++		type swat_server_packet_t;
++	')
++
++	allow $1 swat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive swat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_swat_server_packets',`
++	gen_require(`
++		type swat_server_packet_t;
++	')
++
++	dontaudit $1 swat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive swat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_swat_server_packets',`
++	corenet_send_swat_server_packets($1)
++	corenet_receive_swat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive swat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_swat_server_packets',`
++	corenet_dontaudit_send_swat_server_packets($1)
++	corenet_dontaudit_receive_swat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to swat_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_swat_server_packets',`
++	gen_require(`
++		type swat_server_packet_t;
++	')
++
++	allow $1 swat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	allow $1 syslogd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	allow $1 syslogd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	dontaudit $1 syslogd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	allow $1 syslogd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	dontaudit $1 syslogd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_syslogd_port',`
++	corenet_udp_send_syslogd_port($1)
++	corenet_udp_receive_syslogd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_syslogd_port',`
++	corenet_dontaudit_udp_send_syslogd_port($1)
++	corenet_dontaudit_udp_receive_syslogd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	allow $1 syslogd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	allow $1 syslogd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the syslogd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_syslogd_port',`
++	gen_require(`
++		type syslogd_port_t;
++	')
++
++	allow $1 syslogd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send syslogd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_syslogd_client_packets',`
++	gen_require(`
++		type syslogd_client_packet_t;
++	')
++
++	allow $1 syslogd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send syslogd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_syslogd_client_packets',`
++	gen_require(`
++		type syslogd_client_packet_t;
++	')
++
++	dontaudit $1 syslogd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive syslogd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_syslogd_client_packets',`
++	gen_require(`
++		type syslogd_client_packet_t;
++	')
++
++	allow $1 syslogd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive syslogd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_syslogd_client_packets',`
++	gen_require(`
++		type syslogd_client_packet_t;
++	')
++
++	dontaudit $1 syslogd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive syslogd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_syslogd_client_packets',`
++	corenet_send_syslogd_client_packets($1)
++	corenet_receive_syslogd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive syslogd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_syslogd_client_packets',`
++	corenet_dontaudit_send_syslogd_client_packets($1)
++	corenet_dontaudit_receive_syslogd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to syslogd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_syslogd_client_packets',`
++	gen_require(`
++		type syslogd_client_packet_t;
++	')
++
++	allow $1 syslogd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send syslogd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_syslogd_server_packets',`
++	gen_require(`
++		type syslogd_server_packet_t;
++	')
++
++	allow $1 syslogd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send syslogd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_syslogd_server_packets',`
++	gen_require(`
++		type syslogd_server_packet_t;
++	')
++
++	dontaudit $1 syslogd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive syslogd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_syslogd_server_packets',`
++	gen_require(`
++		type syslogd_server_packet_t;
++	')
++
++	allow $1 syslogd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive syslogd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_syslogd_server_packets',`
++	gen_require(`
++		type syslogd_server_packet_t;
++	')
++
++	dontaudit $1 syslogd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive syslogd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_syslogd_server_packets',`
++	corenet_send_syslogd_server_packets($1)
++	corenet_receive_syslogd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive syslogd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_syslogd_server_packets',`
++	corenet_dontaudit_send_syslogd_server_packets($1)
++	corenet_dontaudit_receive_syslogd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to syslogd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_syslogd_server_packets',`
++	gen_require(`
++		type syslogd_server_packet_t;
++	')
++
++	allow $1 syslogd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	allow $1 telnetd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	allow $1 telnetd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	dontaudit $1 telnetd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	allow $1 telnetd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	dontaudit $1 telnetd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_telnetd_port',`
++	corenet_udp_send_telnetd_port($1)
++	corenet_udp_receive_telnetd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_telnetd_port',`
++	corenet_dontaudit_udp_send_telnetd_port($1)
++	corenet_dontaudit_udp_receive_telnetd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	allow $1 telnetd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	allow $1 telnetd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the telnetd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_telnetd_port',`
++	gen_require(`
++		type telnetd_port_t;
++	')
++
++	allow $1 telnetd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send telnetd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_telnetd_client_packets',`
++	gen_require(`
++		type telnetd_client_packet_t;
++	')
++
++	allow $1 telnetd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send telnetd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_telnetd_client_packets',`
++	gen_require(`
++		type telnetd_client_packet_t;
++	')
++
++	dontaudit $1 telnetd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive telnetd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_telnetd_client_packets',`
++	gen_require(`
++		type telnetd_client_packet_t;
++	')
++
++	allow $1 telnetd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive telnetd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_telnetd_client_packets',`
++	gen_require(`
++		type telnetd_client_packet_t;
++	')
++
++	dontaudit $1 telnetd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive telnetd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_telnetd_client_packets',`
++	corenet_send_telnetd_client_packets($1)
++	corenet_receive_telnetd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive telnetd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_telnetd_client_packets',`
++	corenet_dontaudit_send_telnetd_client_packets($1)
++	corenet_dontaudit_receive_telnetd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to telnetd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_telnetd_client_packets',`
++	gen_require(`
++		type telnetd_client_packet_t;
++	')
++
++	allow $1 telnetd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send telnetd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_telnetd_server_packets',`
++	gen_require(`
++		type telnetd_server_packet_t;
++	')
++
++	allow $1 telnetd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send telnetd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_telnetd_server_packets',`
++	gen_require(`
++		type telnetd_server_packet_t;
++	')
++
++	dontaudit $1 telnetd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive telnetd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_telnetd_server_packets',`
++	gen_require(`
++		type telnetd_server_packet_t;
++	')
++
++	allow $1 telnetd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive telnetd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_telnetd_server_packets',`
++	gen_require(`
++		type telnetd_server_packet_t;
++	')
++
++	dontaudit $1 telnetd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive telnetd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_telnetd_server_packets',`
++	corenet_send_telnetd_server_packets($1)
++	corenet_receive_telnetd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive telnetd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_telnetd_server_packets',`
++	corenet_dontaudit_send_telnetd_server_packets($1)
++	corenet_dontaudit_receive_telnetd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to telnetd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_telnetd_server_packets',`
++	gen_require(`
++		type telnetd_server_packet_t;
++	')
++
++	allow $1 telnetd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	allow $1 tftp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	allow $1 tftp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	dontaudit $1 tftp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	allow $1 tftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	dontaudit $1 tftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_tftp_port',`
++	corenet_udp_send_tftp_port($1)
++	corenet_udp_receive_tftp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_tftp_port',`
++	corenet_dontaudit_udp_send_tftp_port($1)
++	corenet_dontaudit_udp_receive_tftp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	allow $1 tftp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	allow $1 tftp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the tftp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_tftp_port',`
++	gen_require(`
++		type tftp_port_t;
++	')
++
++	allow $1 tftp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send tftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_tftp_client_packets',`
++	gen_require(`
++		type tftp_client_packet_t;
++	')
++
++	allow $1 tftp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send tftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_tftp_client_packets',`
++	gen_require(`
++		type tftp_client_packet_t;
++	')
++
++	dontaudit $1 tftp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive tftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_tftp_client_packets',`
++	gen_require(`
++		type tftp_client_packet_t;
++	')
++
++	allow $1 tftp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive tftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_tftp_client_packets',`
++	gen_require(`
++		type tftp_client_packet_t;
++	')
++
++	dontaudit $1 tftp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive tftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_tftp_client_packets',`
++	corenet_send_tftp_client_packets($1)
++	corenet_receive_tftp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive tftp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_tftp_client_packets',`
++	corenet_dontaudit_send_tftp_client_packets($1)
++	corenet_dontaudit_receive_tftp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to tftp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_tftp_client_packets',`
++	gen_require(`
++		type tftp_client_packet_t;
++	')
++
++	allow $1 tftp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send tftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_tftp_server_packets',`
++	gen_require(`
++		type tftp_server_packet_t;
++	')
++
++	allow $1 tftp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send tftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_tftp_server_packets',`
++	gen_require(`
++		type tftp_server_packet_t;
++	')
++
++	dontaudit $1 tftp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive tftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_tftp_server_packets',`
++	gen_require(`
++		type tftp_server_packet_t;
++	')
++
++	allow $1 tftp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive tftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_tftp_server_packets',`
++	gen_require(`
++		type tftp_server_packet_t;
++	')
++
++	dontaudit $1 tftp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive tftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_tftp_server_packets',`
++	corenet_send_tftp_server_packets($1)
++	corenet_receive_tftp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive tftp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_tftp_server_packets',`
++	corenet_dontaudit_send_tftp_server_packets($1)
++	corenet_dontaudit_receive_tftp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to tftp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_tftp_server_packets',`
++	gen_require(`
++		type tftp_server_packet_t;
++	')
++
++	allow $1 tftp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	allow $1 tomcat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	allow $1 tomcat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	dontaudit $1 tomcat_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	allow $1 tomcat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	dontaudit $1 tomcat_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_tomcat_port',`
++	corenet_udp_send_tomcat_port($1)
++	corenet_udp_receive_tomcat_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_tomcat_port',`
++	corenet_dontaudit_udp_send_tomcat_port($1)
++	corenet_dontaudit_udp_receive_tomcat_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	allow $1 tomcat_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	allow $1 tomcat_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the tomcat port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_tomcat_port',`
++	gen_require(`
++		type tomcat_port_t;
++	')
++
++	allow $1 tomcat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send tomcat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_tomcat_client_packets',`
++	gen_require(`
++		type tomcat_client_packet_t;
++	')
++
++	allow $1 tomcat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send tomcat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_tomcat_client_packets',`
++	gen_require(`
++		type tomcat_client_packet_t;
++	')
++
++	dontaudit $1 tomcat_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive tomcat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_tomcat_client_packets',`
++	gen_require(`
++		type tomcat_client_packet_t;
++	')
++
++	allow $1 tomcat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive tomcat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_tomcat_client_packets',`
++	gen_require(`
++		type tomcat_client_packet_t;
++	')
++
++	dontaudit $1 tomcat_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive tomcat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_tomcat_client_packets',`
++	corenet_send_tomcat_client_packets($1)
++	corenet_receive_tomcat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive tomcat_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_tomcat_client_packets',`
++	corenet_dontaudit_send_tomcat_client_packets($1)
++	corenet_dontaudit_receive_tomcat_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to tomcat_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_tomcat_client_packets',`
++	gen_require(`
++		type tomcat_client_packet_t;
++	')
++
++	allow $1 tomcat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send tomcat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_tomcat_server_packets',`
++	gen_require(`
++		type tomcat_server_packet_t;
++	')
++
++	allow $1 tomcat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send tomcat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_tomcat_server_packets',`
++	gen_require(`
++		type tomcat_server_packet_t;
++	')
++
++	dontaudit $1 tomcat_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive tomcat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_tomcat_server_packets',`
++	gen_require(`
++		type tomcat_server_packet_t;
++	')
++
++	allow $1 tomcat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive tomcat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_tomcat_server_packets',`
++	gen_require(`
++		type tomcat_server_packet_t;
++	')
++
++	dontaudit $1 tomcat_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive tomcat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_tomcat_server_packets',`
++	corenet_send_tomcat_server_packets($1)
++	corenet_receive_tomcat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive tomcat_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_tomcat_server_packets',`
++	corenet_dontaudit_send_tomcat_server_packets($1)
++	corenet_dontaudit_receive_tomcat_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to tomcat_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_tomcat_server_packets',`
++	gen_require(`
++		type tomcat_server_packet_t;
++	')
++
++	allow $1 tomcat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	allow $1 tor_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	allow $1 tor_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	dontaudit $1 tor_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	allow $1 tor_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	dontaudit $1 tor_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_tor_port',`
++	corenet_udp_send_tor_port($1)
++	corenet_udp_receive_tor_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_tor_port',`
++	corenet_dontaudit_udp_send_tor_port($1)
++	corenet_dontaudit_udp_receive_tor_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	allow $1 tor_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	allow $1 tor_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the tor port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_tor_port',`
++	gen_require(`
++		type tor_port_t;
++	')
++
++	allow $1 tor_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send tor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_tor_client_packets',`
++	gen_require(`
++		type tor_client_packet_t;
++	')
++
++	allow $1 tor_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send tor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_tor_client_packets',`
++	gen_require(`
++		type tor_client_packet_t;
++	')
++
++	dontaudit $1 tor_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive tor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_tor_client_packets',`
++	gen_require(`
++		type tor_client_packet_t;
++	')
++
++	allow $1 tor_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive tor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_tor_client_packets',`
++	gen_require(`
++		type tor_client_packet_t;
++	')
++
++	dontaudit $1 tor_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive tor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_tor_client_packets',`
++	corenet_send_tor_client_packets($1)
++	corenet_receive_tor_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive tor_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_tor_client_packets',`
++	corenet_dontaudit_send_tor_client_packets($1)
++	corenet_dontaudit_receive_tor_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to tor_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_tor_client_packets',`
++	gen_require(`
++		type tor_client_packet_t;
++	')
++
++	allow $1 tor_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send tor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_tor_server_packets',`
++	gen_require(`
++		type tor_server_packet_t;
++	')
++
++	allow $1 tor_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send tor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_tor_server_packets',`
++	gen_require(`
++		type tor_server_packet_t;
++	')
++
++	dontaudit $1 tor_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive tor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_tor_server_packets',`
++	gen_require(`
++		type tor_server_packet_t;
++	')
++
++	allow $1 tor_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive tor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_tor_server_packets',`
++	gen_require(`
++		type tor_server_packet_t;
++	')
++
++	dontaudit $1 tor_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive tor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_tor_server_packets',`
++	corenet_send_tor_server_packets($1)
++	corenet_receive_tor_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive tor_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_tor_server_packets',`
++	corenet_dontaudit_send_tor_server_packets($1)
++	corenet_dontaudit_receive_tor_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to tor_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_tor_server_packets',`
++	gen_require(`
++		type tor_server_packet_t;
++	')
++
++	allow $1 tor_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	allow $1 traceroute_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	allow $1 traceroute_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	dontaudit $1 traceroute_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	allow $1 traceroute_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	dontaudit $1 traceroute_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_traceroute_port',`
++	corenet_udp_send_traceroute_port($1)
++	corenet_udp_receive_traceroute_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_traceroute_port',`
++	corenet_dontaudit_udp_send_traceroute_port($1)
++	corenet_dontaudit_udp_receive_traceroute_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	allow $1 traceroute_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	allow $1 traceroute_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the traceroute port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_traceroute_port',`
++	gen_require(`
++		type traceroute_port_t;
++	')
++
++	allow $1 traceroute_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send traceroute_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_traceroute_client_packets',`
++	gen_require(`
++		type traceroute_client_packet_t;
++	')
++
++	allow $1 traceroute_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send traceroute_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_traceroute_client_packets',`
++	gen_require(`
++		type traceroute_client_packet_t;
++	')
++
++	dontaudit $1 traceroute_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive traceroute_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_traceroute_client_packets',`
++	gen_require(`
++		type traceroute_client_packet_t;
++	')
++
++	allow $1 traceroute_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive traceroute_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_traceroute_client_packets',`
++	gen_require(`
++		type traceroute_client_packet_t;
++	')
++
++	dontaudit $1 traceroute_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive traceroute_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_traceroute_client_packets',`
++	corenet_send_traceroute_client_packets($1)
++	corenet_receive_traceroute_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive traceroute_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_traceroute_client_packets',`
++	corenet_dontaudit_send_traceroute_client_packets($1)
++	corenet_dontaudit_receive_traceroute_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to traceroute_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_traceroute_client_packets',`
++	gen_require(`
++		type traceroute_client_packet_t;
++	')
++
++	allow $1 traceroute_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send traceroute_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_traceroute_server_packets',`
++	gen_require(`
++		type traceroute_server_packet_t;
++	')
++
++	allow $1 traceroute_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send traceroute_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_traceroute_server_packets',`
++	gen_require(`
++		type traceroute_server_packet_t;
++	')
++
++	dontaudit $1 traceroute_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive traceroute_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_traceroute_server_packets',`
++	gen_require(`
++		type traceroute_server_packet_t;
++	')
++
++	allow $1 traceroute_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive traceroute_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_traceroute_server_packets',`
++	gen_require(`
++		type traceroute_server_packet_t;
++	')
++
++	dontaudit $1 traceroute_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive traceroute_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_traceroute_server_packets',`
++	corenet_send_traceroute_server_packets($1)
++	corenet_receive_traceroute_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive traceroute_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_traceroute_server_packets',`
++	corenet_dontaudit_send_traceroute_server_packets($1)
++	corenet_dontaudit_receive_traceroute_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to traceroute_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_traceroute_server_packets',`
++	gen_require(`
++		type traceroute_server_packet_t;
++	')
++
++	allow $1 traceroute_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	allow $1 transproxy_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	allow $1 transproxy_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	dontaudit $1 transproxy_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	allow $1 transproxy_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	dontaudit $1 transproxy_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_transproxy_port',`
++	corenet_udp_send_transproxy_port($1)
++	corenet_udp_receive_transproxy_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_transproxy_port',`
++	corenet_dontaudit_udp_send_transproxy_port($1)
++	corenet_dontaudit_udp_receive_transproxy_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	allow $1 transproxy_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	allow $1 transproxy_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the transproxy port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_transproxy_port',`
++	gen_require(`
++		type transproxy_port_t;
++	')
++
++	allow $1 transproxy_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send transproxy_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_transproxy_client_packets',`
++	gen_require(`
++		type transproxy_client_packet_t;
++	')
++
++	allow $1 transproxy_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send transproxy_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_transproxy_client_packets',`
++	gen_require(`
++		type transproxy_client_packet_t;
++	')
++
++	dontaudit $1 transproxy_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive transproxy_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_transproxy_client_packets',`
++	gen_require(`
++		type transproxy_client_packet_t;
++	')
++
++	allow $1 transproxy_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive transproxy_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_transproxy_client_packets',`
++	gen_require(`
++		type transproxy_client_packet_t;
++	')
++
++	dontaudit $1 transproxy_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive transproxy_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_transproxy_client_packets',`
++	corenet_send_transproxy_client_packets($1)
++	corenet_receive_transproxy_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive transproxy_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_transproxy_client_packets',`
++	corenet_dontaudit_send_transproxy_client_packets($1)
++	corenet_dontaudit_receive_transproxy_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to transproxy_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_transproxy_client_packets',`
++	gen_require(`
++		type transproxy_client_packet_t;
++	')
++
++	allow $1 transproxy_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send transproxy_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_transproxy_server_packets',`
++	gen_require(`
++		type transproxy_server_packet_t;
++	')
++
++	allow $1 transproxy_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send transproxy_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_transproxy_server_packets',`
++	gen_require(`
++		type transproxy_server_packet_t;
++	')
++
++	dontaudit $1 transproxy_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive transproxy_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_transproxy_server_packets',`
++	gen_require(`
++		type transproxy_server_packet_t;
++	')
++
++	allow $1 transproxy_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive transproxy_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_transproxy_server_packets',`
++	gen_require(`
++		type transproxy_server_packet_t;
++	')
++
++	dontaudit $1 transproxy_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive transproxy_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_transproxy_server_packets',`
++	corenet_send_transproxy_server_packets($1)
++	corenet_receive_transproxy_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive transproxy_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_transproxy_server_packets',`
++	corenet_dontaudit_send_transproxy_server_packets($1)
++	corenet_dontaudit_receive_transproxy_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to transproxy_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_transproxy_server_packets',`
++	gen_require(`
++		type transproxy_server_packet_t;
++	')
++
++	allow $1 transproxy_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	allow $1 uucpd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	allow $1 uucpd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	dontaudit $1 uucpd_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	allow $1 uucpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	dontaudit $1 uucpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_uucpd_port',`
++	corenet_udp_send_uucpd_port($1)
++	corenet_udp_receive_uucpd_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_uucpd_port',`
++	corenet_dontaudit_udp_send_uucpd_port($1)
++	corenet_dontaudit_udp_receive_uucpd_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	allow $1 uucpd_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	allow $1 uucpd_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the uucpd port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_uucpd_port',`
++	gen_require(`
++		type uucpd_port_t;
++	')
++
++	allow $1 uucpd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send uucpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_uucpd_client_packets',`
++	gen_require(`
++		type uucpd_client_packet_t;
++	')
++
++	allow $1 uucpd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send uucpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_uucpd_client_packets',`
++	gen_require(`
++		type uucpd_client_packet_t;
++	')
++
++	dontaudit $1 uucpd_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive uucpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_uucpd_client_packets',`
++	gen_require(`
++		type uucpd_client_packet_t;
++	')
++
++	allow $1 uucpd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive uucpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_uucpd_client_packets',`
++	gen_require(`
++		type uucpd_client_packet_t;
++	')
++
++	dontaudit $1 uucpd_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive uucpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_uucpd_client_packets',`
++	corenet_send_uucpd_client_packets($1)
++	corenet_receive_uucpd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive uucpd_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_uucpd_client_packets',`
++	corenet_dontaudit_send_uucpd_client_packets($1)
++	corenet_dontaudit_receive_uucpd_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to uucpd_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_uucpd_client_packets',`
++	gen_require(`
++		type uucpd_client_packet_t;
++	')
++
++	allow $1 uucpd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send uucpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_uucpd_server_packets',`
++	gen_require(`
++		type uucpd_server_packet_t;
++	')
++
++	allow $1 uucpd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send uucpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_uucpd_server_packets',`
++	gen_require(`
++		type uucpd_server_packet_t;
++	')
++
++	dontaudit $1 uucpd_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive uucpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_uucpd_server_packets',`
++	gen_require(`
++		type uucpd_server_packet_t;
++	')
++
++	allow $1 uucpd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive uucpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_uucpd_server_packets',`
++	gen_require(`
++		type uucpd_server_packet_t;
++	')
++
++	dontaudit $1 uucpd_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive uucpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_uucpd_server_packets',`
++	corenet_send_uucpd_server_packets($1)
++	corenet_receive_uucpd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive uucpd_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_uucpd_server_packets',`
++	corenet_dontaudit_send_uucpd_server_packets($1)
++	corenet_dontaudit_receive_uucpd_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to uucpd_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_uucpd_server_packets',`
++	gen_require(`
++		type uucpd_server_packet_t;
++	')
++
++	allow $1 uucpd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	allow $1 virt_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	allow $1 virt_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	dontaudit $1 virt_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	allow $1 virt_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	dontaudit $1 virt_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_virt_port',`
++	corenet_udp_send_virt_port($1)
++	corenet_udp_receive_virt_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_virt_port',`
++	corenet_dontaudit_udp_send_virt_port($1)
++	corenet_dontaudit_udp_receive_virt_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	allow $1 virt_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	allow $1 virt_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the virt port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_virt_port',`
++	gen_require(`
++		type virt_port_t;
++	')
++
++	allow $1 virt_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send virt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_virt_client_packets',`
++	gen_require(`
++		type virt_client_packet_t;
++	')
++
++	allow $1 virt_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send virt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_virt_client_packets',`
++	gen_require(`
++		type virt_client_packet_t;
++	')
++
++	dontaudit $1 virt_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive virt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_virt_client_packets',`
++	gen_require(`
++		type virt_client_packet_t;
++	')
++
++	allow $1 virt_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive virt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_virt_client_packets',`
++	gen_require(`
++		type virt_client_packet_t;
++	')
++
++	dontaudit $1 virt_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive virt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_virt_client_packets',`
++	corenet_send_virt_client_packets($1)
++	corenet_receive_virt_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive virt_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_virt_client_packets',`
++	corenet_dontaudit_send_virt_client_packets($1)
++	corenet_dontaudit_receive_virt_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to virt_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_virt_client_packets',`
++	gen_require(`
++		type virt_client_packet_t;
++	')
++
++	allow $1 virt_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send virt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_virt_server_packets',`
++	gen_require(`
++		type virt_server_packet_t;
++	')
++
++	allow $1 virt_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send virt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_virt_server_packets',`
++	gen_require(`
++		type virt_server_packet_t;
++	')
++
++	dontaudit $1 virt_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive virt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_virt_server_packets',`
++	gen_require(`
++		type virt_server_packet_t;
++	')
++
++	allow $1 virt_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive virt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_virt_server_packets',`
++	gen_require(`
++		type virt_server_packet_t;
++	')
++
++	dontaudit $1 virt_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive virt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_virt_server_packets',`
++	corenet_send_virt_server_packets($1)
++	corenet_receive_virt_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive virt_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_virt_server_packets',`
++	corenet_dontaudit_send_virt_server_packets($1)
++	corenet_dontaudit_receive_virt_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to virt_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_virt_server_packets',`
++	gen_require(`
++		type virt_server_packet_t;
++	')
++
++	allow $1 virt_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	allow $1 vnc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	allow $1 vnc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	dontaudit $1 vnc_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	allow $1 vnc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	dontaudit $1 vnc_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_vnc_port',`
++	corenet_udp_send_vnc_port($1)
++	corenet_udp_receive_vnc_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_vnc_port',`
++	corenet_dontaudit_udp_send_vnc_port($1)
++	corenet_dontaudit_udp_receive_vnc_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	allow $1 vnc_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	allow $1 vnc_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the vnc port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_vnc_port',`
++	gen_require(`
++		type vnc_port_t;
++	')
++
++	allow $1 vnc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send vnc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_vnc_client_packets',`
++	gen_require(`
++		type vnc_client_packet_t;
++	')
++
++	allow $1 vnc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send vnc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_vnc_client_packets',`
++	gen_require(`
++		type vnc_client_packet_t;
++	')
++
++	dontaudit $1 vnc_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive vnc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_vnc_client_packets',`
++	gen_require(`
++		type vnc_client_packet_t;
++	')
++
++	allow $1 vnc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive vnc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_vnc_client_packets',`
++	gen_require(`
++		type vnc_client_packet_t;
++	')
++
++	dontaudit $1 vnc_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive vnc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_vnc_client_packets',`
++	corenet_send_vnc_client_packets($1)
++	corenet_receive_vnc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive vnc_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_vnc_client_packets',`
++	corenet_dontaudit_send_vnc_client_packets($1)
++	corenet_dontaudit_receive_vnc_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to vnc_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_vnc_client_packets',`
++	gen_require(`
++		type vnc_client_packet_t;
++	')
++
++	allow $1 vnc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send vnc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_vnc_server_packets',`
++	gen_require(`
++		type vnc_server_packet_t;
++	')
++
++	allow $1 vnc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send vnc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_vnc_server_packets',`
++	gen_require(`
++		type vnc_server_packet_t;
++	')
++
++	dontaudit $1 vnc_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive vnc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_vnc_server_packets',`
++	gen_require(`
++		type vnc_server_packet_t;
++	')
++
++	allow $1 vnc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive vnc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_vnc_server_packets',`
++	gen_require(`
++		type vnc_server_packet_t;
++	')
++
++	dontaudit $1 vnc_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive vnc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_vnc_server_packets',`
++	corenet_send_vnc_server_packets($1)
++	corenet_receive_vnc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive vnc_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_vnc_server_packets',`
++	corenet_dontaudit_send_vnc_server_packets($1)
++	corenet_dontaudit_receive_vnc_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to vnc_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_vnc_server_packets',`
++	gen_require(`
++		type vnc_server_packet_t;
++	')
++
++	allow $1 vnc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	allow $1 whois_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	allow $1 whois_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	dontaudit $1 whois_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	allow $1 whois_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	dontaudit $1 whois_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_whois_port',`
++	corenet_udp_send_whois_port($1)
++	corenet_udp_receive_whois_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_whois_port',`
++	corenet_dontaudit_udp_send_whois_port($1)
++	corenet_dontaudit_udp_receive_whois_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	allow $1 whois_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	allow $1 whois_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the whois port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_whois_port',`
++	gen_require(`
++		type whois_port_t;
++	')
++
++	allow $1 whois_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send whois_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_whois_client_packets',`
++	gen_require(`
++		type whois_client_packet_t;
++	')
++
++	allow $1 whois_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send whois_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_whois_client_packets',`
++	gen_require(`
++		type whois_client_packet_t;
++	')
++
++	dontaudit $1 whois_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive whois_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_whois_client_packets',`
++	gen_require(`
++		type whois_client_packet_t;
++	')
++
++	allow $1 whois_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive whois_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_whois_client_packets',`
++	gen_require(`
++		type whois_client_packet_t;
++	')
++
++	dontaudit $1 whois_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive whois_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_whois_client_packets',`
++	corenet_send_whois_client_packets($1)
++	corenet_receive_whois_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive whois_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_whois_client_packets',`
++	corenet_dontaudit_send_whois_client_packets($1)
++	corenet_dontaudit_receive_whois_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to whois_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_whois_client_packets',`
++	gen_require(`
++		type whois_client_packet_t;
++	')
++
++	allow $1 whois_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send whois_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_whois_server_packets',`
++	gen_require(`
++		type whois_server_packet_t;
++	')
++
++	allow $1 whois_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send whois_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_whois_server_packets',`
++	gen_require(`
++		type whois_server_packet_t;
++	')
++
++	dontaudit $1 whois_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive whois_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_whois_server_packets',`
++	gen_require(`
++		type whois_server_packet_t;
++	')
++
++	allow $1 whois_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive whois_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_whois_server_packets',`
++	gen_require(`
++		type whois_server_packet_t;
++	')
++
++	dontaudit $1 whois_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive whois_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_whois_server_packets',`
++	corenet_send_whois_server_packets($1)
++	corenet_receive_whois_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive whois_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_whois_server_packets',`
++	corenet_dontaudit_send_whois_server_packets($1)
++	corenet_dontaudit_receive_whois_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to whois_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_whois_server_packets',`
++	gen_require(`
++		type whois_server_packet_t;
++	')
++
++	allow $1 whois_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	allow $1 wccp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	allow $1 wccp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	dontaudit $1 wccp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	allow $1 wccp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	dontaudit $1 wccp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_wccp_port',`
++	corenet_udp_send_wccp_port($1)
++	corenet_udp_receive_wccp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_wccp_port',`
++	corenet_dontaudit_udp_send_wccp_port($1)
++	corenet_dontaudit_udp_receive_wccp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	allow $1 wccp_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	allow $1 wccp_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the wccp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_wccp_port',`
++	gen_require(`
++		type wccp_port_t;
++	')
++
++	allow $1 wccp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send wccp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_wccp_client_packets',`
++	gen_require(`
++		type wccp_client_packet_t;
++	')
++
++	allow $1 wccp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send wccp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_wccp_client_packets',`
++	gen_require(`
++		type wccp_client_packet_t;
++	')
++
++	dontaudit $1 wccp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive wccp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_wccp_client_packets',`
++	gen_require(`
++		type wccp_client_packet_t;
++	')
++
++	allow $1 wccp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive wccp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_wccp_client_packets',`
++	gen_require(`
++		type wccp_client_packet_t;
++	')
++
++	dontaudit $1 wccp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive wccp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_wccp_client_packets',`
++	corenet_send_wccp_client_packets($1)
++	corenet_receive_wccp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive wccp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_wccp_client_packets',`
++	corenet_dontaudit_send_wccp_client_packets($1)
++	corenet_dontaudit_receive_wccp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to wccp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_wccp_client_packets',`
++	gen_require(`
++		type wccp_client_packet_t;
++	')
++
++	allow $1 wccp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send wccp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_wccp_server_packets',`
++	gen_require(`
++		type wccp_server_packet_t;
++	')
++
++	allow $1 wccp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send wccp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_wccp_server_packets',`
++	gen_require(`
++		type wccp_server_packet_t;
++	')
++
++	dontaudit $1 wccp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive wccp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_wccp_server_packets',`
++	gen_require(`
++		type wccp_server_packet_t;
++	')
++
++	allow $1 wccp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive wccp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_wccp_server_packets',`
++	gen_require(`
++		type wccp_server_packet_t;
++	')
++
++	dontaudit $1 wccp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive wccp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_wccp_server_packets',`
++	corenet_send_wccp_server_packets($1)
++	corenet_receive_wccp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive wccp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_wccp_server_packets',`
++	corenet_dontaudit_send_wccp_server_packets($1)
++	corenet_dontaudit_receive_wccp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to wccp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_wccp_server_packets',`
++	gen_require(`
++		type wccp_server_packet_t;
++	')
++
++	allow $1 wccp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	allow $1 xdmcp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	allow $1 xdmcp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	dontaudit $1 xdmcp_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	allow $1 xdmcp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	dontaudit $1 xdmcp_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_xdmcp_port',`
++	corenet_udp_send_xdmcp_port($1)
++	corenet_udp_receive_xdmcp_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_xdmcp_port',`
++	corenet_dontaudit_udp_send_xdmcp_port($1)
++	corenet_dontaudit_udp_receive_xdmcp_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	allow $1 xdmcp_port_t:tcp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	allow $1 xdmcp_port_t:udp_socket name_bind;
++	allow $1 self:capability net_bind_service;
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the xdmcp port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_xdmcp_port',`
++	gen_require(`
++		type xdmcp_port_t;
++	')
++
++	allow $1 xdmcp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send xdmcp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xdmcp_client_packets',`
++	gen_require(`
++		type xdmcp_client_packet_t;
++	')
++
++	allow $1 xdmcp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xdmcp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xdmcp_client_packets',`
++	gen_require(`
++		type xdmcp_client_packet_t;
++	')
++
++	dontaudit $1 xdmcp_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xdmcp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xdmcp_client_packets',`
++	gen_require(`
++		type xdmcp_client_packet_t;
++	')
++
++	allow $1 xdmcp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xdmcp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xdmcp_client_packets',`
++	gen_require(`
++		type xdmcp_client_packet_t;
++	')
++
++	dontaudit $1 xdmcp_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xdmcp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xdmcp_client_packets',`
++	corenet_send_xdmcp_client_packets($1)
++	corenet_receive_xdmcp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xdmcp_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xdmcp_client_packets',`
++	corenet_dontaudit_send_xdmcp_client_packets($1)
++	corenet_dontaudit_receive_xdmcp_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xdmcp_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xdmcp_client_packets',`
++	gen_require(`
++		type xdmcp_client_packet_t;
++	')
++
++	allow $1 xdmcp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send xdmcp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xdmcp_server_packets',`
++	gen_require(`
++		type xdmcp_server_packet_t;
++	')
++
++	allow $1 xdmcp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xdmcp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xdmcp_server_packets',`
++	gen_require(`
++		type xdmcp_server_packet_t;
++	')
++
++	dontaudit $1 xdmcp_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xdmcp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xdmcp_server_packets',`
++	gen_require(`
++		type xdmcp_server_packet_t;
++	')
++
++	allow $1 xdmcp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xdmcp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xdmcp_server_packets',`
++	gen_require(`
++		type xdmcp_server_packet_t;
++	')
++
++	dontaudit $1 xdmcp_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xdmcp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xdmcp_server_packets',`
++	corenet_send_xdmcp_server_packets($1)
++	corenet_receive_xdmcp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xdmcp_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xdmcp_server_packets',`
++	corenet_dontaudit_send_xdmcp_server_packets($1)
++	corenet_dontaudit_receive_xdmcp_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xdmcp_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xdmcp_server_packets',`
++	gen_require(`
++		type xdmcp_server_packet_t;
++	')
++
++	allow $1 xdmcp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	allow $1 xen_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	allow $1 xen_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	dontaudit $1 xen_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	allow $1 xen_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	dontaudit $1 xen_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_xen_port',`
++	corenet_udp_send_xen_port($1)
++	corenet_udp_receive_xen_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_xen_port',`
++	corenet_dontaudit_udp_send_xen_port($1)
++	corenet_dontaudit_udp_receive_xen_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	allow $1 xen_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	allow $1 xen_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the xen port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_xen_port',`
++	gen_require(`
++		type xen_port_t;
++	')
++
++	allow $1 xen_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send xen_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xen_client_packets',`
++	gen_require(`
++		type xen_client_packet_t;
++	')
++
++	allow $1 xen_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xen_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xen_client_packets',`
++	gen_require(`
++		type xen_client_packet_t;
++	')
++
++	dontaudit $1 xen_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xen_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xen_client_packets',`
++	gen_require(`
++		type xen_client_packet_t;
++	')
++
++	allow $1 xen_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xen_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xen_client_packets',`
++	gen_require(`
++		type xen_client_packet_t;
++	')
++
++	dontaudit $1 xen_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xen_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xen_client_packets',`
++	corenet_send_xen_client_packets($1)
++	corenet_receive_xen_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xen_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xen_client_packets',`
++	corenet_dontaudit_send_xen_client_packets($1)
++	corenet_dontaudit_receive_xen_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xen_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xen_client_packets',`
++	gen_require(`
++		type xen_client_packet_t;
++	')
++
++	allow $1 xen_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send xen_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xen_server_packets',`
++	gen_require(`
++		type xen_server_packet_t;
++	')
++
++	allow $1 xen_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xen_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xen_server_packets',`
++	gen_require(`
++		type xen_server_packet_t;
++	')
++
++	dontaudit $1 xen_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xen_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xen_server_packets',`
++	gen_require(`
++		type xen_server_packet_t;
++	')
++
++	allow $1 xen_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xen_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xen_server_packets',`
++	gen_require(`
++		type xen_server_packet_t;
++	')
++
++	dontaudit $1 xen_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xen_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xen_server_packets',`
++	corenet_send_xen_server_packets($1)
++	corenet_receive_xen_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xen_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xen_server_packets',`
++	corenet_dontaudit_send_xen_server_packets($1)
++	corenet_dontaudit_receive_xen_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xen_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xen_server_packets',`
++	gen_require(`
++		type xen_server_packet_t;
++	')
++
++	allow $1 xen_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	allow $1 xfs_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	allow $1 xfs_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	dontaudit $1 xfs_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	allow $1 xfs_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	dontaudit $1 xfs_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_xfs_port',`
++	corenet_udp_send_xfs_port($1)
++	corenet_udp_receive_xfs_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_xfs_port',`
++	corenet_dontaudit_udp_send_xfs_port($1)
++	corenet_dontaudit_udp_receive_xfs_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	allow $1 xfs_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	allow $1 xfs_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the xfs port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_xfs_port',`
++	gen_require(`
++		type xfs_port_t;
++	')
++
++	allow $1 xfs_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send xfs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xfs_client_packets',`
++	gen_require(`
++		type xfs_client_packet_t;
++	')
++
++	allow $1 xfs_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xfs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xfs_client_packets',`
++	gen_require(`
++		type xfs_client_packet_t;
++	')
++
++	dontaudit $1 xfs_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xfs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xfs_client_packets',`
++	gen_require(`
++		type xfs_client_packet_t;
++	')
++
++	allow $1 xfs_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xfs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xfs_client_packets',`
++	gen_require(`
++		type xfs_client_packet_t;
++	')
++
++	dontaudit $1 xfs_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xfs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xfs_client_packets',`
++	corenet_send_xfs_client_packets($1)
++	corenet_receive_xfs_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xfs_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xfs_client_packets',`
++	corenet_dontaudit_send_xfs_client_packets($1)
++	corenet_dontaudit_receive_xfs_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xfs_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xfs_client_packets',`
++	gen_require(`
++		type xfs_client_packet_t;
++	')
++
++	allow $1 xfs_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send xfs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xfs_server_packets',`
++	gen_require(`
++		type xfs_server_packet_t;
++	')
++
++	allow $1 xfs_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xfs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xfs_server_packets',`
++	gen_require(`
++		type xfs_server_packet_t;
++	')
++
++	dontaudit $1 xfs_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xfs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xfs_server_packets',`
++	gen_require(`
++		type xfs_server_packet_t;
++	')
++
++	allow $1 xfs_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xfs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xfs_server_packets',`
++	gen_require(`
++		type xfs_server_packet_t;
++	')
++
++	dontaudit $1 xfs_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xfs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xfs_server_packets',`
++	corenet_send_xfs_server_packets($1)
++	corenet_receive_xfs_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xfs_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xfs_server_packets',`
++	corenet_dontaudit_send_xfs_server_packets($1)
++	corenet_dontaudit_receive_xfs_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xfs_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xfs_server_packets',`
++	gen_require(`
++		type xfs_server_packet_t;
++	')
++
++	allow $1 xfs_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	allow $1 xserver_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	allow $1 xserver_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	dontaudit $1 xserver_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	allow $1 xserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	dontaudit $1 xserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_xserver_port',`
++	corenet_udp_send_xserver_port($1)
++	corenet_udp_receive_xserver_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_xserver_port',`
++	corenet_dontaudit_udp_send_xserver_port($1)
++	corenet_dontaudit_udp_receive_xserver_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	allow $1 xserver_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	allow $1 xserver_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the xserver port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_xserver_port',`
++	gen_require(`
++		type xserver_port_t;
++	')
++
++	allow $1 xserver_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send xserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xserver_client_packets',`
++	gen_require(`
++		type xserver_client_packet_t;
++	')
++
++	allow $1 xserver_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xserver_client_packets',`
++	gen_require(`
++		type xserver_client_packet_t;
++	')
++
++	dontaudit $1 xserver_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xserver_client_packets',`
++	gen_require(`
++		type xserver_client_packet_t;
++	')
++
++	allow $1 xserver_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xserver_client_packets',`
++	gen_require(`
++		type xserver_client_packet_t;
++	')
++
++	dontaudit $1 xserver_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xserver_client_packets',`
++	corenet_send_xserver_client_packets($1)
++	corenet_receive_xserver_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xserver_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xserver_client_packets',`
++	corenet_dontaudit_send_xserver_client_packets($1)
++	corenet_dontaudit_receive_xserver_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xserver_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xserver_client_packets',`
++	gen_require(`
++		type xserver_client_packet_t;
++	')
++
++	allow $1 xserver_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send xserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_xserver_server_packets',`
++	gen_require(`
++		type xserver_server_packet_t;
++	')
++
++	allow $1 xserver_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send xserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_xserver_server_packets',`
++	gen_require(`
++		type xserver_server_packet_t;
++	')
++
++	dontaudit $1 xserver_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive xserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_xserver_server_packets',`
++	gen_require(`
++		type xserver_server_packet_t;
++	')
++
++	allow $1 xserver_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive xserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_xserver_server_packets',`
++	gen_require(`
++		type xserver_server_packet_t;
++	')
++
++	dontaudit $1 xserver_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive xserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_xserver_server_packets',`
++	corenet_send_xserver_server_packets($1)
++	corenet_receive_xserver_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive xserver_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_xserver_server_packets',`
++	corenet_dontaudit_send_xserver_server_packets($1)
++	corenet_dontaudit_receive_xserver_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to xserver_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_xserver_server_packets',`
++	gen_require(`
++		type xserver_server_packet_t;
++	')
++
++	allow $1 xserver_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	allow $1 zebra_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	allow $1 zebra_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	dontaudit $1 zebra_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	allow $1 zebra_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	dontaudit $1 zebra_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_zebra_port',`
++	corenet_udp_send_zebra_port($1)
++	corenet_udp_receive_zebra_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_zebra_port',`
++	corenet_dontaudit_udp_send_zebra_port($1)
++	corenet_dontaudit_udp_receive_zebra_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	allow $1 zebra_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	allow $1 zebra_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the zebra port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_zebra_port',`
++	gen_require(`
++		type zebra_port_t;
++	')
++
++	allow $1 zebra_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send zebra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_zebra_client_packets',`
++	gen_require(`
++		type zebra_client_packet_t;
++	')
++
++	allow $1 zebra_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send zebra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_zebra_client_packets',`
++	gen_require(`
++		type zebra_client_packet_t;
++	')
++
++	dontaudit $1 zebra_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive zebra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_zebra_client_packets',`
++	gen_require(`
++		type zebra_client_packet_t;
++	')
++
++	allow $1 zebra_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive zebra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_zebra_client_packets',`
++	gen_require(`
++		type zebra_client_packet_t;
++	')
++
++	dontaudit $1 zebra_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive zebra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_zebra_client_packets',`
++	corenet_send_zebra_client_packets($1)
++	corenet_receive_zebra_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive zebra_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_zebra_client_packets',`
++	corenet_dontaudit_send_zebra_client_packets($1)
++	corenet_dontaudit_receive_zebra_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to zebra_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_zebra_client_packets',`
++	gen_require(`
++		type zebra_client_packet_t;
++	')
++
++	allow $1 zebra_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send zebra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_zebra_server_packets',`
++	gen_require(`
++		type zebra_server_packet_t;
++	')
++
++	allow $1 zebra_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send zebra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_zebra_server_packets',`
++	gen_require(`
++		type zebra_server_packet_t;
++	')
++
++	dontaudit $1 zebra_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive zebra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_zebra_server_packets',`
++	gen_require(`
++		type zebra_server_packet_t;
++	')
++
++	allow $1 zebra_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive zebra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_zebra_server_packets',`
++	gen_require(`
++		type zebra_server_packet_t;
++	')
++
++	dontaudit $1 zebra_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive zebra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_zebra_server_packets',`
++	corenet_send_zebra_server_packets($1)
++	corenet_receive_zebra_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive zebra_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_zebra_server_packets',`
++	corenet_dontaudit_send_zebra_server_packets($1)
++	corenet_dontaudit_receive_zebra_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to zebra_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_zebra_server_packets',`
++	gen_require(`
++		type zebra_server_packet_t;
++	')
++
++	allow $1 zebra_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	allow $1 zope_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	allow $1 zope_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send UDP traffic on the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_send_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	dontaudit $1 zope_port_t:udp_socket send_msg;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	allow $1 zope_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive UDP traffic on the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_receive_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	dontaudit $1 zope_port_t:udp_socket recv_msg;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_zope_port',`
++	corenet_udp_send_zope_port($1)
++	corenet_udp_receive_zope_port($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive
++##	UDP traffic on the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_udp_sendrecv_zope_port',`
++	corenet_dontaudit_udp_send_zope_port($1)
++	corenet_dontaudit_udp_receive_zope_port($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	allow $1 zope_port_t:tcp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	allow $1 zope_port_t:udp_socket name_bind;
++	
++')
++
++########################################
++## <summary>
++##	Make a TCP connection to the zope port.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_tcp_connect_zope_port',`
++	gen_require(`
++		type zope_port_t;
++	')
++
++	allow $1 zope_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++## <summary>
++##	Send zope_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_zope_client_packets',`
++	gen_require(`
++		type zope_client_packet_t;
++	')
++
++	allow $1 zope_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send zope_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_zope_client_packets',`
++	gen_require(`
++		type zope_client_packet_t;
++	')
++
++	dontaudit $1 zope_client_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive zope_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_zope_client_packets',`
++	gen_require(`
++		type zope_client_packet_t;
++	')
++
++	allow $1 zope_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive zope_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_zope_client_packets',`
++	gen_require(`
++		type zope_client_packet_t;
++	')
++
++	dontaudit $1 zope_client_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive zope_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_zope_client_packets',`
++	corenet_send_zope_client_packets($1)
++	corenet_receive_zope_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive zope_client packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_zope_client_packets',`
++	corenet_dontaudit_send_zope_client_packets($1)
++	corenet_dontaudit_receive_zope_client_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to zope_client the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_zope_client_packets',`
++	gen_require(`
++		type zope_client_packet_t;
++	')
++
++	allow $1 zope_client_packet_t:packet relabelto;
++')
++
++
++########################################
++## <summary>
++##	Send zope_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_send_zope_server_packets',`
++	gen_require(`
++		type zope_server_packet_t;
++	')
++
++	allow $1 zope_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send zope_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_send_zope_server_packets',`
++	gen_require(`
++		type zope_server_packet_t;
++	')
++
++	dontaudit $1 zope_server_packet_t:packet send;
++')
++
++########################################
++## <summary>
++##	Receive zope_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_receive_zope_server_packets',`
++	gen_require(`
++		type zope_server_packet_t;
++	')
++
++	allow $1 zope_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to receive zope_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_receive_zope_server_packets',`
++	gen_require(`
++		type zope_server_packet_t;
++	')
++
++	dontaudit $1 zope_server_packet_t:packet recv;
++')
++
++########################################
++## <summary>
++##	Send and receive zope_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_sendrecv_zope_server_packets',`
++	corenet_send_zope_server_packets($1)
++	corenet_receive_zope_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Do not audit attempts to send and receive zope_server packets.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain to not audit.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_dontaudit_sendrecv_zope_server_packets',`
++	corenet_dontaudit_send_zope_server_packets($1)
++	corenet_dontaudit_receive_zope_server_packets($1)
++')
++
++########################################
++## <summary>
++##	Relabel packets to zope_server the packet type.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++#
++interface(`corenet_relabelto_zope_server_packets',`
++	gen_require(`
++		type zope_server_packet_t;
++	')
++
++	allow $1 zope_server_packet_t:packet relabelto;
++')
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_compat_ipv4_node',`
++	gen_require(`
++		type compat_ipv4_node_t;
++	')
++
++	allow $1 compat_ipv4_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_compat_ipv4_node',`
++	gen_require(`
++		type compat_ipv4_node_t;
++	')
++
++	allow $1 compat_ipv4_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_compat_ipv4_node',`
++	gen_require(`
++		type compat_ipv4_node_t;
++	')
++
++	allow $1 compat_ipv4_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_compat_ipv4_node',`
++	corenet_udp_send_compat_ipv4_node($1)
++	corenet_udp_receive_compat_ipv4_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_compat_ipv4_node',`
++	gen_require(`
++		type compat_ipv4_node_t;
++	')
++
++	allow $1 compat_ipv4_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_compat_ipv4_node',`
++	gen_require(`
++		type compat_ipv4_node_t;
++	')
++
++	allow $1 compat_ipv4_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_compat_ipv4_node',`
++	corenet_raw_send_compat_ipv4_node($1)
++	corenet_raw_receive_compat_ipv4_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node compat_ipv4.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_compat_ipv4_node',`
++	gen_require(`
++		type compat_ipv4_node_t;
++	')
++
++	allow $1 compat_ipv4_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the compat_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_compat_ipv4_node',`
++	gen_require(`
++		type compat_ipv4_node_t;
++	')
++
++	allow $1 compat_ipv4_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_inaddr_any_node',`
++	gen_require(`
++		type inaddr_any_node_t;
++	')
++
++	allow $1 inaddr_any_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_inaddr_any_node',`
++	gen_require(`
++		type inaddr_any_node_t;
++	')
++
++	allow $1 inaddr_any_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_inaddr_any_node',`
++	gen_require(`
++		type inaddr_any_node_t;
++	')
++
++	allow $1 inaddr_any_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_inaddr_any_node',`
++	corenet_udp_send_inaddr_any_node($1)
++	corenet_udp_receive_inaddr_any_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_inaddr_any_node',`
++	gen_require(`
++		type inaddr_any_node_t;
++	')
++
++	allow $1 inaddr_any_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_inaddr_any_node',`
++	gen_require(`
++		type inaddr_any_node_t;
++	')
++
++	allow $1 inaddr_any_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_inaddr_any_node',`
++	corenet_raw_send_inaddr_any_node($1)
++	corenet_raw_receive_inaddr_any_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node inaddr_any.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_inaddr_any_node',`
++	gen_require(`
++		type inaddr_any_node_t;
++	')
++
++	allow $1 inaddr_any_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the inaddr_any node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_inaddr_any_node',`
++	gen_require(`
++		type inaddr_any_node_t;
++	')
++
++	allow $1 inaddr_any_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_link_local_node',`
++	gen_require(`
++		type link_local_node_t;
++	')
++
++	allow $1 link_local_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_link_local_node',`
++	gen_require(`
++		type link_local_node_t;
++	')
++
++	allow $1 link_local_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_link_local_node',`
++	gen_require(`
++		type link_local_node_t;
++	')
++
++	allow $1 link_local_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_link_local_node',`
++	corenet_udp_send_link_local_node($1)
++	corenet_udp_receive_link_local_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_link_local_node',`
++	gen_require(`
++		type link_local_node_t;
++	')
++
++	allow $1 link_local_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_link_local_node',`
++	gen_require(`
++		type link_local_node_t;
++	')
++
++	allow $1 link_local_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_link_local_node',`
++	corenet_raw_send_link_local_node($1)
++	corenet_raw_receive_link_local_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node link_local.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_link_local_node',`
++	gen_require(`
++		type link_local_node_t;
++	')
++
++	allow $1 link_local_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the link_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_link_local_node',`
++	gen_require(`
++		type link_local_node_t;
++	')
++
++	allow $1 link_local_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_lo_node',`
++	gen_require(`
++		type lo_node_t;
++	')
++
++	allow $1 lo_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_lo_node',`
++	gen_require(`
++		type lo_node_t;
++	')
++
++	allow $1 lo_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_lo_node',`
++	gen_require(`
++		type lo_node_t;
++	')
++
++	allow $1 lo_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_lo_node',`
++	corenet_udp_send_lo_node($1)
++	corenet_udp_receive_lo_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_lo_node',`
++	gen_require(`
++		type lo_node_t;
++	')
++
++	allow $1 lo_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_lo_node',`
++	gen_require(`
++		type lo_node_t;
++	')
++
++	allow $1 lo_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_lo_node',`
++	corenet_raw_send_lo_node($1)
++	corenet_raw_receive_lo_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node lo.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_lo_node',`
++	gen_require(`
++		type lo_node_t;
++	')
++
++	allow $1 lo_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the lo node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_lo_node',`
++	gen_require(`
++		type lo_node_t;
++	')
++
++	allow $1 lo_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_mapped_ipv4_node',`
++	gen_require(`
++		type mapped_ipv4_node_t;
++	')
++
++	allow $1 mapped_ipv4_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_mapped_ipv4_node',`
++	gen_require(`
++		type mapped_ipv4_node_t;
++	')
++
++	allow $1 mapped_ipv4_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_mapped_ipv4_node',`
++	gen_require(`
++		type mapped_ipv4_node_t;
++	')
++
++	allow $1 mapped_ipv4_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_mapped_ipv4_node',`
++	corenet_udp_send_mapped_ipv4_node($1)
++	corenet_udp_receive_mapped_ipv4_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_mapped_ipv4_node',`
++	gen_require(`
++		type mapped_ipv4_node_t;
++	')
++
++	allow $1 mapped_ipv4_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_mapped_ipv4_node',`
++	gen_require(`
++		type mapped_ipv4_node_t;
++	')
++
++	allow $1 mapped_ipv4_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_mapped_ipv4_node',`
++	corenet_raw_send_mapped_ipv4_node($1)
++	corenet_raw_receive_mapped_ipv4_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node mapped_ipv4.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_mapped_ipv4_node',`
++	gen_require(`
++		type mapped_ipv4_node_t;
++	')
++
++	allow $1 mapped_ipv4_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the mapped_ipv4 node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_mapped_ipv4_node',`
++	gen_require(`
++		type mapped_ipv4_node_t;
++	')
++
++	allow $1 mapped_ipv4_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_multicast_node',`
++	gen_require(`
++		type multicast_node_t;
++	')
++
++	allow $1 multicast_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_multicast_node',`
++	gen_require(`
++		type multicast_node_t;
++	')
++
++	allow $1 multicast_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_multicast_node',`
++	gen_require(`
++		type multicast_node_t;
++	')
++
++	allow $1 multicast_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_multicast_node',`
++	corenet_udp_send_multicast_node($1)
++	corenet_udp_receive_multicast_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_multicast_node',`
++	gen_require(`
++		type multicast_node_t;
++	')
++
++	allow $1 multicast_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_multicast_node',`
++	gen_require(`
++		type multicast_node_t;
++	')
++
++	allow $1 multicast_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_multicast_node',`
++	corenet_raw_send_multicast_node($1)
++	corenet_raw_receive_multicast_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node multicast.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_multicast_node',`
++	gen_require(`
++		type multicast_node_t;
++	')
++
++	allow $1 multicast_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the multicast node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_multicast_node',`
++	gen_require(`
++		type multicast_node_t;
++	')
++
++	allow $1 multicast_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_site_local_node',`
++	gen_require(`
++		type site_local_node_t;
++	')
++
++	allow $1 site_local_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_site_local_node',`
++	gen_require(`
++		type site_local_node_t;
++	')
++
++	allow $1 site_local_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_site_local_node',`
++	gen_require(`
++		type site_local_node_t;
++	')
++
++	allow $1 site_local_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_site_local_node',`
++	corenet_udp_send_site_local_node($1)
++	corenet_udp_receive_site_local_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_site_local_node',`
++	gen_require(`
++		type site_local_node_t;
++	')
++
++	allow $1 site_local_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_site_local_node',`
++	gen_require(`
++		type site_local_node_t;
++	')
++
++	allow $1 site_local_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_site_local_node',`
++	corenet_raw_send_site_local_node($1)
++	corenet_raw_receive_site_local_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node site_local.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_site_local_node',`
++	gen_require(`
++		type site_local_node_t;
++	')
++
++	allow $1 site_local_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the site_local node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_site_local_node',`
++	gen_require(`
++		type site_local_node_t;
++	')
++
++	allow $1 site_local_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP traffic on the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_unspec_node',`
++	gen_require(`
++		type unspec_node_t;
++	')
++
++	allow $1 unspec_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP traffic on the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_unspec_node',`
++	gen_require(`
++		type unspec_node_t;
++	')
++
++	allow $1 unspec_node_t:node udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP traffic on the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_unspec_node',`
++	gen_require(`
++		type unspec_node_t;
++	')
++
++	allow $1 unspec_node_t:node udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP traffic on the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_unspec_node',`
++	corenet_udp_send_unspec_node($1)
++	corenet_udp_receive_unspec_node($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_unspec_node',`
++	gen_require(`
++		type unspec_node_t;
++	')
++
++	allow $1 unspec_node_t:node rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_receive_unspec_node',`
++	gen_require(`
++		type unspec_node_t;
++	')
++
++	allow $1 unspec_node_t:node rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_unspec_node',`
++	corenet_raw_send_unspec_node($1)
++	corenet_raw_receive_unspec_node($1)
++')
++
++########################################
++## <summary>
++##	Bind TCP sockets to node unspec.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_tcp_bind_unspec_node',`
++	gen_require(`
++		type unspec_node_t;
++	')
++
++	allow $1 unspec_node_t:tcp_socket node_bind;
++')
++
++########################################
++## <summary>
++##	Bind UDP sockets to the unspec node.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="none"/>
++#
++interface(`corenet_udp_bind_unspec_node',`
++	gen_require(`
++		type unspec_node_t;
++	')
++
++	allow $1 unspec_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++## <summary>
++##	Send and receive TCP network traffic on the lo interface.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_tcp_sendrecv_lo_if',`
++	gen_require(`
++		type lo_netif_t;
++	')
++
++	allow $1 lo_netif_t:netif { tcp_send tcp_recv };
++')
++
++########################################
++## <summary>
++##	Send UDP network traffic on the lo interface.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_udp_send_lo_if',`
++	gen_require(`
++		type lo_netif_t;
++	')
++
++	allow $1 lo_netif_t:netif udp_send;
++')
++
++########################################
++## <summary>
++##	Receive UDP network traffic on the lo interface.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_udp_receive_lo_if',`
++	gen_require(`
++		type lo_netif_t;
++	')
++
++	allow $1 lo_netif_t:netif udp_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive UDP network traffic on the lo interface.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_udp_sendrecv_lo_if',`
++	corenet_udp_send_lo_if($1)
++	corenet_udp_receive_lo_if($1)
++')
++
++########################################
++## <summary>
++##	Send raw IP packets on the lo interface.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="write" weight="10"/>
++#
++interface(`corenet_raw_send_lo_if',`
++	gen_require(`
++		type lo_netif_t;
++	')
++
++	allow $1 lo_netif_t:netif rawip_send;
++')
++
++########################################
++## <summary>
++##	Receive raw IP packets on the lo interface.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="read" weight="10"/>
++#
++interface(`corenet_raw_receive_lo_if',`
++	gen_require(`
++		type lo_netif_t;
++	')
++
++	allow $1 lo_netif_t:netif rawip_recv;
++')
++
++########################################
++## <summary>
++##	Send and receive raw IP packets on the lo interface.
++## </summary>
++## <param name="domain">
++##	<summary>
++##	Domain allowed access.
++##	</summary>
++## </param>
++## <infoflow type="both" weight="10"/>
++#
++interface(`corenet_raw_sendrecv_lo_if',`
++	corenet_raw_send_lo_if($1)
++	corenet_raw_receive_lo_if($1)
++')
++
++
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2008-02-26 14:23:11.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in	2009-01-13 19:18:30.000000000 +0100
+@@ -1441,10 +1441,11 @@
+ #
+ interface(`corenet_tcp_bind_all_unreserved_ports',`
+ 	gen_require(`
+-		attribute port_type, reserved_port_type;
++		attribute port_type;
++		type hi_reserved_port_t, reserved_port_t;
+ 	')
+ 
+-	allow $1 { port_type -reserved_port_type }:tcp_socket name_bind;
++	allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:tcp_socket name_bind;
+ ')
+ 
+ ########################################
+@@ -1459,10 +1460,11 @@
+ #
+ interface(`corenet_udp_bind_all_unreserved_ports',`
+ 	gen_require(`
+-		attribute port_type, reserved_port_type;
++		attribute port_type;
++		type hi_reserved_port_t, reserved_port_t;
+ 	')
+ 
+-	allow $1 { port_type -reserved_port_type }:udp_socket name_bind;
++	allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:udp_socket name_bind;
+ ')
+ 
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te	1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te	2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,1754 @@
++#
++# This is a generated file!  Instead of modifying this file, the
++# corenetwork.te.in or corenetwork.te.m4 file should be modified.
++#
++#
++# shiftn(num,list...)
++#
++# shift the list num times
++#
++
++
++#
++# build_option(option_name,true,[false])
++#
++# makes an ifdef.  hacky quoting changes because with
++# regular quoting, the macros in $2 and $3 will not be expanded
++#
++
++
++
++
++#
++# network_interface(if_name,linux_interface,mls_sensitivity)
++#
++
++
++
++
++#
++# network_node(node_name,mls_sensitivity,address,netmask[, mls_sensitivity,address,netmask, [...]])
++#
++
++
++
++
++#
++# network_port(port_name,protocol portnum mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
++#
++
++
++#
++# network_packet(packet_name)
++#
++
++
++policy_module(corenetwork,1.2.16)
++
++########################################
++#
++# Declarations
++#
++
++attribute client_packet_type;
++attribute netif_type;
++attribute node_type;
++attribute packet_type;
++attribute port_type;
++attribute reserved_port_type;
++attribute rpc_port_type;
++attribute server_packet_type;
++
++attribute corenet_unconfined_type;
++
++type ppp_device_t;
++dev_node(ppp_device_t)
++
++#
++# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*
++#
++type tun_tap_device_t;
++dev_node(tun_tap_device_t)
++
++########################################
++#
++# Ports and packets
++#
++
++#
++# client_packet_t is the default type of IPv4 and IPv6 client packets.
++#
++type client_packet_t, packet_type, client_packet_type;
++
++#
++# The netlabel_peer_t is used by the kernel's NetLabel subsystem for network
++# connections using NetLabel which do not carry full SELinux contexts.
++#
++type netlabel_peer_t;
++sid netmsg gen_context(system_u:object_r:netlabel_peer_t,mls_systemhigh)
++
++#
++# port_t is the default type of INET port numbers.
++#
++type port_t, port_type;
++sid port gen_context(system_u:object_r:port_t,s0)
++
++#
++# reserved_port_t is the type of INET port numbers below 1024.
++#
++type reserved_port_t, port_type, reserved_port_type;
++
++#
++# hi_reserved_port_t is the type of INET port numbers between 600-1023.
++#
++type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
++
++#
++# server_packet_t is the default type of IPv4 and IPv6 server packets.
++#
++type server_packet_t, packet_type, server_packet_type;
++
++
++type afs_bos_port_t, port_type;
++type afs_bos_client_packet_t, packet_type, client_packet_type;
++type afs_bos_server_packet_t, packet_type, server_packet_type;
++portcon udp 7007 gen_context(system_u:object_r:afs_bos_port_t,s0)
++
++
++
++type afs_fs_port_t, port_type;
++type afs_fs_client_packet_t, packet_type, client_packet_type;
++type afs_fs_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2040 gen_context(system_u:object_r:afs_fs_port_t,s0)
++portcon udp 7000 gen_context(system_u:object_r:afs_fs_port_t,s0)
++portcon udp 7005 gen_context(system_u:object_r:afs_fs_port_t,s0)
++
++
++
++type afs_ka_port_t, port_type;
++type afs_ka_client_packet_t, packet_type, client_packet_type;
++type afs_ka_server_packet_t, packet_type, server_packet_type;
++portcon udp 7004 gen_context(system_u:object_r:afs_ka_port_t,s0)
++
++
++
++type afs_pt_port_t, port_type;
++type afs_pt_client_packet_t, packet_type, client_packet_type;
++type afs_pt_server_packet_t, packet_type, server_packet_type;
++portcon udp 7002 gen_context(system_u:object_r:afs_pt_port_t,s0)
++
++
++
++type afs_vl_port_t, port_type;
++type afs_vl_client_packet_t, packet_type, client_packet_type;
++type afs_vl_server_packet_t, packet_type, server_packet_type;
++portcon udp 7003 gen_context(system_u:object_r:afs_vl_port_t,s0)
++
++
++
++type amanda_port_t, port_type;
++type amanda_client_packet_t, packet_type, client_packet_type;
++type amanda_server_packet_t, packet_type, server_packet_type;
++portcon udp 10080 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10080 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon udp 10081 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10081 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10082 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10083 gen_context(system_u:object_r:amanda_port_t,s0)
++
++
++
++type amavisd_recv_port_t, port_type;
++type amavisd_recv_client_packet_t, packet_type, client_packet_type;
++type amavisd_recv_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10024 gen_context(system_u:object_r:amavisd_recv_port_t,s0)
++
++
++
++type amavisd_send_port_t, port_type;
++type amavisd_send_client_packet_t, packet_type, client_packet_type;
++type amavisd_send_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10025 gen_context(system_u:object_r:amavisd_send_port_t,s0)
++
++
++
++type aol_port_t, port_type;
++type aol_client_packet_t, packet_type, client_packet_type;
++type aol_server_packet_t, packet_type, server_packet_type;
++portcon udp 5190 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5190 gen_context(system_u:object_r:aol_port_t,s0)
++portcon udp 5191 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5191 gen_context(system_u:object_r:aol_port_t,s0)
++portcon udp 5192 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5192 gen_context(system_u:object_r:aol_port_t,s0)
++portcon udp 5193 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5193 gen_context(system_u:object_r:aol_port_t,s0)
++
++ 
++
++type apcupsd_port_t, port_type;
++type apcupsd_client_packet_t, packet_type, client_packet_type;
++type apcupsd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3551 gen_context(system_u:object_r:apcupsd_port_t,s0)
++portcon udp 3551 gen_context(system_u:object_r:apcupsd_port_t,s0)
++
++
++
++type asterisk_port_t, port_type;
++type asterisk_client_packet_t, packet_type, client_packet_type;
++type asterisk_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1720 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 2427 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 2727 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 4569 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 5060 gen_context(system_u:object_r:asterisk_port_t,s0)
++
++
++
++type audit_port_t, port_type;
++type audit_client_packet_t, packet_type, client_packet_type;
++type audit_server_packet_t, packet_type, server_packet_type;
++
++typeattribute audit_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 60 gen_context(system_u:object_r:audit_port_t,s0)
++
++
++
++type auth_port_t, port_type;
++type auth_client_packet_t, packet_type, client_packet_type;
++type auth_server_packet_t, packet_type, server_packet_type;
++
++typeattribute auth_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 113 gen_context(system_u:object_r:auth_port_t,s0)
++
++
++
++type bgp_port_t, port_type;
++type bgp_client_packet_t, packet_type, client_packet_type;
++type bgp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute bgp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 179 gen_context(system_u:object_r:bgp_port_t,s0)
++
++typeattribute bgp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 179 gen_context(system_u:object_r:bgp_port_t,s0)
++portcon tcp 2605 gen_context(system_u:object_r:bgp_port_t,s0)
++portcon udp 2605 gen_context(system_u:object_r:bgp_port_t,s0)
++
++
++type biff_port_t, port_type, reserved_port_type; 
++type clamd_port_t, port_type;
++type clamd_client_packet_t, packet_type, client_packet_type;
++type clamd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3310 gen_context(system_u:object_r:clamd_port_t,s0)
++
++
++
++type clockspeed_port_t, port_type;
++type clockspeed_client_packet_t, packet_type, client_packet_type;
++type clockspeed_server_packet_t, packet_type, server_packet_type;
++portcon udp 4041 gen_context(system_u:object_r:clockspeed_port_t,s0)
++
++
++
++type cluster_port_t, port_type;
++type cluster_client_packet_t, packet_type, client_packet_type;
++type cluster_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5149 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 5149 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 40040 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 50006 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 50006 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 50007 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 50007 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 50008 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 50008 gen_context(system_u:object_r:cluster_port_t,s0)
++
++
++
++type comsat_port_t, port_type;
++type comsat_client_packet_t, packet_type, client_packet_type;
++type comsat_server_packet_t, packet_type, server_packet_type;
++
++typeattribute comsat_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 512 gen_context(system_u:object_r:comsat_port_t,s0)
++
++
++
++type cyphesis_port_t, port_type;
++type cyphesis_client_packet_t, packet_type, client_packet_type;
++type cyphesis_server_packet_t, packet_type, server_packet_type;
++portcon udp 32771 gen_context(system_u:object_r:cyphesis_port_t,s0)
++portcon tcp 6767 gen_context(system_u:object_r:cyphesis_port_t,s0)
++portcon tcp 6769 gen_context(system_u:object_r:cyphesis_port_t,s0)
++
++
++portcon tcp 6780-6799 gen_context(system_u:object_r:cyphesis_port_t, s0)
++
++type cvs_port_t, port_type;
++type cvs_client_packet_t, packet_type, client_packet_type;
++type cvs_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2401 gen_context(system_u:object_r:cvs_port_t,s0)
++portcon udp 2401 gen_context(system_u:object_r:cvs_port_t,s0)
++
++
++
++type dcc_port_t, port_type;
++type dcc_client_packet_t, packet_type, client_packet_type;
++type dcc_server_packet_t, packet_type, server_packet_type;
++portcon udp 6276 gen_context(system_u:object_r:dcc_port_t,s0)
++portcon udp 6277 gen_context(system_u:object_r:dcc_port_t,s0)
++
++
++
++type dbskkd_port_t, port_type;
++type dbskkd_client_packet_t, packet_type, client_packet_type;
++type dbskkd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1178 gen_context(system_u:object_r:dbskkd_port_t,s0)
++
++
++
++type dhcpc_port_t, port_type;
++type dhcpc_client_packet_t, packet_type, client_packet_type;
++type dhcpc_server_packet_t, packet_type, server_packet_type;
++
++typeattribute dhcpc_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 68 gen_context(system_u:object_r:dhcpc_port_t,s0)
++
++
++
++type dhcpd_port_t, port_type;
++type dhcpd_client_packet_t, packet_type, client_packet_type;
++type dhcpd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 67 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon tcp 647 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon udp 647 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon tcp 847 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon udp 847 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++
++
++type dict_port_t, port_type;
++type dict_client_packet_t, packet_type, client_packet_type;
++type dict_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2628 gen_context(system_u:object_r:dict_port_t,s0)
++
++
++
++type distccd_port_t, port_type;
++type distccd_client_packet_t, packet_type, client_packet_type;
++type distccd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3632 gen_context(system_u:object_r:distccd_port_t,s0)
++
++
++
++type dns_port_t, port_type;
++type dns_client_packet_t, packet_type, client_packet_type;
++type dns_server_packet_t, packet_type, server_packet_type;
++
++typeattribute dns_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 53 gen_context(system_u:object_r:dns_port_t,s0)
++
++typeattribute dns_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 53 gen_context(system_u:object_r:dns_port_t,s0)
++
++
++
++type fingerd_port_t, port_type;
++type fingerd_client_packet_t, packet_type, client_packet_type;
++type fingerd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute fingerd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 79 gen_context(system_u:object_r:fingerd_port_t,s0)
++
++
++
++type flash_port_t, port_type;
++type flash_client_packet_t, packet_type, client_packet_type;
++type flash_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1935 gen_context(system_u:object_r:flash_port_t,s0)
++portcon udp 1935 gen_context(system_u:object_r:flash_port_t,s0)
++
++
++
++type ftp_data_port_t, port_type;
++type ftp_data_client_packet_t, packet_type, client_packet_type;
++type ftp_data_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ftp_data_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 20 gen_context(system_u:object_r:ftp_data_port_t,s0)
++
++
++
++type ftp_port_t, port_type;
++type ftp_client_packet_t, packet_type, client_packet_type;
++type ftp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ftp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 21 gen_context(system_u:object_r:ftp_port_t,s0)
++
++
++
++type gatekeeper_port_t, port_type;
++type gatekeeper_client_packet_t, packet_type, client_packet_type;
++type gatekeeper_server_packet_t, packet_type, server_packet_type;
++portcon udp 1718 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++portcon udp 1719 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++portcon tcp 1721 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++portcon tcp 7000 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++
++
++
++type giftd_port_t, port_type;
++type giftd_client_packet_t, packet_type, client_packet_type;
++type giftd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1213 gen_context(system_u:object_r:giftd_port_t,s0)
++
++
++
++type gopher_port_t, port_type;
++type gopher_client_packet_t, packet_type, client_packet_type;
++type gopher_server_packet_t, packet_type, server_packet_type;
++
++typeattribute gopher_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 70 gen_context(system_u:object_r:gopher_port_t,s0)
++
++typeattribute gopher_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 70 gen_context(system_u:object_r:gopher_port_t,s0)
++
++
++
++type http_cache_port_t, port_type;
++type http_cache_client_packet_t, packet_type, client_packet_type;
++type http_cache_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3128 gen_context(system_u:object_r:http_cache_port_t,s0)
++portcon udp 3130 gen_context(system_u:object_r:http_cache_port_t,s0)
++portcon tcp 8080 gen_context(system_u:object_r:http_cache_port_t,s0)
++portcon tcp 8118 gen_context(system_u:object_r:http_cache_port_t,s0)
++
++ # 8118 is for privoxy
++
++type http_port_t, port_type;
++type http_client_packet_t, packet_type, client_packet_type;
++type http_server_packet_t, packet_type, server_packet_type;
++
++typeattribute http_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 80 gen_context(system_u:object_r:http_port_t,s0)
++
++typeattribute http_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 443 gen_context(system_u:object_r:http_port_t,s0)
++
++typeattribute http_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 488 gen_context(system_u:object_r:http_port_t,s0)
++portcon tcp 8008 gen_context(system_u:object_r:http_port_t,s0)
++portcon tcp 8009 gen_context(system_u:object_r:http_port_t,s0)
++portcon tcp 8443 gen_context(system_u:object_r:http_port_t,s0)
++
++ #8443 is mod_nss default port
++
++type howl_port_t, port_type;
++type howl_client_packet_t, packet_type, client_packet_type;
++type howl_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5335 gen_context(system_u:object_r:howl_port_t,s0)
++portcon udp 5353 gen_context(system_u:object_r:howl_port_t,s0)
++
++
++
++type hplip_port_t, port_type;
++type hplip_client_packet_t, packet_type, client_packet_type;
++type hplip_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1782 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 2207 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 2208 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 8290 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 50000 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 50002 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 8292 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9100 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9101 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9102 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9220 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9221 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9222 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9280 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9281 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9282 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9290 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9291 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9292 gen_context(system_u:object_r:hplip_port_t,s0)
++
++
++
++type i18n_input_port_t, port_type;
++type i18n_input_client_packet_t, packet_type, client_packet_type;
++type i18n_input_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9010 gen_context(system_u:object_r:i18n_input_port_t,s0)
++
++
++
++type imaze_port_t, port_type;
++type imaze_client_packet_t, packet_type, client_packet_type;
++type imaze_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5323 gen_context(system_u:object_r:imaze_port_t,s0)
++portcon udp 5323 gen_context(system_u:object_r:imaze_port_t,s0)
++
++
++
++type inetd_child_port_t, port_type;
++type inetd_child_client_packet_t, packet_type, client_packet_type;
++type inetd_child_server_packet_t, packet_type, server_packet_type;
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 1 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 1 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 7 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 7 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 9 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 9 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 13 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 13 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 19 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 19 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 37 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 37 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 512 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 543 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 544 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon tcp 891 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon udp 891 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon tcp 892 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon udp 892 gen_context(system_u:object_r:inetd_child_port_t,s0)
++portcon tcp 2105 gen_context(system_u:object_r:inetd_child_port_t,s0)
++portcon tcp 5666 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++
++
++type innd_port_t, port_type;
++type innd_client_packet_t, packet_type, client_packet_type;
++type innd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute innd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 119 gen_context(system_u:object_r:innd_port_t,s0)
++
++
++
++type ipp_port_t, port_type;
++type ipp_client_packet_t, packet_type, client_packet_type;
++type ipp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ipp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ipp_port_t rpc_port_type;
++
++portcon tcp 631 gen_context(system_u:object_r:ipp_port_t,s0)
++
++typeattribute ipp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ipp_port_t rpc_port_type;
++
++portcon udp 631 gen_context(system_u:object_r:ipp_port_t,s0)
++
++
++
++type ipsecnat_port_t, port_type;
++type ipsecnat_client_packet_t, packet_type, client_packet_type;
++type ipsecnat_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4500 gen_context(system_u:object_r:ipsecnat_port_t,s0)
++portcon udp 4500 gen_context(system_u:object_r:ipsecnat_port_t,s0)
++
++
++
++type ircd_port_t, port_type;
++type ircd_client_packet_t, packet_type, client_packet_type;
++type ircd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 6667 gen_context(system_u:object_r:ircd_port_t,s0)
++
++
++
++type isakmp_port_t, port_type;
++type isakmp_client_packet_t, packet_type, client_packet_type;
++type isakmp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute isakmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 500 gen_context(system_u:object_r:isakmp_port_t,s0)
++
++
++
++type iscsi_port_t, port_type;
++type iscsi_client_packet_t, packet_type, client_packet_type;
++type iscsi_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3260 gen_context(system_u:object_r:iscsi_port_t,s0)
++
++
++
++type isns_port_t, port_type;
++type isns_client_packet_t, packet_type, client_packet_type;
++type isns_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3205 gen_context(system_u:object_r:isns_port_t,s0)
++portcon udp 3205 gen_context(system_u:object_r:isns_port_t,s0)
++
++
++
++type jabber_client_port_t, port_type;
++type jabber_client_client_packet_t, packet_type, client_packet_type;
++type jabber_client_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5222 gen_context(system_u:object_r:jabber_client_port_t,s0)
++portcon tcp 5223 gen_context(system_u:object_r:jabber_client_port_t,s0)
++
++
++
++type jabber_interserver_port_t, port_type;
++type jabber_interserver_client_packet_t, packet_type, client_packet_type;
++type jabber_interserver_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5269 gen_context(system_u:object_r:jabber_interserver_port_t,s0)
++
++
++
++type kerberos_admin_port_t, port_type;
++type kerberos_admin_client_packet_t, packet_type, client_packet_type;
++type kerberos_admin_server_packet_t, packet_type, server_packet_type;
++
++typeattribute kerberos_admin_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 464 gen_context(system_u:object_r:kerberos_admin_port_t,s0)
++
++typeattribute kerberos_admin_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 464 gen_context(system_u:object_r:kerberos_admin_port_t,s0)
++
++typeattribute kerberos_admin_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kerberos_admin_port_t rpc_port_type;
++
++portcon tcp 749 gen_context(system_u:object_r:kerberos_admin_port_t,s0)
++
++
++
++type kerberos_master_port_t, port_type;
++type kerberos_master_client_packet_t, packet_type, client_packet_type;
++type kerberos_master_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4444 gen_context(system_u:object_r:kerberos_master_port_t,s0)
++portcon udp 4444 gen_context(system_u:object_r:kerberos_master_port_t,s0)
++
++
++
++type kerberos_port_t, port_type;
++type kerberos_client_packet_t, packet_type, client_packet_type;
++type kerberos_server_packet_t, packet_type, server_packet_type;
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 88 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 88 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kerberos_port_t rpc_port_type;
++
++portcon tcp 750 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kerberos_port_t rpc_port_type;
++
++portcon udp 750 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++
++
++type kismet_port_t, port_type;
++type kismet_client_packet_t, packet_type, client_packet_type;
++type kismet_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2501 gen_context(system_u:object_r:kismet_port_t,s0)
++
++
++
++type kprop_port_t, port_type;
++type kprop_client_packet_t, packet_type, client_packet_type;
++type kprop_server_packet_t, packet_type, server_packet_type;
++
++typeattribute kprop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kprop_port_t rpc_port_type;
++
++portcon tcp 754 gen_context(system_u:object_r:kprop_port_t,s0)
++
++
++
++type ktalkd_port_t, port_type;
++type ktalkd_client_packet_t, packet_type, client_packet_type;
++type ktalkd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ktalkd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 517 gen_context(system_u:object_r:ktalkd_port_t,s0)
++
++typeattribute ktalkd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 518 gen_context(system_u:object_r:ktalkd_port_t,s0)
++
++
++
++type ldap_port_t, port_type;
++type ldap_client_packet_t, packet_type, client_packet_type;
++type ldap_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 389 gen_context(system_u:object_r:ldap_port_t,s0)
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 389 gen_context(system_u:object_r:ldap_port_t,s0)
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ldap_port_t rpc_port_type;
++
++portcon tcp 636 gen_context(system_u:object_r:ldap_port_t,s0)
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ldap_port_t rpc_port_type;
++
++portcon udp 636 gen_context(system_u:object_r:ldap_port_t,s0)
++portcon tcp 3268 gen_context(system_u:object_r:ldap_port_t,s0)
++
++
++type lrrd_port_t, port_type; 
++type lmtp_port_t, port_type;
++type lmtp_client_packet_t, packet_type, client_packet_type;
++type lmtp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute lmtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 24 gen_context(system_u:object_r:lmtp_port_t,s0)
++
++typeattribute lmtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 24 gen_context(system_u:object_r:lmtp_port_t,s0)
++
++
++
++type mail_port_t, port_type;
++type mail_client_packet_t, packet_type, client_packet_type;
++type mail_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2000 gen_context(system_u:object_r:mail_port_t,s0)
++
++
++
++type mmcc_port_t, port_type;
++type mmcc_client_packet_t, packet_type, client_packet_type;
++type mmcc_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5050 gen_context(system_u:object_r:mmcc_port_t,s0)
++portcon udp 5050 gen_context(system_u:object_r:mmcc_port_t,s0)
++
++
++
++type monopd_port_t, port_type;
++type monopd_client_packet_t, packet_type, client_packet_type;
++type monopd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1234 gen_context(system_u:object_r:monopd_port_t,s0)
++
++
++
++type msnp_port_t, port_type;
++type msnp_client_packet_t, packet_type, client_packet_type;
++type msnp_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1863 gen_context(system_u:object_r:msnp_port_t,s0)
++portcon udp 1863 gen_context(system_u:object_r:msnp_port_t,s0)
++
++
++
++type munin_port_t, port_type;
++type munin_client_packet_t, packet_type, client_packet_type;
++type munin_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4949 gen_context(system_u:object_r:munin_port_t,s0)
++portcon udp 4949 gen_context(system_u:object_r:munin_port_t,s0)
++
++
++
++type mythtv_port_t, port_type;
++type mythtv_client_packet_t, packet_type, client_packet_type;
++type mythtv_server_packet_t, packet_type, server_packet_type;
++portcon tcp 6543 gen_context(system_u:object_r:mythtv_port_t,s0)
++portcon udp 6543 gen_context(system_u:object_r:mythtv_port_t,s0)
++
++
++
++type mysqld_port_t, port_type;
++type mysqld_client_packet_t, packet_type, client_packet_type;
++type mysqld_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1186 gen_context(system_u:object_r:mysqld_port_t,s0)
++portcon tcp 3306 gen_context(system_u:object_r:mysqld_port_t,s0)
++
++
++portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
++
++type nessus_port_t, port_type;
++type nessus_client_packet_t, packet_type, client_packet_type;
++type nessus_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1241 gen_context(system_u:object_r:nessus_port_t,s0)
++
++
++
++type netsupport_port_t, port_type;
++type netsupport_client_packet_t, packet_type, client_packet_type;
++type netsupport_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5405 gen_context(system_u:object_r:netsupport_port_t,s0)
++portcon udp 5405 gen_context(system_u:object_r:netsupport_port_t,s0)
++
++
++
++type nmbd_port_t, port_type;
++type nmbd_client_packet_t, packet_type, client_packet_type;
++type nmbd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute nmbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 137 gen_context(system_u:object_r:nmbd_port_t,s0)
++
++typeattribute nmbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 138 gen_context(system_u:object_r:nmbd_port_t,s0)
++
++
++
++type ntp_port_t, port_type;
++type ntp_client_packet_t, packet_type, client_packet_type;
++type ntp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ntp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 123 gen_context(system_u:object_r:ntp_port_t,s0)
++
++
++
++type ocsp_port_t, port_type;
++type ocsp_client_packet_t, packet_type, client_packet_type;
++type ocsp_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9080 gen_context(system_u:object_r:ocsp_port_t,s0)
++
++
++
++type openvpn_port_t, port_type;
++type openvpn_client_packet_t, packet_type, client_packet_type;
++type openvpn_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1194 gen_context(system_u:object_r:openvpn_port_t,s0)
++portcon udp 1194 gen_context(system_u:object_r:openvpn_port_t,s0)
++
++
++
++type pegasus_http_port_t, port_type;
++type pegasus_http_client_packet_t, packet_type, client_packet_type;
++type pegasus_http_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5988 gen_context(system_u:object_r:pegasus_http_port_t,s0)
++
++
++
++type pegasus_https_port_t, port_type;
++type pegasus_https_client_packet_t, packet_type, client_packet_type;
++type pegasus_https_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5989 gen_context(system_u:object_r:pegasus_https_port_t,s0)
++
++
++
++type pki_ca_port_t, port_type;
++type pki_ca_client_packet_t, packet_type, client_packet_type;
++type pki_ca_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9180 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9701 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9443 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9444 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9445 gen_context(system_u:object_r:pki_ca_port_t,s0)
++
++
++
++type pki_kra_port_t, port_type;
++type pki_kra_client_packet_t, packet_type, client_packet_type;
++type pki_kra_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10180 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10701 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10443 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10444 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10445 gen_context(system_u:object_r:pki_kra_port_t,s0)
++
++
++
++type pki_ocsp_port_t, port_type;
++type pki_ocsp_client_packet_t, packet_type, client_packet_type;
++type pki_ocsp_server_packet_t, packet_type, server_packet_type;
++portcon tcp 11180 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11701 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11443 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11444 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11445 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++
++
++
++type pki_tks_port_t, port_type;
++type pki_tks_client_packet_t, packet_type, client_packet_type;
++type pki_tks_server_packet_t, packet_type, server_packet_type;
++portcon tcp 13180 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13701 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13443 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13444 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13445 gen_context(system_u:object_r:pki_tks_port_t,s0)
++
++
++
++type pki_ra_port_t, port_type;
++type pki_ra_client_packet_t, packet_type, client_packet_type;
++type pki_ra_server_packet_t, packet_type, server_packet_type;
++portcon tcp 12888 gen_context(system_u:object_r:pki_ra_port_t,s0)
++portcon tcp 12889 gen_context(system_u:object_r:pki_ra_port_t,s0)
++
++
++
++type pki_tps_port_t, port_type;
++type pki_tps_client_packet_t, packet_type, client_packet_type;
++type pki_tps_server_packet_t, packet_type, server_packet_type;
++portcon tcp 7888 gen_context(system_u:object_r:pki_tps_port_t,s0)
++portcon tcp 7889 gen_context(system_u:object_r:pki_tps_port_t,s0)
++
++
++
++type postfix_policyd_port_t, port_type;
++type postfix_policyd_client_packet_t, packet_type, client_packet_type;
++type postfix_policyd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10031 gen_context(system_u:object_r:postfix_policyd_port_t,s0)
++
++
++
++type pulseaudio_port_t, port_type;
++type pulseaudio_client_packet_t, packet_type, client_packet_type;
++type pulseaudio_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4713 gen_context(system_u:object_r:pulseaudio_port_t,s0)
++
++
++
++type pgpkeyserver_port_t, port_type;
++type pgpkeyserver_client_packet_t, packet_type, client_packet_type;
++type pgpkeyserver_server_packet_t, packet_type, server_packet_type;
++portcon udp 11371 gen_context(system_u:object_r:pgpkeyserver_port_t,s0)
++portcon tcp 11371 gen_context(system_u:object_r:pgpkeyserver_port_t,s0)
++
++
++
++type pop_port_t, port_type;
++type pop_client_packet_t, packet_type, client_packet_type;
++type pop_server_packet_t, packet_type, server_packet_type;
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 106 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 109 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 110 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 143 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 220 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute pop_port_t rpc_port_type;
++
++portcon tcp 993 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute pop_port_t rpc_port_type;
++
++portcon tcp 995 gen_context(system_u:object_r:pop_port_t,s0)
++portcon tcp 1109 gen_context(system_u:object_r:pop_port_t,s0)
++
++
++
++type portmap_port_t, port_type;
++type portmap_client_packet_t, packet_type, client_packet_type;
++type portmap_server_packet_t, packet_type, server_packet_type;
++
++typeattribute portmap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 111 gen_context(system_u:object_r:portmap_port_t,s0)
++
++typeattribute portmap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 111 gen_context(system_u:object_r:portmap_port_t,s0)
++
++
++
++type postgresql_port_t, port_type;
++type postgresql_client_packet_t, packet_type, client_packet_type;
++type postgresql_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5432 gen_context(system_u:object_r:postgresql_port_t,s0)
++
++
++
++type postgrey_port_t, port_type;
++type postgrey_client_packet_t, packet_type, client_packet_type;
++type postgrey_server_packet_t, packet_type, server_packet_type;
++portcon tcp 60000 gen_context(system_u:object_r:postgrey_port_t,s0)
++
++
++
++type prelude_port_t, port_type;
++type prelude_client_packet_t, packet_type, client_packet_type;
++type prelude_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4690 gen_context(system_u:object_r:prelude_port_t,s0)
++portcon udp 4690 gen_context(system_u:object_r:prelude_port_t,s0)
++
++
++
++type printer_port_t, port_type;
++type printer_client_packet_t, packet_type, client_packet_type;
++type printer_server_packet_t, packet_type, server_packet_type;
++
++typeattribute printer_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 515 gen_context(system_u:object_r:printer_port_t,s0)
++
++
++
++type ptal_port_t, port_type;
++type ptal_client_packet_t, packet_type, client_packet_type;
++type ptal_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5703 gen_context(system_u:object_r:ptal_port_t,s0)
++
++
++
++type pxe_port_t, port_type;
++type pxe_client_packet_t, packet_type, client_packet_type;
++type pxe_server_packet_t, packet_type, server_packet_type;
++portcon udp 4011 gen_context(system_u:object_r:pxe_port_t,s0)
++
++
++
++type pyzor_port_t, port_type;
++type pyzor_client_packet_t, packet_type, client_packet_type;
++type pyzor_server_packet_t, packet_type, server_packet_type;
++portcon udp 24441 gen_context(system_u:object_r:pyzor_port_t,s0)
++
++
++
++type radacct_port_t, port_type;
++type radacct_client_packet_t, packet_type, client_packet_type;
++type radacct_server_packet_t, packet_type, server_packet_type;
++portcon udp 1646 gen_context(system_u:object_r:radacct_port_t,s0)
++portcon udp 1813 gen_context(system_u:object_r:radacct_port_t,s0)
++
++
++
++type radius_port_t, port_type;
++type radius_client_packet_t, packet_type, client_packet_type;
++type radius_server_packet_t, packet_type, server_packet_type;
++portcon udp 1645 gen_context(system_u:object_r:radius_port_t,s0)
++portcon udp 1812 gen_context(system_u:object_r:radius_port_t,s0)
++
++
++
++type razor_port_t, port_type;
++type razor_client_packet_t, packet_type, client_packet_type;
++type razor_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2703 gen_context(system_u:object_r:razor_port_t,s0)
++
++
++
++type ricci_port_t, port_type;
++type ricci_client_packet_t, packet_type, client_packet_type;
++type ricci_server_packet_t, packet_type, server_packet_type;
++portcon tcp 11111 gen_context(system_u:object_r:ricci_port_t,s0)
++portcon udp 11111 gen_context(system_u:object_r:ricci_port_t,s0)
++
++
++
++type ricci_modcluster_port_t, port_type;
++type ricci_modcluster_client_packet_t, packet_type, client_packet_type;
++type ricci_modcluster_server_packet_t, packet_type, server_packet_type;
++portcon tcp 16851 gen_context(system_u:object_r:ricci_modcluster_port_t,s0)
++portcon udp 16851 gen_context(system_u:object_r:ricci_modcluster_port_t,s0)
++
++
++
++type rlogind_port_t, port_type;
++type rlogind_client_packet_t, packet_type, client_packet_type;
++type rlogind_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rlogind_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 513 gen_context(system_u:object_r:rlogind_port_t,s0)
++
++
++
++type rndc_port_t, port_type;
++type rndc_client_packet_t, packet_type, client_packet_type;
++type rndc_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rndc_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute rndc_port_t rpc_port_type;
++
++portcon tcp 953 gen_context(system_u:object_r:rndc_port_t,s0)
++
++
++
++type router_port_t, port_type;
++type router_client_packet_t, packet_type, client_packet_type;
++type router_server_packet_t, packet_type, server_packet_type;
++
++typeattribute router_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 520 gen_context(system_u:object_r:router_port_t,s0)
++
++typeattribute router_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 521 gen_context(system_u:object_r:router_port_t,s0)
++
++typeattribute router_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 521 gen_context(system_u:object_r:router_port_t,s0)
++
++
++
++type rsh_port_t, port_type;
++type rsh_client_packet_t, packet_type, client_packet_type;
++type rsh_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rsh_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 514 gen_context(system_u:object_r:rsh_port_t,s0)
++
++
++
++type rsync_port_t, port_type;
++type rsync_client_packet_t, packet_type, client_packet_type;
++type rsync_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rsync_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute rsync_port_t rpc_port_type;
++
++portcon tcp 873 gen_context(system_u:object_r:rsync_port_t,s0)
++
++typeattribute rsync_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute rsync_port_t rpc_port_type;
++
++portcon udp 873 gen_context(system_u:object_r:rsync_port_t,s0)
++
++
++
++type rwho_port_t, port_type;
++type rwho_client_packet_t, packet_type, client_packet_type;
++type rwho_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rwho_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 513 gen_context(system_u:object_r:rwho_port_t,s0)
++
++
++
++type smbd_port_t, port_type;
++type smbd_client_packet_t, packet_type, client_packet_type;
++type smbd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute smbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 137-139 gen_context(system_u:object_r:smbd_port_t,s0)
++
++typeattribute smbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 445 gen_context(system_u:object_r:smbd_port_t,s0)
++
++
++
++type smtp_port_t, port_type;
++type smtp_client_packet_t, packet_type, client_packet_type;
++type smtp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute smtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 25 gen_context(system_u:object_r:smtp_port_t,s0)
++
++typeattribute smtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 465 gen_context(system_u:object_r:smtp_port_t,s0)
++
++typeattribute smtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 587 gen_context(system_u:object_r:smtp_port_t,s0)
++
++
++
++type snmp_port_t, port_type;
++type snmp_client_packet_t, packet_type, client_packet_type;
++type snmp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute snmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 161 gen_context(system_u:object_r:snmp_port_t,s0)
++
++typeattribute snmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 162 gen_context(system_u:object_r:snmp_port_t,s0)
++
++typeattribute snmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 199 gen_context(system_u:object_r:snmp_port_t,s0)
++
++
++
++type spamd_port_t, port_type;
++type spamd_client_packet_t, packet_type, client_packet_type;
++type spamd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute spamd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute spamd_port_t rpc_port_type;
++
++portcon tcp 783 gen_context(system_u:object_r:spamd_port_t,s0)
++
++
++
++type ssh_port_t, port_type;
++type ssh_client_packet_t, packet_type, client_packet_type;
++type ssh_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ssh_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 22 gen_context(system_u:object_r:ssh_port_t,s0)
++
++
++
++type soundd_port_t, port_type;
++type soundd_client_packet_t, packet_type, client_packet_type;
++type soundd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8000 gen_context(system_u:object_r:soundd_port_t,s0)
++portcon tcp 9433 gen_context(system_u:object_r:soundd_port_t,s0)
++portcon tcp 16001 gen_context(system_u:object_r:soundd_port_t,s0)
++
++
++type socks_port_t, port_type; type stunnel_port_t, port_type; 
++type squid_port_t, port_type;
++type squid_client_packet_t, packet_type, client_packet_type;
++type squid_server_packet_t, packet_type, server_packet_type;
++portcon udp 3401 gen_context(system_u:object_r:squid_port_t,s0)
++portcon tcp 3401 gen_context(system_u:object_r:squid_port_t,s0)
++portcon udp 4827 gen_context(system_u:object_r:squid_port_t,s0)
++portcon tcp 4827 gen_context(system_u:object_r:squid_port_t,s0)
++
++ # snmp and htcp
++
++type swat_port_t, port_type;
++type swat_client_packet_t, packet_type, client_packet_type;
++type swat_server_packet_t, packet_type, server_packet_type;
++
++typeattribute swat_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute swat_port_t rpc_port_type;
++
++portcon tcp 901 gen_context(system_u:object_r:swat_port_t,s0)
++
++
++
++type syslogd_port_t, port_type;
++type syslogd_client_packet_t, packet_type, client_packet_type;
++type syslogd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute syslogd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 514 gen_context(system_u:object_r:syslogd_port_t,s0)
++
++
++
++type telnetd_port_t, port_type;
++type telnetd_client_packet_t, packet_type, client_packet_type;
++type telnetd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute telnetd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 23 gen_context(system_u:object_r:telnetd_port_t,s0)
++
++
++
++type tftp_port_t, port_type;
++type tftp_client_packet_t, packet_type, client_packet_type;
++type tftp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute tftp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 69 gen_context(system_u:object_r:tftp_port_t,s0)
++
++
++
++type tomcat_port_t, port_type;
++type tomcat_client_packet_t, packet_type, client_packet_type;
++type tomcat_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1701 gen_context(system_u:object_r:tomcat_port_t,s0)
++
++
++
++type tor_port_t, port_type;
++type tor_client_packet_t, packet_type, client_packet_type;
++type tor_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9001 gen_context(system_u:object_r:tor_port_t,s0)
++portcon tcp 9030 gen_context(system_u:object_r:tor_port_t,s0)
++portcon tcp 9050 gen_context(system_u:object_r:tor_port_t,s0)
++portcon tcp 9051 gen_context(system_u:object_r:tor_port_t,s0)
++
++
++
++type traceroute_port_t, port_type;
++type traceroute_client_packet_t, packet_type, client_packet_type;
++type traceroute_server_packet_t, packet_type, server_packet_type;
++portcon udp 64000 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64001 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64002 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64003 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64004 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64005 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64006 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64007 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64008 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64009 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64010 gen_context(system_u:object_r:traceroute_port_t,s0)
++
++
++
++type transproxy_port_t, port_type;
++type transproxy_client_packet_t, packet_type, client_packet_type;
++type transproxy_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8081 gen_context(system_u:object_r:transproxy_port_t,s0)
++
++
++type utcpserver_port_t, port_type; 
++type uucpd_port_t, port_type;
++type uucpd_client_packet_t, packet_type, client_packet_type;
++type uucpd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute uucpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 540 gen_context(system_u:object_r:uucpd_port_t,s0)
++
++
++
++type virt_port_t, port_type;
++type virt_client_packet_t, packet_type, client_packet_type;
++type virt_server_packet_t, packet_type, server_packet_type;
++portcon tcp 16509 gen_context(system_u:object_r:virt_port_t,s0)
++portcon udp 16509 gen_context(system_u:object_r:virt_port_t,s0)
++portcon tcp 16514 gen_context(system_u:object_r:virt_port_t,s0)
++portcon udp 16514 gen_context(system_u:object_r:virt_port_t,s0)
++
++
++
++
++type vnc_port_t, port_type;
++type vnc_client_packet_t, packet_type, client_packet_type;
++type vnc_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5900 gen_context(system_u:object_r:vnc_port_t,s0)
++
++
++# Reserve 100 ports for vnc/virt machines
++portcon tcp 5901-5999 gen_context(system_u:object_r:vnc_port_t, s0)
++
++type whois_port_t, port_type;
++type whois_client_packet_t, packet_type, client_packet_type;
++type whois_server_packet_t, packet_type, server_packet_type;
++
++typeattribute whois_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 43 gen_context(system_u:object_r:whois_port_t,s0)
++
++typeattribute whois_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 43 gen_context(system_u:object_r:whois_port_t,s0)
++portcon tcp 4321 gen_context(system_u:object_r:whois_port_t,s0 )
++portcon udp 4321 gen_context(system_u:object_r:whois_port_t,s0)
++
++
++
++type wccp_port_t, port_type;
++type wccp_client_packet_t, packet_type, client_packet_type;
++type wccp_server_packet_t, packet_type, server_packet_type;
++portcon udp 2048 gen_context(system_u:object_r:wccp_port_t,s0)
++
++
++
++type xdmcp_port_t, port_type;
++type xdmcp_client_packet_t, packet_type, client_packet_type;
++type xdmcp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute xdmcp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 177 gen_context(system_u:object_r:xdmcp_port_t,s0)
++
++typeattribute xdmcp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 177 gen_context(system_u:object_r:xdmcp_port_t,s0)
++
++
++
++type xen_port_t, port_type;
++type xen_client_packet_t, packet_type, client_packet_type;
++type xen_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8002 gen_context(system_u:object_r:xen_port_t,s0)
++
++
++
++type xfs_port_t, port_type;
++type xfs_client_packet_t, packet_type, client_packet_type;
++type xfs_server_packet_t, packet_type, server_packet_type;
++portcon tcp 7100 gen_context(system_u:object_r:xfs_port_t,s0)
++
++
++
++type xserver_port_t, port_type;
++type xserver_client_packet_t, packet_type, client_packet_type;
++type xserver_server_packet_t, packet_type, server_packet_type;
++portcon tcp 6000 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6001 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6002 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6003 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6004 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6005 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6006 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6007 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6008 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6009 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6010 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6011 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6012 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6013 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6014 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6015 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6016 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6017 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6018 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6019 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6020 gen_context(system_u:object_r:xserver_port_t,s0)
++
++
++
++type zebra_port_t, port_type;
++type zebra_client_packet_t, packet_type, client_packet_type;
++type zebra_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2600 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2601 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2602 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2603 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2604 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2606 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2600 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2601 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2602 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2603 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2604 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2606 gen_context(system_u:object_r:zebra_port_t,s0)
++
++
++
++type zope_port_t, port_type;
++type zope_client_packet_t, packet_type, client_packet_type;
++type zope_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8021 gen_context(system_u:object_r:zope_port_t,s0)
 +
- miscfiles_read_localization(usernetctl_t)
- 
- seutil_read_config(usernetctl_t)
- 
- sysnet_read_config(usernetctl_t)
- 
-+term_search_ptys(usernetctl_t)
 +
- optional_policy(`
- 	hostname_exec(usernetctl_t)
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.3.1/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.fc	2009-01-05 11:17:34.000000000 +0100
-@@ -1,9 +1,9 @@
- #
- # HOME_DIR/
- #
--HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
--HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
--HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
-+HOME_DIR/\.vmware(/.*)?			gen_context(system_u:object_r:user_vmware_file_t,s0)
-+HOME_DIR/\.vmware[^/]*/.*\.cfg	--	gen_context(system_u:object_r:user_vmware_conf_t,s0)
-+HOME_DIR/vmware(/.*)?			gen_context(system_u:object_r:user_vmware_file_t,s0)
- 
- #
- # /etc
-@@ -21,19 +21,25 @@
- /usr/bin/vmware-nmbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-ping		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-smbd		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-+/usr/sbin/vmware-guest.*		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-smbpasswd	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-smbpasswd\.bin	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-vmx		--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-wizard		--	gen_context(system_u:object_r:vmware_exec_t,s0)
- /usr/bin/vmware			--	gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/sbin/vmware-serverd	--	gen_context(system_u:object_r:vmware_exec_t,s0)
- 
- /usr/lib/vmware/config		--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
- /usr/lib/vmware/bin/vmware-mks	--	gen_context(system_u:object_r:vmware_exec_t,s0)
- /usr/lib/vmware/bin/vmware-ui	--	gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- 
- /usr/lib64/vmware/config	--	gen_context(system_u:object_r:vmware_sys_conf_t,s0)
- /usr/lib64/vmware/bin/vmware-mks --	gen_context(system_u:object_r:vmware_exec_t,s0)
- /usr/lib64/vmware/bin/vmware-ui --	gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib64/vmware/bin/vmplayer  --	gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib64/vmware/bin/vmware-vmx	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
- 
- ifdef(`distro_gentoo',`
- /opt/vmware/workstation/bin/vmnet-bridge --	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-@@ -49,3 +55,8 @@
- /opt/vmware/workstation/bin/vmware-wizard --	gen_context(system_u:object_r:vmware_exec_t,s0)
- /opt/vmware/workstation/bin/vmware	--	gen_context(system_u:object_r:vmware_exec_t,s0)
- ')
-+/var/log/vmware.* 	--	gen_context(system_u:object_r:vmware_log_t,s0)
-+/var/run/vmnat.* 	-s	gen_context(system_u:object_r:vmware_var_run_t,s0)
-+/var/run/vmware.* 		gen_context(system_u:object_r:vmware_var_run_t,s0)
-+/usr/lib/vmware-tools/sbin32/vmware.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-+/usr/lib/vmware-tools/sbin64/vmware.*	--	gen_context(system_u:object_r:vmware_host_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.3.1/policy/modules/apps/vmware.if
---- nsaserefpolicy/policy/modules/apps/vmware.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.if	2009-01-05 11:17:34.000000000 +0100
-@@ -164,7 +164,7 @@
- 	sysnet_dns_name_resolve($1_vmware_t)
- 	sysnet_read_config($1_vmware_t)
- 
--	xserver_user_client_template($1,$1_vmware_t,$1_vmware_tmpfs_t)
-+	xserver_user_x_domain_template($1,$1_vmware,$1_vmware_t,$1_vmware_tmpfs_t)
- ')
- 
- ########################################
-@@ -202,3 +202,22 @@
- 
- 	allow $1 vmware_sys_conf_t:file append;
- ')
++
++# Defaults for reserved ports.  Earlier portcon entries take precedence;
++# these entries just cover any remaining reserved ports not otherwise declared.
++
++portcon tcp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
++portcon udp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
++portcon tcp 1-599 gen_context(system_u:object_r:reserved_port_t, s0)
++portcon udp 1-599 gen_context(system_u:object_r:reserved_port_t, s0)
 +
 +########################################
-+## <summary>
-+##	Append to VMWare log files.
-+## </summary>
-+## <param name="domain">
-+##	<summary>
-+##	Domain allowed access.
-+##	</summary>
-+## </param>
 +#
-+interface(`vmware_append_log',`
-+	gen_require(`
-+		type vmware_log_t;
-+	')
++# Network nodes
++#
 +
-+	logging_search_logs($1)
-+	append_files_pattern($1,vmware_log_t,vmware_log_t)
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.3.1/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.te	2009-01-05 11:17:34.000000000 +0100
-@@ -22,17 +22,21 @@
- type vmware_var_run_t;
- files_pid_file(vmware_var_run_t)
- 
-+type vmware_log_t;
-+logging_log_file(vmware_log_t)
++#
++# node_t is the default type of network nodes.
++# The node_*_t types are used for specific network
++# nodes in net_contexts or net_contexts.mls.
++#
++type node_t, node_type;
++sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh)
 +
- ########################################
- #
- # VMWare host local policy
- #
- 
--allow vmware_host_t self:capability { setuid net_raw };
-+allow vmware_host_t self:capability { setgid setuid net_raw };
- dontaudit vmware_host_t self:capability sys_tty_config;
--allow vmware_host_t self:process signal_perms;
-+allow vmware_host_t self:process { execstack execmem signal_perms };
- allow vmware_host_t self:fifo_file rw_fifo_file_perms;
- allow vmware_host_t self:unix_stream_socket create_stream_socket_perms;
- allow vmware_host_t self:rawip_socket create_socket_perms;
-+allow vmware_host_t self:tcp_socket create_socket_perms;
- 
- # cjp: the ro and rw files should be split up
- manage_files_pattern(vmware_host_t,vmware_sys_conf_t,vmware_sys_conf_t)
-@@ -41,6 +45,11 @@
- manage_sock_files_pattern(vmware_host_t,vmware_var_run_t,vmware_var_run_t)
- files_pid_filetrans(vmware_host_t,vmware_var_run_t,{ file sock_file })
- 
-+manage_files_pattern(vmware_host_t,vmware_log_t,vmware_log_t)	
-+logging_log_filetrans(vmware_host_t,vmware_log_t,{ file dir })
 +
-+files_search_home(vmware_host_t)
++type compat_ipv4_node_t alias node_compat_ipv4_t, node_type;
++nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:: gen_context(system_u:object_r:compat_ipv4_node_t,s0)
 +
- kernel_read_kernel_sysctls(vmware_host_t)
- kernel_list_proc(vmware_host_t)
- kernel_read_proc_symlinks(vmware_host_t)
-@@ -63,6 +72,7 @@
- corenet_sendrecv_all_server_packets(vmware_host_t)
- 
- dev_read_sysfs(vmware_host_t)
-+dev_read_urand(vmware_host_t)
- dev_rw_vmware(vmware_host_t)
- 
- domain_use_interactive_fds(vmware_host_t)
-@@ -99,14 +109,12 @@
- ')
- netutils_domtrans_ping(vmware_host_t)
- 
--ifdef(`TODO',`
--# VMWare need access to pcmcia devices for network
- optional_policy(`
--allow kernel_t cardmgr_var_lib_t:dir { getattr search };
--allow kernel_t cardmgr_var_lib_t:file { getattr ioctl read };
-+	unconfined_domain(vmware_host_t)
- ')
--# Vmware create network devices
--allow kernel_t self:capability net_admin;
--allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
--allow kernel_t self:socket create;
 +
-+optional_policy(`
-+	xserver_xdm_rw_shm(vmware_host_t)
- ')
 +
++type inaddr_any_node_t alias node_inaddr_any_t, node_type;
++nodecon 0.0.0.0 255.255.255.255 gen_context(system_u:object_r:inaddr_any_node_t,s0)
 +
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.3.1/policy/modules/apps/wine.fc
---- nsaserefpolicy/policy/modules/apps/wine.fc	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.fc	2009-01-05 11:17:34.000000000 +0100
-@@ -1,4 +1,6 @@
- /usr/bin/wine			--	gen_context(system_u:object_r:wine_exec_t,s0)
- 
--/opt/cxoffice/bin/wine		--	gen_context(system_u:object_r:wine_exec_t,s0)
--/opt/picasa/wine/bin/wine	--	gen_context(system_u:object_r:wine_exec_t,s0)
-+/opt/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
-+/opt/picasa/wine/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
-+/opt/google/picasa(/.*)?/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
-+HOME_DIR/cxoffice/bin/wine.*	--	gen_context(system_u:object_r:wine_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.3.1/policy/modules/apps/wine.if
---- nsaserefpolicy/policy/modules/apps/wine.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.if	2009-01-05 11:17:34.000000000 +0100
-@@ -49,3 +49,53 @@
- 	role $2 types wine_t;
- 	allow wine_t $3:chr_file rw_term_perms;
- ')
 +
-+#######################################
-+## <summary>
-+##	The per role template for the wine module.
-+## </summary>
-+## <desc>
-+##	<p>
-+##	This template creates a derived domains which are used
-+##	for wine applications.
-+##	</p>
-+## </desc>
-+## <param name="userdomain_prefix">
-+##	<summary>
-+##	The prefix of the user domain (e.g., user
-+##	is the prefix for user_t).
-+##	</summary>
-+## </param>
-+## <param name="user_domain">
-+##	<summary>
-+##	The type of the user domain.
-+##	</summary>
-+## </param>
-+## <param name="user_role">
-+##	<summary>
-+##	The role associated with the user domain.
-+##	</summary>
-+## </param>
++type node_internal_t, node_type; 
++type link_local_node_t alias node_link_local_t, node_type;
++nodecon fe80:: ffff:ffff:ffff:ffff:: gen_context(system_u:object_r:link_local_node_t,s0)
++
++
++
++type lo_node_t alias node_lo_t, node_type;
++nodecon 127.0.0.1 255.255.255.255 gen_context(system_u:object_r:lo_node_t,s0 - mls_systemhigh)
++
++
++
++type mapped_ipv4_node_t alias node_mapped_ipv4_t, node_type;
++nodecon ::ffff:0000:0000 ffff:ffff:ffff:ffff:ffff:ffff:: gen_context(system_u:object_r:mapped_ipv4_node_t,s0)
++
++
++
++type multicast_node_t alias node_multicast_t, node_type;
++nodecon ff00:: ff00:: gen_context(system_u:object_r:multicast_node_t,s0 - mls_systemhigh)
++
++
++
++type site_local_node_t alias node_site_local_t, node_type;
++nodecon fec0:: ffc0:: gen_context(system_u:object_r:site_local_node_t,s0)
++
++
++
++type unspec_node_t alias node_unspec_t, node_type;
++nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff gen_context(system_u:object_r:unspec_node_t,s0)
++
++
++
++########################################
++#
++# Network Interfaces
 +#
-+template(`wine_per_role_template',`
-+	gen_require(`
-+		type wine_exec_t;
-+	')
 +
-+	type $1_wine_t;
-+	domain_type($1_wine_t)
-+	domain_entry_file($1_wine_t,wine_exec_t)
-+	role $3 types $1_wine_t;
++#
++# netif_t is the default type of network interfaces.
++#
++type netif_t, netif_type;
++sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
 +
-+	domain_interactive_fd($1_wine_t)
++ifdef(`enable_mls',`
 +
-+	userdom_unpriv_usertype($1, $1_wine_t)
 +
-+	allow $1_wine_t self:process { execheap execmem };
++gen_require(`type unlabeled_t;')
++type lo_netif_t alias netif_lo_t, netif_type;
++netifcon lo gen_context(system_u:object_r:lo_netif_t,s0 - mls_systemhigh) gen_context(system_u:object_r:unlabeled_t,s0 - mls_systemhigh)
 +
-+	domtrans_pattern($2, wine_exec_t, $1_wine_t)
 +
-+	optional_policy(`
-+		xserver_xdm_rw_shm($1_wine_t)
-+	')
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.3.1/policy/modules/apps/wine.te
---- nsaserefpolicy/policy/modules/apps/wine.te	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.te	2009-01-05 11:17:34.000000000 +0100
-@@ -9,6 +9,7 @@
- type wine_t;
- type wine_exec_t;
- application_domain(wine_t,wine_exec_t)
-+role system_r types wine_t;
- 
- ########################################
- #
-@@ -17,10 +18,17 @@
- 
- optional_policy(`
- 	allow wine_t self:process { execstack execmem execheap };
-+	domain_mmap_low_type(wine_t)
-+	domain_mmap_low(wine_t)
- 	unconfined_domain_noaudit(wine_t)
- 	files_execmod_all_files(wine_t)
- 
-- 	optional_policy(`
-- 		hal_dbus_chat(wine_t)
-- 	')
-+')
 +
-+optional_policy(`
-+	hal_dbus_chat(wine_t)
-+')
++',`
 +
-+optional_policy(`
-+	xserver_xdm_rw_shm(wine_t)
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc	2009-01-05 11:17:34.000000000 +0100
-@@ -7,11 +7,11 @@
- /bin/d?ash			--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash			--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash2			--	gen_context(system_u:object_r:shell_exec_t,s0)
-+/usr/bin/git-shell		--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/ksh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/sash			--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/tcsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/zsh.*			--	gen_context(system_u:object_r:shell_exec_t,s0)
--
- #
- # /dev
- #
-@@ -67,6 +67,12 @@
- 
- /etc/security/namespace.init    --      gen_context(system_u:object_r:bin_t,s0)
- 
++typealias netif_t alias { lo_netif_t netif_lo_t };
 +
-+/etc/sysconfig/crond		-- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/init		-- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/libvirtd		-- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/netconsole	-- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/readonly-root 	-- gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifup-.*	-- gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifup-.*	-l gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
-@@ -99,11 +105,6 @@
- /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
- ')
- 
--ifdef(`distro_redhat',`
--/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
--/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
--')
--
- #
- # /sbin
- #
-@@ -127,6 +128,8 @@
- /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
- ')
- 
-+/opt/gutenprint/cups/lib/filter(/.*)?		gen_context(system_u:object_r:bin_t,s0)
++')
 +
- #
- # /usr
- #
-@@ -144,10 +147,7 @@
- /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/apt/methods.+	--	gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/courier(/.*)?		gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/backend(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/cgi-bin/.*	--	gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/daemon(/.*)? 	gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/filter(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/cups(/.*)? 		gen_context(system_u:object_r:bin_t,s0)
- 
- /usr/lib(64)?/cyrus-imapd/.*	--	gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/dpkg/.+		--	gen_context(system_u:object_r:bin_t,s0)
-@@ -178,6 +178,8 @@
- /usr/lib(64)?/xen/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)
- 
- /usr/libexec(/.*)?			gen_context(system_u:object_r:bin_t,s0)
-+/usr/libsexec/sesh		--	gen_context(system_u:object_r:shell_exec_t,s0)
 +
- /usr/libexec/openssh/sftp-server --	gen_context(system_u:object_r:bin_t,s0)
- 
- /usr/local/lib(64)?/ipsec/.*	-- 	gen_context(system_u:object_r:bin_t,s0)
-@@ -185,8 +187,12 @@
- /usr/local/Brother(/.*)?/lpd(/.*)?	gen_context(system_u:object_r:bin_t,s0)
- /usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/local/Printer/[^/]*/lpd(/.*)?     	gen_context(system_u:object_r:bin_t,s0)
-+/usr/local/linuxprinter/filters(/.*)?   gen_context(system_u:object_r:bin_t,s0)
- 
-+/usr/bin/scponly		--	gen_context(system_u:object_r:shell_exec_t,s0)
-+/usr/sbin/scponlyc		--	gen_context(system_u:object_r:shell_exec_t,s0)
- /usr/sbin/sesh			--	gen_context(system_u:object_r:shell_exec_t,s0)
-+/usr/sbin/smrsh			--	gen_context(system_u:object_r:shell_exec_t,s0)
- 
- /usr/share/apr-0/build/[^/]+\.sh --	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/apr-0/build/libtool --	gen_context(system_u:object_r:bin_t,s0)
-@@ -213,9 +219,11 @@
- /etc/gdm/[^/]+/.*			gen_context(system_u:object_r:bin_t,s0)
- 
- /usr/lib/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib64/.*/program(/.*)?		gen_context(system_u:object_r:bin_t,s0)
- /usr/lib/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
--/usr/lib/vmware-tools/sbin32(/.*)?      gen_context(system_u:object_r:bin_t,s0)
- /usr/lib64/bluetooth(/.*)?	--      gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib/vmware-tools/sbin32(/.*)?      gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib/vmware-tools/sbin64(/.*)?      gen_context(system_u:object_r:bin_t,s0)
- /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/authconfig/authconfig\.py --	gen_context(system_u:object_r:bin_t,s0)
-@@ -223,7 +231,6 @@
- /usr/share/clamav/clamd-gen	--	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/clamav/freshclam-sleep --	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/fedora-usermgmt/wrapper --	gen_context(system_u:object_r:bin_t,s0)
--/usr/share/hplip/[^/]*		--	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/hwbrowser/hwbrowser --	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/pwlib/make/ptlib-config --	gen_context(system_u:object_r:bin_t,s0)
- /usr/share/pydict/pydict\.py	--	gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +291,12 @@
- ifdef(`distro_suse',`
- /var/lib/samba/bin/.+			gen_context(system_u:object_r:bin_t,s0)
- ')
-+/usr/lib(64)?/nspluginwrapper/npconfig	gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/nspluginwrapper/npviewer	gen_context(system_u:object_r:bin_t,s0)
++########################################
++#
++# Unconfined access to this module
++#
 +
-+/usr/lib(64)?/ConsoleKit/scripts(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/ConsoleKit/run-session.d(/.*)?  gen_context(system_u:object_r:bin_t,s0)
-+/etc/ConsoleKit/run-session.d(/.*)?  gen_context(system_u:object_r:bin_t,s0)
++allow corenet_unconfined_type node_type:node *;
++allow corenet_unconfined_type netif_type:netif *;
++allow corenet_unconfined_type packet_type:packet *;
++allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_connect };
++allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
 +
-+/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
-+/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.3.1/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.if	2009-01-05 11:17:34.000000000 +0100
-@@ -875,6 +875,7 @@
- 
- 	read_lnk_files_pattern($1,bin_t,bin_t)
- 	can_exec($1,chroot_exec_t)
-+	allow $1 self:capability sys_chroot;
- ')
- 
- ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in	2009-01-05 11:17:34.000000000 +0100
-@@ -1441,10 +1441,11 @@
- #
- interface(`corenet_tcp_bind_all_unreserved_ports',`
- 	gen_require(`
--		attribute port_type, reserved_port_type;
-+		attribute port_type;
-+		type hi_reserved_port_t, reserved_port_t;
- 	')
- 
--	allow $1 { port_type -reserved_port_type }:tcp_socket name_bind;
-+	allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:tcp_socket name_bind;
- ')
- 
- ########################################
-@@ -1459,10 +1460,11 @@
- #
- interface(`corenet_udp_bind_all_unreserved_ports',`
- 	gen_require(`
--		attribute port_type, reserved_port_type;
-+		attribute port_type;
-+		type hi_reserved_port_t, reserved_port_t;
- 	')
- 
--	allow $1 { port_type -reserved_port_type }:udp_socket name_bind;
-+	allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:udp_socket name_bind;
- ')
- 
- ########################################
++# Bind to any network address.
++allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
++allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2009-01-05 11:21:29.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2009-01-13 19:18:30.000000000 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(corenetwork,1.2.15)
@@ -7807,7 +70642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(xen, tcp,8002,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.3.1/policy/modules/kernel/devices.fc
 --- nsaserefpolicy/policy/modules/kernel/devices.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,7 +1,7 @@
  
  /dev			-d	gen_context(system_u:object_r:device_t,s0)
@@ -7934,7 +70769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.3.1/policy/modules/kernel/devices.if
 --- nsaserefpolicy/policy/modules/kernel/devices.if	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.if	2009-01-13 19:18:30.000000000 +0100
 @@ -65,7 +65,7 @@
  
  	relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -8361,7 +71196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.3.1/policy/modules/kernel/devices.te
 --- nsaserefpolicy/policy/modules/kernel/devices.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.te	2009-01-13 19:18:30.000000000 +0100
 @@ -32,6 +32,12 @@
  type apm_bios_t;
  dev_node(apm_bios_t)
@@ -8429,7 +71264,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
  type power_device_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.3.1/policy/modules/kernel/domain.if
 --- nsaserefpolicy/policy/modules/kernel/domain.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.if	2009-01-13 19:18:30.000000000 +0100
 @@ -525,7 +525,7 @@
  	')
  
@@ -8479,7 +71314,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
  ##	all protocols (TCP, UDP, etc)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te	2009-01-13 19:18:30.000000000 +0100
 @@ -5,6 +5,13 @@
  #
  # Declarations
@@ -8553,7 +71388,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.3.1/policy/modules/kernel/files.fc
 --- nsaserefpolicy/policy/modules/kernel/files.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -32,6 +32,7 @@
  /boot/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
  /boot/lost\+found/.*		<<none>>
@@ -8564,7 +71399,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  # /emul
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.if	2009-01-13 19:18:30.000000000 +0100
 @@ -110,6 +110,11 @@
  ## </param>
  #
@@ -8952,7 +71787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.3.1/policy/modules/kernel/files.te
 --- nsaserefpolicy/policy/modules/kernel/files.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.te	2009-01-13 19:18:30.000000000 +0100
 @@ -50,11 +50,15 @@
  #
  # etc_t is the type of the system etc directories.
@@ -8992,7 +71827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
 --- nsaserefpolicy/policy/modules/kernel/filesystem.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if	2009-01-13 19:18:30.000000000 +0100
 @@ -310,6 +310,25 @@
  
  ########################################
@@ -9394,7 +72229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.3.1/policy/modules/kernel/filesystem.te
 --- nsaserefpolicy/policy/modules/kernel/filesystem.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te	2009-01-13 19:18:30.000000000 +0100
 @@ -21,10 +21,11 @@
  
  # Use xattrs for the following filesystem types.
@@ -9458,7 +72293,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.3.1/policy/modules/kernel/kernel.if
 --- nsaserefpolicy/policy/modules/kernel/kernel.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if	2009-01-13 19:18:30.000000000 +0100
 @@ -330,6 +330,11 @@
  
  	allow $1 self:capability sys_module;
@@ -10129,7 +72964,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
 --- nsaserefpolicy/policy/modules/kernel/kernel.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te	2009-01-13 19:18:30.000000000 +0100
 @@ -45,6 +45,15 @@
  sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
  
@@ -10222,7 +73057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-3.3.1/policy/modules/kernel/mls.if
 --- nsaserefpolicy/policy/modules/kernel/mls.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/mls.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/mls.if	2009-01-13 19:18:30.000000000 +0100
 @@ -612,6 +612,26 @@
  ########################################
  ## <summary>
@@ -10279,7 +73114,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.3.1/policy/modules/kernel/selinux.if
 --- nsaserefpolicy/policy/modules/kernel/selinux.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/selinux.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/selinux.if	2009-01-13 19:18:30.000000000 +0100
 @@ -164,6 +164,7 @@
  		type security_t;
  	')
@@ -10400,7 +73235,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-3.3.1/policy/modules/kernel/selinux.te
 --- nsaserefpolicy/policy/modules/kernel/selinux.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/selinux.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/selinux.te	2009-01-13 19:18:30.000000000 +0100
 @@ -10,6 +10,7 @@
  attribute can_setenforce;
  attribute can_setsecparam;
@@ -10424,7 +73259,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
  neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.3.1/policy/modules/kernel/storage.fc
 --- nsaserefpolicy/policy/modules/kernel/storage.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/storage.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/storage.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -13,6 +13,7 @@
  /dev/cm20.*		-b	gen_context(system_u:object_r:removable_device_t,s0)
  /dev/dasd[^/]*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -10460,7 +73295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  /dev/ataraid/.*		-b	gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.3.1/policy/modules/kernel/storage.if
 --- nsaserefpolicy/policy/modules/kernel/storage.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/storage.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/storage.if	2009-01-13 19:18:30.000000000 +0100
 @@ -81,6 +81,26 @@
  
  ########################################
@@ -10490,7 +73325,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
  ##	SELinux protections for filesystem objects, and
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.3.1/policy/modules/kernel/terminal.if
 --- nsaserefpolicy/policy/modules/kernel/terminal.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/terminal.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/terminal.if	2009-01-13 19:18:30.000000000 +0100
 @@ -525,11 +525,13 @@
  interface(`term_use_generic_ptys',`
  	gen_require(`
@@ -10519,7 +73354,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.if serefpolicy-3.3.1/policy/modules/services/aide.if
 --- nsaserefpolicy/policy/modules/services/aide.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/aide.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/aide.if	2009-01-13 19:18:30.000000000 +0100
 @@ -79,10 +79,12 @@
  
  	allow $1 aide_t:process { ptrace signal_perms };
@@ -10537,7 +73372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.fc serefpolicy-3.3.1/policy/modules/services/amavis.fc
 --- nsaserefpolicy/policy/modules/services/amavis.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -3,6 +3,7 @@
  /etc/amavisd(/.*)?		--	gen_context(system_u:object_r:amavis_etc_t,s0)
  
@@ -10554,7 +73389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
 +/etc/rc\.d/init\.d/amavis	--	gen_context(system_u:object_r:amavis_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.3.1/policy/modules/services/amavis.if
 --- nsaserefpolicy/policy/modules/services/amavis.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.if	2009-01-13 19:18:30.000000000 +0100
 @@ -189,6 +189,25 @@
  
  ########################################
@@ -10628,7 +73463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.3.1/policy/modules/services/amavis.te
 --- nsaserefpolicy/policy/modules/services/amavis.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.te	2009-01-13 19:18:30.000000000 +0100
 @@ -13,7 +13,7 @@
  
  # configuration files
@@ -10659,7 +73494,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
  read_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
 --- nsaserefpolicy/policy/modules/services/apache.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2009-01-05 11:28:23.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,10 +1,9 @@
 -HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
 -
@@ -10741,7 +73576,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +/etc/rc\.d/init\.d/httpd	--	gen_context(system_u:object_r:httpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
 --- nsaserefpolicy/policy/modules/services/apache.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.if	2009-01-13 19:18:30.000000000 +0100
 @@ -13,21 +13,16 @@
  #
  template(`apache_content_template',`
@@ -11394,7 +74229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
 --- nsaserefpolicy/policy/modules/services/apache.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.te	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,8 @@
  # Declarations
  #
@@ -12036,7 +74871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
 +manage_lnk_files_pattern(httpd_t,httpdcontent,httpd_rw_content)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.3.1/policy/modules/services/apcupsd.fc
 --- nsaserefpolicy/policy/modules/services/apcupsd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -13,3 +13,5 @@
  /var/www/apcupsd/upsfstats\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
  /var/www/apcupsd/upsimage\.cgi	--	gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
@@ -12045,7 +74880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +/etc/rc\.d/init\.d/apcupsd	--	gen_context(system_u:object_r:apcupsd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.3.1/policy/modules/services/apcupsd.if
 --- nsaserefpolicy/policy/modules/services/apcupsd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -90,10 +90,102 @@
  ## </summary>
  ## </param>
@@ -12152,7 +74987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.3.1/policy/modules/services/apcupsd.te
 --- nsaserefpolicy/policy/modules/services/apcupsd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,6 +22,9 @@
  type apcupsd_var_run_t;
  files_pid_file(apcupsd_var_run_t)
@@ -12177,7 +75012,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.3.1/policy/modules/services/apm.te
 --- nsaserefpolicy/policy/modules/services/apm.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -190,6 +190,10 @@
  	dbus_stub(apmd_t)
  
@@ -12191,7 +75026,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.fc serefpolicy-3.3.1/policy/modules/services/arpwatch.fc
 --- nsaserefpolicy/policy/modules/services/arpwatch.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -9,3 +9,5 @@
  #
  /var/arpwatch(/.*)?		gen_context(system_u:object_r:arpwatch_data_t,s0)
@@ -12200,7 +75035,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
 +/etc/rc\.d/init\.d/arpwatch	--	gen_context(system_u:object_r:arpwatch_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.3.1/policy/modules/services/arpwatch.if
 --- nsaserefpolicy/policy/modules/services/arpwatch.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.if	2009-01-13 19:18:30.000000000 +0100
 @@ -90,3 +90,73 @@
  
  	dontaudit $1 arpwatch_t:packet_socket { read write };
@@ -12277,7 +75112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.3.1/policy/modules/services/arpwatch.te
 --- nsaserefpolicy/policy/modules/services/arpwatch.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.te	2009-01-13 19:18:30.000000000 +0100
 @@ -19,6 +19,9 @@
  type arpwatch_var_run_t;
  files_pid_file(arpwatch_var_run_t)
@@ -12290,7 +75125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.fc serefpolicy-3.3.1/policy/modules/services/asterisk.fc
 --- nsaserefpolicy/policy/modules/services/asterisk.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -6,3 +6,4 @@
  /var/log/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_log_t,s0)
  /var/run/asterisk(/.*)?		gen_context(system_u:object_r:asterisk_var_run_t,s0)
@@ -12298,7 +75133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
 +/etc/rc\.d/init\.d/asterisk	--	gen_context(system_u:object_r:asterisk_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.3.1/policy/modules/services/asterisk.if
 --- nsaserefpolicy/policy/modules/services/asterisk.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,83 @@
  ## <summary>Asterisk IP telephony server</summary>
 +
@@ -12385,7 +75220,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.3.1/policy/modules/services/asterisk.te
 --- nsaserefpolicy/policy/modules/services/asterisk.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.te	2009-01-13 19:18:30.000000000 +0100
 @@ -31,6 +31,9 @@
  type asterisk_var_run_t;
  files_pid_file(asterisk_var_run_t)
@@ -12398,7 +75233,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-3.3.1/policy/modules/services/automount.fc
 --- nsaserefpolicy/policy/modules/services/automount.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -12,4 +12,7 @@
  # /var
  #
@@ -12410,7 +75245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.3.1/policy/modules/services/automount.if
 --- nsaserefpolicy/policy/modules/services/automount.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.if	2009-01-13 19:18:30.000000000 +0100
 @@ -74,3 +74,109 @@
  
  	dontaudit $1 automount_tmp_t:dir getattr;
@@ -12523,7 +75358,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.3.1/policy/modules/services/automount.te
 --- nsaserefpolicy/policy/modules/services/automount.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.te	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,9 @@
  files_tmp_file(automount_tmp_t)
  files_mountpoint(automount_tmp_t)
@@ -12628,7 +75463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.3.1/policy/modules/services/avahi.fc
 --- nsaserefpolicy/policy/modules/services/avahi.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,5 +1,9 @@
 +/etc/rc\.d/init\.d/avahi.*	--	gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
  
@@ -12641,7 +75476,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
  /var/run/avahi-daemon(/.*)? 		gen_context(system_u:object_r:avahi_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.3.1/policy/modules/services/avahi.if
 --- nsaserefpolicy/policy/modules/services/avahi.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.if	2009-01-13 19:18:30.000000000 +0100
 @@ -2,6 +2,103 @@
  
  ########################################
@@ -12794,7 +75629,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.3.1/policy/modules/services/avahi.te
 --- nsaserefpolicy/policy/modules/services/avahi.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.te	2009-01-13 19:18:30.000000000 +0100
 @@ -10,6 +10,12 @@
  type avahi_exec_t;
  init_daemon_domain(avahi_t,avahi_exec_t)
@@ -12846,7 +75681,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.3.1/policy/modules/services/bind.fc
 --- nsaserefpolicy/policy/modules/services/bind.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -49,3 +49,5 @@
  /var/named/chroot/var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
  /var/named/dynamic(/.*)?		gen_context(system_u:object_r:named_cache_t,s0)
@@ -12855,7 +75690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 +/etc/rc\.d/init\.d/named	--	gen_context(system_u:object_r:named_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.3.1/policy/modules/services/bind.if
 --- nsaserefpolicy/policy/modules/services/bind.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.if	2009-01-13 19:18:30.000000000 +0100
 @@ -38,6 +38,42 @@
  
  ########################################
@@ -12996,7 +75831,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.3.1/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.te	2009-01-13 19:18:30.000000000 +0100
 @@ -53,6 +53,9 @@
  init_system_domain(ndc_t,ndc_exec_t)
  role system_r types ndc_t;
@@ -13035,7 +75870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  domain_use_interactive_fds(ndc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.fc serefpolicy-3.3.1/policy/modules/services/bitlbee.fc
 --- nsaserefpolicy/policy/modules/services/bitlbee.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,3 +1,6 @@
  /usr/sbin/bitlbee	--	gen_context(system_u:object_r:bitlbee_exec_t,s0)
  /etc/bitlbee(/.*)?		gen_context(system_u:object_r:bitlbee_conf_t,s0)
@@ -13045,7 +75880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
 +/etc/rc\.d/init\.d/bitlbee	--	gen_context(system_u:object_r:bitlbee_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.if serefpolicy-3.3.1/policy/modules/services/bitlbee.if
 --- nsaserefpolicy/policy/modules/services/bitlbee.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.if	2009-01-13 19:18:30.000000000 +0100
 @@ -20,3 +20,70 @@
  	allow $1 bitlbee_conf_t:file { read getattr };
  ')
@@ -13119,7 +75954,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
 --- nsaserefpolicy/policy/modules/services/bitlbee.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te	2009-01-13 19:18:30.000000000 +0100
 @@ -17,6 +17,12 @@
  type bitlbee_var_t;
  files_type(bitlbee_var_t)
@@ -13173,7 +76008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.3.1/policy/modules/services/bluetooth.fc
 --- nsaserefpolicy/policy/modules/services/bluetooth.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -22,3 +22,8 @@
  #
  /var/lib/bluetooth(/.*)?	gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
@@ -13185,7 +76020,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
 +/etc/rc\.d/init\.d/pand	--	gen_context(system_u:object_r:bluetooth_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.3.1/policy/modules/services/bluetooth.if
 --- nsaserefpolicy/policy/modules/services/bluetooth.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,7 +35,7 @@
  template(`bluetooth_per_role_template',`
  	gen_require(`
@@ -13295,7 +76130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.3.1/policy/modules/services/bluetooth.te
 --- nsaserefpolicy/policy/modules/services/bluetooth.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.te	2009-01-13 19:18:30.000000000 +0100
 @@ -32,19 +32,22 @@
  type bluetooth_var_run_t;
  files_pid_file(bluetooth_var_run_t)
@@ -13366,7 +76201,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.fc serefpolicy-3.3.1/policy/modules/services/canna.fc
 --- nsaserefpolicy/policy/modules/services/canna.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -20,3 +20,5 @@
  /var/run/\.iroha_unix	-d	gen_context(system_u:object_r:canna_var_run_t,s0)
  /var/run/\.iroha_unix/.* -s	gen_context(system_u:object_r:canna_var_run_t,s0)
@@ -13375,7 +76210,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
 +/etc/rc\.d/init\.d/canna	--	gen_context(system_u:object_r:canna_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.if serefpolicy-3.3.1/policy/modules/services/canna.if
 --- nsaserefpolicy/policy/modules/services/canna.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.if	2009-01-13 19:18:30.000000000 +0100
 @@ -18,3 +18,74 @@
  	files_search_pids($1)
  	stream_connect_pattern($1,canna_var_run_t,canna_var_run_t,canna_t)
@@ -13453,7 +76288,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.te serefpolicy-3.3.1/policy/modules/services/canna.te
 --- nsaserefpolicy/policy/modules/services/canna.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.te	2009-01-13 19:18:30.000000000 +0100
 @@ -19,6 +19,9 @@
  type canna_var_run_t;
  files_pid_file(canna_var_run_t)
@@ -13466,7 +76301,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.3.1/policy/modules/services/clamav.fc
 --- nsaserefpolicy/policy/modules/services/clamav.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -5,16 +5,18 @@
  /usr/bin/freshclam		--	gen_context(system_u:object_r:freshclam_exec_t,s0)
  
@@ -13493,7 +76328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +/etc/rc\.d/init\.d/clamd-wrapper	--	gen_context(system_u:object_r:clamd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.3.1/policy/modules/services/clamav.if
 --- nsaserefpolicy/policy/modules/services/clamav.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.if	2009-01-13 19:18:30.000000000 +0100
 @@ -38,6 +38,27 @@
  
  ########################################
@@ -13641,7 +76476,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.3.1/policy/modules/services/clamav.te
 --- nsaserefpolicy/policy/modules/services/clamav.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.te	2009-01-13 19:18:30.000000000 +0100
 @@ -13,7 +13,7 @@
  
  # configuration files
@@ -13731,7 +76566,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.3.1/policy/modules/services/consolekit.fc
 --- nsaserefpolicy/policy/modules/services/consolekit.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,3 +1,6 @@
  /usr/sbin/console-kit-daemon	--	gen_context(system_u:object_r:consolekit_exec_t,s0)
  
@@ -13741,7 +76576,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +/var/log/ConsoleKit(/.*)?	gen_context(system_u:object_r:consolekit_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.3.1/policy/modules/services/consolekit.if
 --- nsaserefpolicy/policy/modules/services/consolekit.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.if	2009-01-13 19:18:30.000000000 +0100
 @@ -38,3 +38,24 @@
  	allow $1 consolekit_t:dbus send_msg;
  	allow consolekit_t $1:dbus send_msg;
@@ -13769,7 +76604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.3.1/policy/modules/services/consolekit.te
 --- nsaserefpolicy/policy/modules/services/consolekit.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.te	2009-01-13 19:18:30.000000000 +0100
 @@ -13,6 +13,9 @@
  type consolekit_var_run_t;
  files_pid_file(consolekit_var_run_t)
@@ -13887,7 +76722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
 --- nsaserefpolicy/policy/modules/services/courier.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,5 @@
  /etc/courier(/.*)?				gen_context(system_u:object_r:courier_etc_t,s0)
 +/etc/authlib(/.*)?				gen_context(system_u:object_r:courier_etc_t,s0)
@@ -13923,7 +76758,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +/var/spool/authdaemon(/.*)?		gen_context(system_u:object_r:courier_spool_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
 --- nsaserefpolicy/policy/modules/services/courier.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.if	2009-01-13 19:18:30.000000000 +0100
 @@ -123,3 +123,77 @@
  
  	domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
@@ -14004,7 +76839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
 --- nsaserefpolicy/policy/modules/services/courier.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.te	2009-01-13 19:18:30.000000000 +0100
 @@ -9,7 +9,10 @@
  courier_domain_template(authdaemon)
  
@@ -14037,7 +76872,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
  # Calendar (PCP) local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.3.1/policy/modules/services/cron.fc
 --- nsaserefpolicy/policy/modules/services/cron.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -17,6 +17,8 @@
  /var/run/fcron\.fifo		-s	gen_context(system_u:object_r:crond_var_run_t,s0)
  /var/run/fcron\.pid		--	gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -14054,7 +76889,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +/var/lib/misc(/.*)?			gen_context(system_u:object_r:system_crond_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.3.1/policy/modules/services/cron.if
 --- nsaserefpolicy/policy/modules/services/cron.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,38 +35,24 @@
  #
  template(`cron_per_role_template',`
@@ -14409,7 +77244,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.3.1/policy/modules/services/cron.te
 --- nsaserefpolicy/policy/modules/services/cron.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.te	2009-01-13 19:18:30.000000000 +0100
 @@ -12,14 +12,6 @@
  
  ## <desc>
@@ -14687,7 +77522,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
 -') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.3.1/policy/modules/services/cups.fc
 --- nsaserefpolicy/policy/modules/services/cups.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.fc	2009-01-05 11:26:40.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -8,24 +8,35 @@
  /etc/cups/ppd/.*	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
  /etc/cups/ppds\.dat	--	gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -14759,7 +77594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +/usr/lib/cups/backend/cups-pdf	--	gen_context(system_u:object_r:cups_pdf_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.3.1/policy/modules/services/cups.if
 --- nsaserefpolicy/policy/modules/services/cups.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.if	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,30 @@
  
  ########################################
@@ -14919,7 +77754,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.3.1/policy/modules/services/cups.te
 --- nsaserefpolicy/policy/modules/services/cups.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.te	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,9 @@
  type cupsd_etc_t;
  files_config_file(cupsd_etc_t)
@@ -15256,7 +78091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
  
  optional_policy(`
  	seutil_sigchld_newrole(hplip_t)
-@@ -645,3 +703,45 @@
+@@ -645,3 +703,57 @@
  optional_policy(`
  	udev_read_db(ptal_t)
  ')
@@ -15302,9 +78137,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
 +
 +userdom_dontaudit_read_sysadm_home_content_files(cups_pdf_t)
 +
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(cups_pdf_t)
++ fs_manage_nfs_files(cups_pdf_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(cups_pdf_t)
++ fs_manage_cifs_files(cups_pdf_t)
++')
++
++
++
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-3.3.1/policy/modules/services/cvs.fc
 --- nsaserefpolicy/policy/modules/services/cvs.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -5,3 +5,6 @@
  
  /var/cvs(/.*)?		gen_context(system_u:object_r:cvs_data_t,s0)
@@ -15314,7 +78161,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
 +/var/www/cgi-bin/cvsweb\.cgi	--	gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.3.1/policy/modules/services/cvs.if
 --- nsaserefpolicy/policy/modules/services/cvs.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.if	2009-01-13 19:18:30.000000000 +0100
 @@ -36,3 +36,72 @@
  
  	can_exec($1,cvs_exec_t)
@@ -15390,7 +78237,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.3.1/policy/modules/services/cvs.te
 --- nsaserefpolicy/policy/modules/services/cvs.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.te	2009-01-13 19:18:30.000000000 +0100
 @@ -28,6 +28,9 @@
  type cvs_var_run_t;
  files_pid_file(cvs_var_run_t)
@@ -15446,7 +78293,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
 +files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.fc serefpolicy-3.3.1/policy/modules/services/cyphesis.fc
 --- nsaserefpolicy/policy/modules/services/cyphesis.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,6 @@
 +
 +/usr/bin/cyphesis		--	gen_context(system_u:object_r:cyphesis_exec_t,s0)
@@ -15456,7 +78303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +/var/run/cyphesis(/.*)?		gen_context(system_u:object_r:cyphesis_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.if serefpolicy-3.3.1/policy/modules/services/cyphesis.if
 --- nsaserefpolicy/policy/modules/services/cyphesis.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,19 @@
 +## <summary>policy for cyphesis</summary>
 +
@@ -15479,7 +78326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.3.1/policy/modules/services/cyphesis.te
 --- nsaserefpolicy/policy/modules/services/cyphesis.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,92 @@
 +policy_module(cyphesis,1.0.0)
 +
@@ -15575,7 +78422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.3.1/policy/modules/services/cyrus.fc
 --- nsaserefpolicy/policy/modules/services/cyrus.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -2,3 +2,5 @@
  /usr/lib(64)?/cyrus-imapd/cyrus-master	--	gen_context(system_u:object_r:cyrus_exec_t,s0)
  
@@ -15584,7 +78431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
 +/etc/rc\.d/init\.d/cyrus	--	gen_context(system_u:object_r:cyrus_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.if serefpolicy-3.3.1/policy/modules/services/cyrus.if
 --- nsaserefpolicy/policy/modules/services/cyrus.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.if	2009-01-13 19:18:30.000000000 +0100
 @@ -39,3 +39,74 @@
  	files_search_var_lib($1)
  	stream_connect_pattern($1,cyrus_var_lib_t,cyrus_var_lib_t,cyrus_t)
@@ -15662,7 +78509,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.3.1/policy/modules/services/cyrus.te
 --- nsaserefpolicy/policy/modules/services/cyrus.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.te	2009-01-13 19:18:30.000000000 +0100
 @@ -19,6 +19,9 @@
  type cyrus_var_run_t;
  files_pid_file(cyrus_var_run_t)
@@ -15675,7 +78522,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.3.1/policy/modules/services/dbus.fc
 --- nsaserefpolicy/policy/modules/services/dbus.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -4,6 +4,9 @@
  /usr/bin/dbus-daemon(-1)? --	gen_context(system_u:object_r:system_dbusd_exec_t,s0)
  /bin/dbus-daemon 	--	gen_context(system_u:object_r:system_dbusd_exec_t,s0)
@@ -15688,7 +78535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
  /var/run/dbus(/.*)?		gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
 --- nsaserefpolicy/policy/modules/services/dbus.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if	2009-01-13 19:18:30.000000000 +0100
 @@ -53,6 +53,7 @@
  	gen_require(`
  		type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -15977,7 +78824,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.3.1/policy/modules/services/dbus.te
 --- nsaserefpolicy/policy/modules/services/dbus.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.te	2009-01-13 19:18:30.000000000 +0100
 @@ -9,9 +9,10 @@
  #
  # Delcarations
@@ -16100,7 +78947,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.3.1/policy/modules/services/dcc.if
 --- nsaserefpolicy/policy/modules/services/dcc.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dcc.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dcc.if	2009-01-13 19:18:30.000000000 +0100
 @@ -72,6 +72,24 @@
  
  ########################################
@@ -16128,7 +78975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.3.1/policy/modules/services/dcc.te
 --- nsaserefpolicy/policy/modules/services/dcc.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dcc.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dcc.te	2009-01-13 19:18:30.000000000 +0100
 @@ -105,6 +105,8 @@
  files_read_etc_files(cdcc_t)
  files_read_etc_runtime_files(cdcc_t)
@@ -16290,7 +79137,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.fc serefpolicy-3.3.1/policy/modules/services/ddclient.fc
 --- nsaserefpolicy/policy/modules/services/ddclient.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -9,3 +9,5 @@
  /var/log/ddtcd\.log.*	--	gen_context(system_u:object_r:ddclient_log_t,s0)
  /var/run/ddclient\.pid	--	gen_context(system_u:object_r:ddclient_var_run_t,s0)
@@ -16299,7 +79146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.3.1/policy/modules/services/ddclient.if
 --- nsaserefpolicy/policy/modules/services/ddclient.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.if	2009-01-13 19:18:30.000000000 +0100
 @@ -18,3 +18,81 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1, ddclient_exec_t, ddclient_t)
@@ -16384,7 +79231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.te serefpolicy-3.3.1/policy/modules/services/ddclient.te
 --- nsaserefpolicy/policy/modules/services/ddclient.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.te	2009-01-13 19:18:30.000000000 +0100
 @@ -11,7 +11,7 @@
  init_daemon_domain(ddclient_t,ddclient_exec_t)
  
@@ -16406,7 +79253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
  # Declarations
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.fc serefpolicy-3.3.1/policy/modules/services/dhcp.fc
 --- nsaserefpolicy/policy/modules/services/dhcp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -5,3 +5,6 @@
  /var/lib/dhcp(3)?/dhcpd\.leases.* --	gen_context(system_u:object_r:dhcpd_state_t,s0)
  
@@ -16416,7 +79263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.3.1/policy/modules/services/dhcp.if
 --- nsaserefpolicy/policy/modules/services/dhcp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.if	2009-01-13 19:18:30.000000000 +0100
 @@ -19,3 +19,71 @@
  	sysnet_search_dhcp_state($1)
  	allow $1 dhcpd_state_t:file setattr;
@@ -16491,7 +79338,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.3.1/policy/modules/services/dhcp.te
 --- nsaserefpolicy/policy/modules/services/dhcp.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.te	2009-01-13 19:18:30.000000000 +0100
 @@ -19,18 +19,20 @@
  type dhcpd_var_run_t;
  files_pid_file(dhcpd_var_run_t)
@@ -16557,7 +79404,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.3.1/policy/modules/services/dictd.fc
 --- nsaserefpolicy/policy/modules/services/dictd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -4,3 +4,6 @@
  /usr/sbin/dictd		--	gen_context(system_u:object_r:dictd_exec_t,s0)
  
@@ -16567,7 +79414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
 +/etc/rc\.d/init\.d/dictd	--	gen_context(system_u:object_r:dictd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.if serefpolicy-3.3.1/policy/modules/services/dictd.if
 --- nsaserefpolicy/policy/modules/services/dictd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -14,3 +14,73 @@
  interface(`dictd_tcp_connect',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -16644,7 +79491,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.te serefpolicy-3.3.1/policy/modules/services/dictd.te
 --- nsaserefpolicy/policy/modules/services/dictd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,12 @@
  type dictd_var_lib_t alias var_lib_dictd_t;
  files_type(dictd_var_lib_t)
@@ -16670,7 +79517,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc
 --- nsaserefpolicy/policy/modules/services/dnsmasq.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,7 @@
  /usr/sbin/dnsmasq		--	gen_context(system_u:object_r:dnsmasq_exec_t,s0)
  
@@ -16681,7 +79528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
 +/etc/rc\.d/init\.d/dnsmasq	--	gen_context(system_u:object_r:dnsmasq_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.3.1/policy/modules/services/dnsmasq.if
 --- nsaserefpolicy/policy/modules/services/dnsmasq.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,144 @@
  ## <summary>dnsmasq DNS forwarder and DHCP server</summary>
 +
@@ -16829,7 +79676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.3.1/policy/modules/services/dnsmasq.te
 --- nsaserefpolicy/policy/modules/services/dnsmasq.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,9 @@
  type dnsmasq_var_run_t;
  files_pid_file(dnsmasq_var_run_t)
@@ -16877,7 +79724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.3.1/policy/modules/services/dovecot.fc
 --- nsaserefpolicy/policy/modules/services/dovecot.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -17,23 +17,24 @@
  
  ifdef(`distro_debian', `
@@ -16910,7 +79757,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +/etc/rc\.d/init\.d/dovecot	--	gen_context(system_u:object_r:dovecot_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.3.1/policy/modules/services/dovecot.if
 --- nsaserefpolicy/policy/modules/services/dovecot.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.if	2009-01-13 19:18:30.000000000 +0100
 @@ -21,7 +21,46 @@
  
  ########################################
@@ -17051,7 +79898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.3.1/policy/modules/services/dovecot.te
 --- nsaserefpolicy/policy/modules/services/dovecot.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.te	2009-01-13 19:18:30.000000000 +0100
 @@ -15,6 +15,15 @@
  domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
  role system_r types dovecot_auth_t;
@@ -17208,7 +80055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.3.1/policy/modules/services/exim.if
 --- nsaserefpolicy/policy/modules/services/exim.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/exim.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/exim.if	2009-01-13 19:18:30.000000000 +0100
 @@ -97,6 +97,26 @@
  
  ########################################
@@ -17262,7 +80109,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.3.1/policy/modules/services/exim.te
 --- nsaserefpolicy/policy/modules/services/exim.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/exim.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/exim.te	2009-01-13 19:18:30.000000000 +0100
 @@ -21,9 +21,20 @@
  ## </desc>
  gen_tunable(exim_manage_user_files,false)
@@ -17451,7 +80298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-3.3.1/policy/modules/services/fail2ban.fc
 --- nsaserefpolicy/policy/modules/services/fail2ban.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,3 +1,8 @@
  /usr/bin/fail2ban	--	gen_context(system_u:object_r:fail2ban_exec_t,s0)
 +/usr/bin/fail2ban-server --	gen_context(system_u:object_r:fail2ban_exec_t,s0)
@@ -17464,7 +80311,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.3.1/policy/modules/services/fail2ban.if
 --- nsaserefpolicy/policy/modules/services/fail2ban.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.if	2009-01-13 19:18:30.000000000 +0100
 @@ -78,3 +78,68 @@
  	files_search_pids($1)
  	allow $1 fail2ban_var_run_t:file read_file_perms;
@@ -17536,7 +80383,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te
 --- nsaserefpolicy/policy/modules/services/fail2ban.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te	2009-01-13 19:18:30.000000000 +0100
 @@ -18,6 +18,9 @@
  type fail2ban_var_run_t;
  files_pid_file(fail2ban_var_run_t)
@@ -17610,7 +80457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.3.1/policy/modules/services/fetchmail.fc
 --- nsaserefpolicy/policy/modules/services/fetchmail.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -17,3 +17,4 @@
  
  /var/run/fetchmail/.*		--	gen_context(system_u:object_r:fetchmail_var_run_t,s0)
@@ -17618,7 +80465,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.3.1/policy/modules/services/fetchmail.if
 --- nsaserefpolicy/policy/modules/services/fetchmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,44 @@
  ## <summary>Remote-mail retrieval and forwarding utility</summary>
 +
@@ -17666,7 +80513,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.3.1/policy/modules/services/fetchmail.te
 --- nsaserefpolicy/policy/modules/services/fetchmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te	2009-01-13 19:18:30.000000000 +0100
 @@ -14,7 +14,7 @@
  files_pid_file(fetchmail_var_run_t)
  
@@ -17689,7 +80536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.3.1/policy/modules/services/ftp.fc
 --- nsaserefpolicy/policy/modules/services/ftp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -27,3 +27,6 @@
  /var/log/vsftpd.*	--	gen_context(system_u:object_r:xferlog_t,s0)
  /var/log/xferlog.*	--	gen_context(system_u:object_r:xferlog_t,s0)
@@ -17699,7 +80546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +/etc/rc\.d/init\.d/proftpd	--	gen_context(system_u:object_r:ftp_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.3.1/policy/modules/services/ftp.if
 --- nsaserefpolicy/policy/modules/services/ftp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.if	2009-01-13 19:18:30.000000000 +0100
 @@ -28,11 +28,13 @@
  		type ftpd_t;
  	')
@@ -17818,7 +80665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.3.1/policy/modules/services/ftp.te
 --- nsaserefpolicy/policy/modules/services/ftp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.te	2009-01-13 19:18:30.000000000 +0100
 @@ -75,6 +75,9 @@
  type xferlog_t;
  logging_log_file(xferlog_t)
@@ -17899,13 +80746,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.fc serefpolicy-3.3.1/policy/modules/services/gamin.fc
 --- nsaserefpolicy/policy/modules/services/gamin.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,2 @@
 +
 +/usr/libexec/gam_server	--	gen_context(system_u:object_r:gamin_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.if serefpolicy-3.3.1/policy/modules/services/gamin.if
 --- nsaserefpolicy/policy/modules/services/gamin.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,57 @@
 +
 +## <summary>policy for gamin</summary>
@@ -17966,7 +80813,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gami
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.te serefpolicy-3.3.1/policy/modules/services/gamin.te
 --- nsaserefpolicy/policy/modules/services/gamin.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,42 @@
 +policy_module(gamin,1.0.0)
 +
@@ -18012,14 +80859,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gami
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc
 --- nsaserefpolicy/policy/modules/services/gnomeclock.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,3 @@
 +
 +/usr/libexec/gnome-clock-applet-mechanism	--	gen_context(system_u:object_r:gnomeclock_exec_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.3.1/policy/modules/services/gnomeclock.if
 --- nsaserefpolicy/policy/modules/services/gnomeclock.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,75 @@
 +
 +## <summary>policy for gnomeclock</summary>
@@ -18098,7 +80945,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.3.1/policy/modules/services/gnomeclock.te
 --- nsaserefpolicy/policy/modules/services/gnomeclock.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,55 @@
 +policy_module(gnomeclock,1.0.0)
 +########################################
@@ -18157,7 +81004,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.3.1/policy/modules/services/gpm.te
 --- nsaserefpolicy/policy/modules/services/gpm.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gpm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gpm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -41,8 +41,8 @@
  allow gpm_t gpm_var_run_t:file manage_file_perms;
  files_pid_filetrans(gpm_t,gpm_var_run_t,file)
@@ -18171,7 +81018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.
  kernel_read_kernel_sysctls(gpm_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.3.1/policy/modules/services/hal.fc
 --- nsaserefpolicy/policy/modules/services/hal.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -8,6 +8,8 @@
  /usr/libexec/hal-hotplug-map 		--	gen_context(system_u:object_r:hald_exec_t,s0)
  /usr/libexec/hal-system-sonypic	 	--	gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
@@ -18199,7 +81046,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.3.1/policy/modules/services/hal.if
 --- nsaserefpolicy/policy/modules/services/hal.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.if	2009-01-13 19:18:30.000000000 +0100
 @@ -302,3 +302,42 @@
  	files_search_pids($1)
  	allow $1 hald_var_run_t:file rw_file_perms;
@@ -18245,7 +81092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.3.1/policy/modules/services/hal.te
 --- nsaserefpolicy/policy/modules/services/hal.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.te	2009-01-13 19:18:30.000000000 +0100
 @@ -49,6 +49,9 @@
  type hald_var_lib_t;
  files_type(hald_var_lib_t)
@@ -18274,7 +81121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  logging_log_filetrans(hald_t,hald_log_t,file)
  
  manage_dirs_pattern(hald_t,hald_tmp_t,hald_tmp_t)
-@@ -82,8 +85,9 @@
+@@ -82,8 +85,10 @@
  manage_files_pattern(hald_t,hald_var_lib_t,hald_var_lib_t)
  manage_sock_files_pattern(hald_t,hald_var_lib_t,hald_var_lib_t)
  
@@ -18282,10 +81129,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  manage_files_pattern(hald_t,hald_var_run_t,hald_var_run_t)
 -files_pid_filetrans(hald_t,hald_var_run_t,file)
 +files_pid_filetrans(hald_t,hald_var_run_t,{ dir file })
++allow hald_t hald_var_run_t:dir mounton;
  
  kernel_read_system_state(hald_t)
  kernel_read_network_state(hald_t)
-@@ -93,6 +97,7 @@
+@@ -93,6 +98,7 @@
  kernel_rw_irq_sysctls(hald_t)
  kernel_rw_vm_sysctls(hald_t)
  kernel_write_proc_files(hald_t)
@@ -18293,7 +81141,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  auth_read_pam_console_data(hald_t)
  
-@@ -121,6 +126,7 @@
+@@ -121,6 +127,7 @@
  dev_rw_power_management(hald_t)
  # hal is now execing pm-suspend
  dev_rw_sysfs(hald_t)
@@ -18301,7 +81149,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  domain_use_interactive_fds(hald_t)
  domain_read_all_domains_state(hald_t)
-@@ -155,6 +161,8 @@
+@@ -144,6 +151,10 @@
+ fs_search_all(hald_t)
+ fs_list_inotifyfs(hald_t)
+ fs_list_auto_mountpoints(hald_t)
++fs_mount_dos_fs(hald_t)
++fs_unmount_dos_fs(hald_t)
++fs_manage_dos_files(hald_t)
++
+ files_getattr_all_mountpoints(hald_t)
+ 
+ mls_file_read_all_levels(hald_t)
+@@ -155,6 +166,8 @@
  selinux_compute_relabel_context(hald_t)
  selinux_compute_user_contexts(hald_t)
  
@@ -18310,7 +81169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  storage_raw_read_removable_device(hald_t)
  storage_raw_write_removable_device(hald_t)
  storage_raw_read_fixed_disk(hald_t)
-@@ -172,6 +180,8 @@
+@@ -172,6 +185,8 @@
  init_rw_utmp(hald_t)
  init_telinit(hald_t)
  
@@ -18319,7 +81178,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  libs_use_ld_so(hald_t)
  libs_use_shared_libs(hald_t)
  libs_exec_ld_so(hald_t)
-@@ -244,6 +254,10 @@
+@@ -244,6 +259,10 @@
  ')
  
  optional_policy(`
@@ -18330,7 +81189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	hotplug_read_config(hald_t)
  ')
  
-@@ -265,6 +279,16 @@
+@@ -265,6 +284,16 @@
  ')
  
  optional_policy(`
@@ -18347,7 +81206,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  	rpc_search_nfs_state_data(hald_t)
  ')
  
-@@ -282,16 +306,25 @@
+@@ -282,16 +311,25 @@
  ')
  
  optional_policy(`
@@ -18374,7 +81233,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
  allow hald_t hald_acl_t:process signal;
-@@ -301,9 +334,14 @@
+@@ -301,9 +339,14 @@
  manage_files_pattern(hald_acl_t,hald_var_lib_t,hald_var_lib_t)
  files_search_var_lib(hald_acl_t)
  
@@ -18389,7 +81248,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  dev_getattr_generic_usb_dev(hald_acl_t)
  dev_getattr_video_dev(hald_acl_t)
  dev_setattr_video_dev(hald_acl_t)
-@@ -323,13 +361,22 @@
+@@ -317,19 +360,30 @@
+ 
+ storage_getattr_removable_dev(hald_acl_t)
+ storage_setattr_removable_dev(hald_acl_t)
++storage_getattr_fixed_disk_dev(hald_acl_t)
++storage_setattr_fixed_disk_dev(hald_acl_t)
+ 
+ auth_use_nsswitch(hald_acl_t)
+ 
  libs_use_ld_so(hald_acl_t)
  libs_use_shared_libs(hald_acl_t)
  
@@ -18412,7 +81279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
  allow hald_t hald_mac_t:process signal;
  allow hald_mac_t hald_t:unix_stream_socket connectto;
-@@ -338,9 +385,18 @@
+@@ -338,9 +392,18 @@
  manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
  files_search_var_lib(hald_mac_t)
  
@@ -18431,7 +81298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  
  libs_use_ld_so(hald_mac_t)
  libs_use_shared_libs(hald_mac_t)
-@@ -363,6 +419,8 @@
+@@ -363,6 +426,8 @@
  manage_files_pattern(hald_sonypic_t,hald_var_lib_t,hald_var_lib_t)
  files_search_var_lib(hald_sonypic_t)
  
@@ -18440,7 +81307,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  files_read_usr_files(hald_sonypic_t)
  
  libs_use_ld_so(hald_sonypic_t)
-@@ -383,6 +441,8 @@
+@@ -383,6 +448,8 @@
  manage_files_pattern(hald_keymap_t,hald_var_lib_t,hald_var_lib_t)
  files_search_var_lib(hald_keymap_t)
  
@@ -18449,7 +81316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
  dev_rw_input_dev(hald_keymap_t)
  
  files_read_usr_files(hald_keymap_t)
-@@ -391,3 +451,8 @@
+@@ -391,3 +458,8 @@
  libs_use_shared_libs(hald_keymap_t)
  
  miscfiles_read_localization(hald_keymap_t)
@@ -18460,7 +81327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.3.1/policy/modules/services/inetd.fc
 --- nsaserefpolicy/policy/modules/services/inetd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,6 +1,8 @@
  
  /usr/sbin/identd	--	gen_context(system_u:object_r:inetd_child_exec_t,s0)
@@ -18472,7 +81339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
  /usr/sbin/xinetd	--	gen_context(system_u:object_r:inetd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.3.1/policy/modules/services/inetd.if
 --- nsaserefpolicy/policy/modules/services/inetd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -115,6 +115,10 @@
  
  	allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
@@ -18486,7 +81353,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.3.1/policy/modules/services/inetd.te
 --- nsaserefpolicy/policy/modules/services/inetd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -30,6 +30,10 @@
  type inetd_child_var_run_t;
  files_pid_file(inetd_child_var_run_t)
@@ -18542,7 +81409,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.fc serefpolicy-3.3.1/policy/modules/services/inn.fc
 --- nsaserefpolicy/policy/modules/services/inn.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -64,3 +64,5 @@
  /var/run/news(/.*)?	 		gen_context(system_u:object_r:innd_var_run_t,s0)
  
@@ -18551,7 +81418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
 +/etc/rc\.d/init\.d/innd		--	gen_context(system_u:object_r:innd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.3.1/policy/modules/services/inn.if
 --- nsaserefpolicy/policy/modules/services/inn.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.if	2009-01-13 19:18:30.000000000 +0100
 @@ -54,8 +54,7 @@
  	')
  
@@ -18645,7 +81512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.3.1/policy/modules/services/inn.te
 --- nsaserefpolicy/policy/modules/services/inn.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,7 +22,10 @@
  files_pid_file(innd_var_run_t)
  
@@ -18660,7 +81527,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.3.1/policy/modules/services/jabber.fc
 --- nsaserefpolicy/policy/modules/services/jabber.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -2,3 +2,4 @@
  
  /var/lib/jabber(/.*)?		gen_context(system_u:object_r:jabberd_var_lib_t,s0)
@@ -18668,7 +81535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
 +/etc/rc\.d/init\.d/jabber	--	gen_context(system_u:object_r:jabber_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.3.1/policy/modules/services/jabber.if
 --- nsaserefpolicy/policy/modules/services/jabber.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.if	2009-01-13 19:18:30.000000000 +0100
 @@ -13,3 +13,73 @@
  interface(`jabber_tcp_connect',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -18745,7 +81612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.3.1/policy/modules/services/jabber.te
 --- nsaserefpolicy/policy/modules/services/jabber.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.te	2009-01-13 19:18:30.000000000 +0100
 @@ -19,6 +19,9 @@
  type jabberd_var_run_t;
  files_pid_file(jabberd_var_run_t)
@@ -18758,7 +81625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.3.1/policy/modules/services/kerberos.fc
 --- nsaserefpolicy/policy/modules/services/kerberos.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -7,12 +7,22 @@
  
  /usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
@@ -18784,7 +81651,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +/etc/rc\.d/init\.d/krb5kdc	--	gen_context(system_u:object_r:kerberos_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.3.1/policy/modules/services/kerberos.if
 --- nsaserefpolicy/policy/modules/services/kerberos.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.if	2009-01-13 19:18:30.000000000 +0100
 @@ -23,6 +23,25 @@
  
  ########################################
@@ -19069,7 +81936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.3.1/policy/modules/services/kerberos.te
 --- nsaserefpolicy/policy/modules/services/kerberos.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,7 @@
  type kadmind_t;
  type kadmind_exec_t;
@@ -19261,7 +82128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
 +kerberos_use(kpropd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.fc serefpolicy-3.3.1/policy/modules/services/kerneloops.fc
 --- nsaserefpolicy/policy/modules/services/kerneloops.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,4 @@
 +
 +/usr/sbin/kerneloops	--	gen_context(system_u:object_r:kerneloops_exec_t,s0)
@@ -19269,7 +82136,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
 +/etc/rc\.d/init\.d/kerneloops	--	gen_context(system_u:object_r:kerneloops_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.3.1/policy/modules/services/kerneloops.if
 --- nsaserefpolicy/policy/modules/services/kerneloops.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,140 @@
 +
 +## <summary>policy for kerneloops</summary>
@@ -19413,7 +82280,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.3.1/policy/modules/services/kerneloops.te
 --- nsaserefpolicy/policy/modules/services/kerneloops.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,63 @@
 +policy_module(kerneloops,1.0.0)
 +
@@ -19480,7 +82347,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.3.1/policy/modules/services/ldap.fc
 --- nsaserefpolicy/policy/modules/services/ldap.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -14,3 +14,5 @@
  /var/run/openldap(/.*)?		gen_context(system_u:object_r:slapd_var_run_t,s0)
  /var/run/slapd\.args	--	gen_context(system_u:object_r:slapd_var_run_t,s0)
@@ -19489,7 +82356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
 +/etc/rc\.d/init\.d/ldap	--	gen_context(system_u:object_r:ldap_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.3.1/policy/modules/services/ldap.if
 --- nsaserefpolicy/policy/modules/services/ldap.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.if	2009-01-13 19:18:30.000000000 +0100
 @@ -73,3 +73,80 @@
  	allow $1 slapd_var_run_t:sock_file write;
  	allow $1 slapd_t:unix_stream_socket connectto;
@@ -19573,7 +82440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.3.1/policy/modules/services/ldap.te
 --- nsaserefpolicy/policy/modules/services/ldap.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.te	2009-01-13 19:18:30.000000000 +0100
 @@ -31,6 +31,9 @@
  type slapd_var_run_t;
  files_pid_file(slapd_var_run_t)
@@ -19586,7 +82453,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.3.1/policy/modules/services/lpd.fc
 --- nsaserefpolicy/policy/modules/services/lpd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/lpd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/lpd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -3,6 +3,8 @@
  #
  /dev/printer		-s	gen_context(system_u:object_r:printer_t,s0)
@@ -19614,7 +82481,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.3.1/policy/modules/services/lpd.if
 --- nsaserefpolicy/policy/modules/services/lpd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/lpd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/lpd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -336,10 +336,8 @@
  	')
  
@@ -19629,7 +82496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.3.1/policy/modules/services/mailman.fc
 --- nsaserefpolicy/policy/modules/services/mailman.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -31,3 +31,4 @@
  /var/lock/mailman(/.*)?			gen_context(system_u:object_r:mailman_lock_t,s0)
  /var/spool/mailman(/.*)?		gen_context(system_u:object_r:mailman_data_t,s0)
@@ -19637,7 +82504,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +/usr/lib/mailman/mail/mailman --	gen_context(system_u:object_r:mailman_mail_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.3.1/policy/modules/services/mailman.if
 --- nsaserefpolicy/policy/modules/services/mailman.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.if	2009-01-13 19:18:30.000000000 +0100
 @@ -31,6 +31,12 @@
  	allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
  	allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -19687,7 +82554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.3.1/policy/modules/services/mailman.te
 --- nsaserefpolicy/policy/modules/services/mailman.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.te	2009-01-13 19:18:30.000000000 +0100
 @@ -53,10 +53,9 @@
  	apache_use_fds(mailman_cgi_t)
  	apache_dontaudit_append_log(mailman_cgi_t)
@@ -19735,13 +82602,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.3.1/policy/modules/services/mailscanner.fc
 --- nsaserefpolicy/policy/modules/services/mailscanner.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,2 @@
 +/var/spool/MailScanner(/.*)?	gen_context(system_u:object_r:mailscanner_spool_t,s0)
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.3.1/policy/modules/services/mailscanner.if
 --- nsaserefpolicy/policy/modules/services/mailscanner.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,59 @@
 +## <summary>Anti-Virus and Anti-Spam Filter</summary>
 +
@@ -19804,7 +82671,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.3.1/policy/modules/services/mailscanner.te
 --- nsaserefpolicy/policy/modules/services/mailscanner.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,5 @@
 +
 +policy_module(mailscanner,1.0.0)
@@ -19813,8 +82680,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
 +files_type(mailscanner_spool_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.3.1/policy/modules/services/mta.fc
 --- nsaserefpolicy/policy/modules/services/mta.fc	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.fc	2009-01-05 11:17:34.000000000 +0100
-@@ -11,9 +11,10 @@
++++ serefpolicy-3.3.1/policy/modules/services/mta.fc	2009-01-13 19:18:30.000000000 +0100
+@@ -8,12 +8,14 @@
+ /etc/postfix/aliases.*		gen_context(system_u:object_r:etc_aliases_t,s0)
+ ')
+ 
++/usr/lib/courier/bin/sendmail  -- gen_context(system_u:object_r:sendmail_exec_t,s0)
  /usr/lib(64)?/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
  
  /usr/sbin/rmail		--	gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -19826,7 +82697,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  /var/mail(/.*)?			gen_context(system_u:object_r:mail_spool_t,s0)
  
  /var/qmail/bin/sendmail	--	gen_context(system_u:object_r:sendmail_exec_t,s0)
-@@ -22,6 +23,4 @@
+@@ -22,6 +24,4 @@
  /var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
  /var/spool/mail(/.*)?		gen_context(system_u:object_r:mail_spool_t,s0)
  
@@ -19836,7 +82707,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.3.1/policy/modules/services/mta.if
 --- nsaserefpolicy/policy/modules/services/mta.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mta.if	2009-01-13 19:18:30.000000000 +0100
 @@ -133,6 +133,15 @@
  		sendmail_create_log($1_mail_t)
  	')
@@ -20011,7 +82882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
  ## </summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
 --- nsaserefpolicy/policy/modules/services/mta.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mta.te	2009-01-13 19:18:30.000000000 +0100
 @@ -6,6 +6,8 @@
  # Declarations
  #
@@ -20180,7 +83051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.3.1/policy/modules/services/munin.fc
 --- nsaserefpolicy/policy/modules/services/munin.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -6,6 +6,9 @@
  /usr/share/munin/plugins/.*	--	gen_context(system_u:object_r:munin_exec_t,s0)
  
@@ -20195,8 +83066,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +/etc/rc\.d/init\.d/munin-node	--	gen_context(system_u:object_r:munin_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.3.1/policy/modules/services/munin.if
 --- nsaserefpolicy/policy/modules/services/munin.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.if	2009-01-05 11:17:34.000000000 +0100
-@@ -80,3 +80,104 @@
++++ serefpolicy-3.3.1/policy/modules/services/munin.if	2009-01-13 19:18:30.000000000 +0100
+@@ -80,3 +80,123 @@
  
  	dontaudit $1 munin_var_lib_t:dir search_dir_perms;
  ')
@@ -20220,6 +83091,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +	init_labeled_script_domtrans($1,munin_script_exec_t)
 +')
 +
++#######################################
++## <summary>
++##      Do not audit attempts to read and write
++##      munin server TCP sockets.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain to not audit.
++##      </summary>
++## </param>
++#
++interface(`munin_dontaudit_rw_tcp_sockets',`
++        gen_require(`
++		type munin_t;
++	')
++
++	dontaudit $1 munin_t:tcp_socket { read write };
++')
++                                        
 +########################################
 +## <summary>
 +##	All of the rules required to administrate 
@@ -20303,7 +83193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.3.1/policy/modules/services/munin.te
 --- nsaserefpolicy/policy/modules/services/munin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.te	2009-01-13 19:23:18.000000000 +0100
 @@ -25,26 +25,33 @@
  type munin_var_run_t alias lrrd_var_run_t;
  files_pid_file(munin_var_run_t)
@@ -20317,7 +83207,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  #
  
 -allow munin_t self:capability { setgid setuid };
-+allow munin_t self:capability { chown dac_override setgid setuid sys_rawio };
++allow munin_t self:capability { chown dac_override kill setgid setuid sys_rawio };
  dontaudit munin_t self:capability sys_tty_config;
  allow munin_t self:process { getsched setsched signal_perms };
  allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -20394,7 +83284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
  
  userdom_dontaudit_use_unpriv_user_fds(munin_t)
  userdom_dontaudit_search_sysadm_home_dirs(munin_t)
-@@ -108,7 +128,21 @@
+@@ -108,7 +128,39 @@
  ')
  
  optional_policy(`
@@ -20403,8 +83293,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +')
 +
 +optional_policy(`
++	files_search_mnt(munin_t)
++')
++
++optional_policy(`
++	logging_getattr_generic_log_files(munin_t)
++')
++
++optional_policy(`
 +	mta_read_config(munin_t)
 +	mta_send_mail(munin_t)
++	mta_read_queue(munin_t)
 +')
 +
 +optional_policy(`
@@ -20413,11 +83312,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +')
 +
 +optional_policy(`
++        postfix_list_spool(munin_t)
++        postfix_getattr_spool_files(munin_t)
++')
++
++optional_policy(`
++        rpc_search_nfs_state_data(munin_t)
++')
++
++optional_policy(`
 +	sendmail_read_log(munin_t)
  ')
  
  optional_policy(`
-@@ -118,3 +152,9 @@
+@@ -118,3 +170,9 @@
  optional_policy(`
  	udev_read_db(munin_t)
  ')
@@ -20429,7 +83337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
 +manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.3.1/policy/modules/services/mysql.fc
 --- nsaserefpolicy/policy/modules/services/mysql.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -22,3 +22,5 @@
  /var/log/mysql.*	--	gen_context(system_u:object_r:mysqld_log_t,s0)
  
@@ -20438,7 +83346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +/etc/rc\.d/init\.d/mysqld	--	gen_context(system_u:object_r:mysqld_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.3.1/policy/modules/services/mysql.if
 --- nsaserefpolicy/policy/modules/services/mysql.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.if	2009-01-13 19:18:30.000000000 +0100
 @@ -32,9 +32,11 @@
  interface(`mysql_stream_connect',`
  	gen_require(`
@@ -20528,7 +83436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.3.1/policy/modules/services/mysql.te
 --- nsaserefpolicy/policy/modules/services/mysql.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.te	2009-01-13 19:18:30.000000000 +0100
 @@ -25,6 +25,9 @@
  type mysqld_tmp_t;
  files_tmp_file(mysqld_tmp_t)
@@ -20559,7 +83467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.3.1/policy/modules/services/nagios.fc
 --- nsaserefpolicy/policy/modules/services/nagios.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -4,13 +4,17 @@
  /usr/bin/nagios			--	gen_context(system_u:object_r:nagios_exec_t,s0)
  /usr/bin/nrpe			--	gen_context(system_u:object_r:nrpe_exec_t,s0)
@@ -20584,7 +83492,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.3.1/policy/modules/services/nagios.if
 --- nsaserefpolicy/policy/modules/services/nagios.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.if	2009-01-13 19:18:30.000000000 +0100
 @@ -44,7 +44,7 @@
  
  ########################################
@@ -20696,7 +83604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.3.1/policy/modules/services/nagios.te
 --- nsaserefpolicy/policy/modules/services/nagios.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,11 +8,7 @@
  
  type nagios_t;
@@ -20804,7 +83712,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.3.1/policy/modules/services/networkmanager.fc
 --- nsaserefpolicy/policy/modules/services/networkmanager.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,7 +1,16 @@
 +/etc/NetworkManager/dispatcher\.d(/.*)	gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
 +
@@ -20824,7 +83732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +/var/run/nm-dhclient.*			gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.3.1/policy/modules/services/networkmanager.if
 --- nsaserefpolicy/policy/modules/services/networkmanager.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if	2009-01-13 19:18:30.000000000 +0100
 @@ -74,7 +74,7 @@
  	')
  
@@ -20895,7 +83803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
 --- nsaserefpolicy/policy/modules/services/networkmanager.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te	2009-01-13 19:18:30.000000000 +0100
 @@ -1,5 +1,5 @@
  
 -policy_module(networkmanager,1.9.0)
@@ -21172,7 +84080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
 +term_dontaudit_use_console(wpa_cli_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.3.1/policy/modules/services/nis.fc
 --- nsaserefpolicy/policy/modules/services/nis.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -4,9 +4,14 @@
  /sbin/ypbind		--	gen_context(system_u:object_r:ypbind_exec_t,s0)
  
@@ -21190,7 +84098,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +/etc/rc\.d/init\.d/ypxfrd	--	gen_context(system_u:object_r:nis_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.3.1/policy/modules/services/nis.if
 --- nsaserefpolicy/policy/modules/services/nis.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.if	2009-01-13 19:18:30.000000000 +0100
 @@ -28,7 +28,7 @@
  		type var_yp_t;
  	')
@@ -21333,7 +84241,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.3.1/policy/modules/services/nis.te
 --- nsaserefpolicy/policy/modules/services/nis.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.te	2009-01-13 19:18:30.000000000 +0100
 @@ -44,6 +44,9 @@
  type ypxfr_exec_t;
  init_daemon_domain(ypxfr_t,ypxfr_exec_t)
@@ -21401,7 +84309,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
  corenet_tcp_connect_all_ports(ypxfr_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.3.1/policy/modules/services/nscd.fc
 --- nsaserefpolicy/policy/modules/services/nscd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -9,3 +9,5 @@
  /var/run/\.nscd_socket	-s	gen_context(system_u:object_r:nscd_var_run_t,s0)
  
@@ -21410,7 +84318,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +/etc/rc\.d/init\.d/nscd	--	gen_context(system_u:object_r:nscd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.3.1/policy/modules/services/nscd.if
 --- nsaserefpolicy/policy/modules/services/nscd.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -2,6 +2,24 @@
  
  ########################################
@@ -21550,7 +84458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.3.1/policy/modules/services/nscd.te
 --- nsaserefpolicy/policy/modules/services/nscd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -23,19 +23,22 @@
  type nscd_log_t;
  logging_log_file(nscd_log_t)
@@ -21644,7 +84552,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.fc serefpolicy-3.3.1/policy/modules/services/ntp.fc
 --- nsaserefpolicy/policy/modules/services/ntp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -17,3 +17,8 @@
  /var/log/xntpd.*		--	gen_context(system_u:object_r:ntpd_log_t,s0)
  
@@ -21656,7 +84564,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
 +/etc/rc\.d/init\.d/ntpd	--	gen_context(system_u:object_r:ntpd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.3.1/policy/modules/services/ntp.if
 --- nsaserefpolicy/policy/modules/services/ntp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.if	2009-01-13 19:18:30.000000000 +0100
 @@ -53,3 +53,76 @@
  	corecmd_search_bin($1)
  	domtrans_pattern($1,ntpdate_exec_t,ntpd_t)
@@ -21736,7 +84644,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.3.1/policy/modules/services/ntp.te
 --- nsaserefpolicy/policy/modules/services/ntp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.te	2009-01-13 19:18:30.000000000 +0100
 @@ -25,6 +25,12 @@
  type ntpdate_exec_t;
  init_system_domain(ntpd_t,ntpdate_exec_t)
@@ -21808,7 +84716,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.3.1/policy/modules/services/nx.fc
 --- nsaserefpolicy/policy/modules/services/nx.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nx.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nx.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,3 +1,5 @@
 +
 +/usr/libexec/nx/nxserver	--	gen_context(system_u:object_r:nx_server_exec_t,s0)
@@ -21817,7 +84725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.f
  /opt/NX/home/nx/\.ssh(/.*)?		gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oav.te serefpolicy-3.3.1/policy/modules/services/oav.te
 --- nsaserefpolicy/policy/modules/services/oav.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oav.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oav.te	2009-01-13 19:18:30.000000000 +0100
 @@ -12,7 +12,7 @@
  
  # cjp: may be collapsable to etc_t
@@ -21838,7 +84746,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oav.
  logging_log_file(scannerdaemon_log_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.3.1/policy/modules/services/oddjob.fc
 --- nsaserefpolicy/policy/modules/services/oddjob.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,4 @@
 -/usr/lib/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
 +/usr/lib(64)?/oddjob/mkhomedir	--	gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -21847,7 +84755,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.3.1/policy/modules/services/oddjob.if
 --- nsaserefpolicy/policy/modules/services/oddjob.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.if	2009-01-13 19:18:30.000000000 +0100
 @@ -44,6 +44,7 @@
  	')
  
@@ -21893,7 +84801,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.3.1/policy/modules/services/oddjob.te
 --- nsaserefpolicy/policy/modules/services/oddjob.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.te	2009-01-13 19:18:30.000000000 +0100
 @@ -10,14 +10,21 @@
  type oddjob_exec_t;
  domain_type(oddjob_t)
@@ -21962,7 +84870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
  userdom_generic_user_home_dir_filetrans_generic_user_home_content(oddjob_mkhomedir_t,notdevfile_class_set)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openca.te serefpolicy-3.3.1/policy/modules/services/openca.te
 --- nsaserefpolicy/policy/modules/services/openca.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openca.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openca.te	2009-01-13 19:18:30.000000000 +0100
 @@ -18,7 +18,7 @@
  
  # /etc/openca standard files
@@ -21974,7 +84882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  type openca_etc_in_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.te serefpolicy-3.3.1/policy/modules/services/openct.te
 --- nsaserefpolicy/policy/modules/services/openct.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openct.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openct.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,6 +22,7 @@
  allow openct_t self:process signal_perms;
  
@@ -21985,7 +84893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
  kernel_read_kernel_sysctls(openct_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.3.1/policy/modules/services/openvpn.fc
 --- nsaserefpolicy/policy/modules/services/openvpn.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -2,6 +2,7 @@
  # /etc
  #
@@ -22005,7 +84913,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +/etc/rc\.d/init\.d/openvpn	--	gen_context(system_u:object_r:openvpn_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.3.1/policy/modules/services/openvpn.if
 --- nsaserefpolicy/policy/modules/services/openvpn.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.if	2009-01-13 19:18:30.000000000 +0100
 @@ -70,6 +70,43 @@
  
  ########################################
@@ -22127,7 +85035,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.3.1/policy/modules/services/openvpn.te
 --- nsaserefpolicy/policy/modules/services/openvpn.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,7 +8,7 @@
  
  ## <desc>
@@ -22202,7 +85110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.3.1/policy/modules/services/pcscd.te
 --- nsaserefpolicy/policy/modules/services/pcscd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pcscd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pcscd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -45,6 +45,7 @@
  files_read_etc_files(pcscd_t)
  files_read_etc_runtime_files(pcscd_t)
@@ -22213,7 +85121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
  libs_use_ld_so(pcscd_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.3.1/policy/modules/services/pegasus.te
 --- nsaserefpolicy/policy/modules/services/pegasus.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pegasus.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pegasus.te	2009-01-13 19:18:30.000000000 +0100
 @@ -42,6 +42,7 @@
  allow pegasus_t pegasus_conf_t:file { read_file_perms link unlink };
  allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
@@ -22262,7 +85170,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.fc serefpolicy-3.3.1/policy/modules/services/pki.fc
 --- nsaserefpolicy/policy/modules/services/pki.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,46 @@
 +
 +/etc/rc\.d/init\.d/pki-ca	--	gen_context(system_u:object_r:pki_ca_script_exec_t,s0)
@@ -22312,7 +85220,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
 +/var/run/pki-tps\.pid		--	gen_context(system_u:object_r:pki_tks_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.if serefpolicy-3.3.1/policy/modules/services/pki.if
 --- nsaserefpolicy/policy/modules/services/pki.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,643 @@
 +
 +## <summary>policy for pki</summary>
@@ -22959,7 +85867,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.te serefpolicy-3.3.1/policy/modules/services/pki.te
 --- nsaserefpolicy/policy/modules/services/pki.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,91 @@
 +policy_module(pki,1.0.0)
 +
@@ -23054,14 +85962,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.fc serefpolicy-3.3.1/policy/modules/services/podsleuth.fc
 --- nsaserefpolicy/policy/modules/services/podsleuth.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,3 @@
 +/usr/bin/podsleuth	--	gen_context(system_u:object_r:podsleuth_exec_t,s0)
 +/usr/libexec/hal-podsleuth       --      gen_context(system_u:object_r:podsleuth_exec_t,s0)
 +/var/cache/podsleuth(/.*)?		gen_context(system_u:object_r:podsleuth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.if serefpolicy-3.3.1/policy/modules/services/podsleuth.if
 --- nsaserefpolicy/policy/modules/services/podsleuth.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,55 @@
 +
 +## <summary>policy for podsleuth</summary>
@@ -23120,7 +86028,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pods
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.te serefpolicy-3.3.1/policy/modules/services/podsleuth.te
 --- nsaserefpolicy/policy/modules/services/podsleuth.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,73 @@
 +policy_module(podsleuth,1.0.0)
 +
@@ -23197,7 +86105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pods
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.3.1/policy/modules/services/polkit.fc
 --- nsaserefpolicy/policy/modules/services/polkit.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,9 @@
 +
 +/usr/libexec/polkit-read-auth-helper	--	gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -23210,7 +86118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +/var/lib/PolicyKit-public(/.*)?			gen_context(system_u:object_r:polkit_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
 --- nsaserefpolicy/policy/modules/services/polkit.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,213 @@
 +
 +## <summary>policy for polkit_auth</summary>
@@ -23427,7 +86335,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te
 --- nsaserefpolicy/policy/modules/services/polkit.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,221 @@
 +policy_module(polkit_auth,1.0.0)
 +
@@ -23652,7 +86560,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portmap.te serefpolicy-3.3.1/policy/modules/services/portmap.te
 --- nsaserefpolicy/policy/modules/services/portmap.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/portmap.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/portmap.te	2009-01-13 19:18:30.000000000 +0100
 @@ -41,6 +41,7 @@
  manage_files_pattern(portmap_t,portmap_var_run_t,portmap_var_run_t)
  files_pid_filetrans(portmap_t,portmap_var_run_t,file)
@@ -23663,7 +86571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
  kernel_read_proc_symlinks(portmap_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portslave.te serefpolicy-3.3.1/policy/modules/services/portslave.te
 --- nsaserefpolicy/policy/modules/services/portslave.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/portslave.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/portslave.te	2009-01-13 19:18:30.000000000 +0100
 @@ -12,7 +12,7 @@
  init_daemon_domain(portslave_t,portslave_exec_t)
  
@@ -23675,7 +86583,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
  files_lock_file(portslave_lock_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.3.1/policy/modules/services/postfix.fc
 --- nsaserefpolicy/policy/modules/services/postfix.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -29,12 +29,10 @@
  /usr/lib/postfix/smtpd	--	gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
  /usr/lib/postfix/bounce	--	gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -23689,18 +86597,30 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  /usr/sbin/postdrop	--	gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
  /usr/sbin/postfix	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
  /usr/sbin/postkick	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
-@@ -43,6 +41,7 @@
+@@ -43,6 +41,11 @@
  /usr/sbin/postmap	--	gen_context(system_u:object_r:postfix_map_exec_t,s0)
  /usr/sbin/postqueue	--	gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
  /usr/sbin/postsuper	--	gen_context(system_u:object_r:postfix_master_exec_t,s0)
++
 +/var/lib/postfix(/.*)?		gen_context(system_u:object_r:postfix_var_lib_t,s0)
++
++/var/run/postfix(/.*)?          gen_context(system_u:object_r:postfix_var_run_t,s0)
++
  /var/spool/postfix(/.*)?		gen_context(system_u:object_r:postfix_spool_t,s0)
  /var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
  /var/spool/postfix/pid/.*	gen_context(system_u:object_r:postfix_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.3.1/policy/modules/services/postfix.if
 --- nsaserefpolicy/policy/modules/services/postfix.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.if	2009-01-05 11:17:34.000000000 +0100
-@@ -206,9 +206,8 @@
++++ serefpolicy-3.3.1/policy/modules/services/postfix.if	2009-01-13 19:22:53.000000000 +0100
+@@ -46,6 +46,7 @@
+ 
+ 	allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
+ 	read_files_pattern(postfix_$1_t,postfix_etc_t,postfix_etc_t)
++	read_lnk_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
+ 
+ 	can_exec(postfix_$1_t, postfix_$1_exec_t)
+ 
+@@ -206,9 +207,8 @@
  		type postfix_etc_t;
  	')
  
@@ -23712,7 +86632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	files_search_etc($1)
  ')
  
-@@ -416,7 +415,7 @@
+@@ -416,7 +416,7 @@
  ##	</summary>
  ## </param>
  #
@@ -23721,7 +86641,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  	gen_require(`
  		type postfix_private_t;
  	')
-@@ -427,6 +426,26 @@
+@@ -427,6 +427,26 @@
  
  ########################################
  ## <summary>
@@ -23748,7 +86668,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ##	Execute the master postfix program in the
  ##	postfix_master domain.
  ## </summary>
-@@ -503,6 +522,44 @@
+@@ -482,6 +502,24 @@
+ 	files_search_spool($1)
+ ')
+ 
++#######################################
++## <summary>
++##      Getattr postfix mail spool files.
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`postfix_getattr_spool_files',`
++	gen_require(`
++		attribute postfix_spool_type;
++	')
++	files_search_spool($1)
++	getattr_files_pattern($1, postfix_spool_type, postfix_spool_type)
++')
++
+ ########################################
+ ## <summary>
+ ##	Read postfix mail spool files.
+@@ -503,6 +541,44 @@
  
  ########################################
  ## <summary>
@@ -23793,7 +86738,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  ##	Execute postfix user mail programs
  ##	in their respective domains.
  ## </summary>
-@@ -519,3 +576,22 @@
+@@ -519,3 +595,22 @@
  
  	typeattribute $1 postfix_user_domtrans;
  ')
@@ -23818,7 +86763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.fc serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc
 --- nsaserefpolicy/policy/modules/services/postfixpolicyd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -3,3 +3,5 @@
  /usr/sbin/policyd		--	gen_context(system_u:object_r:postfix_policyd_exec_t, s0)
  
@@ -23827,7 +86772,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +/etc/rc\.d/init\.d/postfixpolicyd	--	gen_context(system_u:object_r:postfixpolicyd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.if serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if
 --- nsaserefpolicy/policy/modules/services/postfixpolicyd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,68 @@
  ## <summary>Postfix policy server</summary>
 +
@@ -23899,7 +86844,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.te serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te
 --- nsaserefpolicy/policy/modules/services/postfixpolicyd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,9 @@
  type postfix_policyd_var_run_t;
  files_pid_file(postfix_policyd_var_run_t)
@@ -23912,7 +86857,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  # Local Policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te
 --- nsaserefpolicy/policy/modules/services/postfix.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.te	2009-01-13 19:18:30.000000000 +0100
 @@ -6,6 +6,14 @@
  # Declarations
  #
@@ -24190,7 +87135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  corecmd_exec_bin(postfix_virtual_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.3.1/policy/modules/services/postgresql.fc
 --- nsaserefpolicy/policy/modules/services/postgresql.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -6,8 +6,8 @@
  #
  # /usr
@@ -24223,7 +87168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +/etc/rc\.d/init\.d/postgresql	--	gen_context(system_u:object_r:postgresql_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.3.1/policy/modules/services/postgresql.if
 --- nsaserefpolicy/policy/modules/services/postgresql.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1,5 +1,205 @@
  ## <summary>PostgreSQL relational database</summary>
  
@@ -24573,7 +87518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.3.1/policy/modules/services/postgresql.te
 --- nsaserefpolicy/policy/modules/services/postgresql.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.te	2009-01-13 19:18:30.000000000 +0100
 @@ -1,13 +1,30 @@
  
 -policy_module(postgresql,1.5.0)
@@ -24858,7 +87803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.fc serefpolicy-3.3.1/policy/modules/services/postgrey.fc
 --- nsaserefpolicy/policy/modules/services/postgrey.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -7,3 +7,7 @@
  
  /var/run/postgrey(/.*)?		gen_context(system_u:object_r:postgrey_var_run_t,s0)
@@ -24869,7 +87814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +/var/spool/postfix/postgrey(/.*)?	gen_context(system_u:object_r:postgrey_spool_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.3.1/policy/modules/services/postgrey.if
 --- nsaserefpolicy/policy/modules/services/postgrey.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.if	2009-01-13 19:18:30.000000000 +0100
 @@ -12,10 +12,100 @@
  #
  interface(`postgrey_stream_connect',`
@@ -24975,7 +87920,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.3.1/policy/modules/services/postgrey.te
 --- nsaserefpolicy/policy/modules/services/postgrey.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.te	2009-01-13 19:18:30.000000000 +0100
 @@ -13,26 +13,38 @@
  type postgrey_etc_t;
  files_config_file(postgrey_etc_t)
@@ -25030,7 +87975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.3.1/policy/modules/services/ppp.fc
 --- nsaserefpolicy/policy/modules/services/ppp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,6 +1,8 @@
  #
  # /etc
@@ -25042,7 +87987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  /etc/ppp/peers(/.*)?			gen_context(system_u:object_r:pppd_etc_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.3.1/policy/modules/services/ppp.if
 --- nsaserefpolicy/policy/modules/services/ppp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.if	2009-01-13 19:18:30.000000000 +0100
 @@ -39,6 +39,25 @@
  
  ########################################
@@ -25205,7 +88150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.3.1/policy/modules/services/ppp.te
 --- nsaserefpolicy/policy/modules/services/ppp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.te	2009-01-13 19:18:30.000000000 +0100
 @@ -71,7 +71,7 @@
  # PPPD Local policy
  #
@@ -25325,7 +88270,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.3.1/policy/modules/services/prelude.fc
 --- nsaserefpolicy/policy/modules/services/prelude.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/prelude.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,24 @@
 +/sbin/audisp-prelude		--	gen_context(system_u:object_r:prelude_audisp_exec_t,s0)
 +
@@ -25353,7 +88298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.3.1/policy/modules/services/prelude.if
 --- nsaserefpolicy/policy/modules/services/prelude.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/prelude.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,191 @@
 +## <summary>Prelude hybrid intrusion detection system</summary>
 +
@@ -25548,8 +88493,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.3.1/policy/modules/services/prelude.te
 --- nsaserefpolicy/policy/modules/services/prelude.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2009-01-05 11:17:34.000000000 +0100
-@@ -0,0 +1,338 @@
++++ serefpolicy-3.3.1/policy/modules/services/prelude.te	2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,339 @@
 +
 +policy_module(prelude, 1.0.0)
 +
@@ -25691,6 +88636,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +# prelude_audisp local policy
 +#
 +allow prelude_audisp_t self:capability dac_override;
++allow prelude_audisp_t self:process signal;
 +allow prelude_audisp_t self:fifo_file rw_file_perms;
 +allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
 +allow prelude_audisp_t self:unix_dgram_socket create_socket_perms;
@@ -25890,7 +88836,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.3.1/policy/modules/services/privoxy.fc
 --- nsaserefpolicy/policy/modules/services/privoxy.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,6 +1,10 @@
  
  /etc/privoxy/user\.action --	gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -25904,7 +88850,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.3.1/policy/modules/services/privoxy.if
 --- nsaserefpolicy/policy/modules/services/privoxy.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.if	2009-01-13 19:18:30.000000000 +0100
 @@ -2,6 +2,25 @@
  
  ########################################
@@ -25963,7 +88909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.3.1/policy/modules/services/privoxy.te
 --- nsaserefpolicy/policy/modules/services/privoxy.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.te	2009-01-13 19:18:30.000000000 +0100
 @@ -19,6 +19,9 @@
  type privoxy_var_run_t;
  files_pid_file(privoxy_var_run_t)
@@ -25984,7 +88930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
  corenet_sendrecv_http_cache_server_packets(privoxy_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.3.1/policy/modules/services/procmail.fc
 --- nsaserefpolicy/policy/modules/services/procmail.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,2 +1,5 @@
  
  /usr/bin/procmail	--	gen_context(system_u:object_r:procmail_exec_t,s0)
@@ -25993,7 +88939,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0) 
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.3.1/policy/modules/services/procmail.if
 --- nsaserefpolicy/policy/modules/services/procmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.if	2009-01-13 19:18:30.000000000 +0100
 @@ -39,3 +39,41 @@
  	corecmd_search_bin($1)
  	can_exec($1,procmail_exec_t)
@@ -26038,7 +88984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.3.1/policy/modules/services/procmail.te
 --- nsaserefpolicy/policy/modules/services/procmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.te	2009-01-13 19:18:30.000000000 +0100
 @@ -14,6 +14,10 @@
  type procmail_tmp_t;
  files_tmp_file(procmail_tmp_t)
@@ -26118,13 +89064,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/publicfile.if serefpolicy-3.3.1/policy/modules/services/publicfile.if
 --- nsaserefpolicy/policy/modules/services/publicfile.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/publicfile.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/publicfile.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>publicfile supplies files to the public through HTTP and FTP</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.3.1/policy/modules/services/pyzor.fc
 --- nsaserefpolicy/policy/modules/services/pyzor.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,9 +1,11 @@
  /etc/pyzor(/.*)?		gen_context(system_u:object_r:pyzor_etc_t, s0)
  
@@ -26140,7 +89086,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
 +/etc/rc\.d/init\.d/pyzord	--	gen_context(system_u:object_r:pyzord_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.3.1/policy/modules/services/pyzor.if
 --- nsaserefpolicy/policy/modules/services/pyzor.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.if	2009-01-13 19:18:30.000000000 +0100
 @@ -25,16 +25,15 @@
  #
  template(`pyzor_per_role_template',`
@@ -26245,7 +89191,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.3.1/policy/modules/services/pyzor.te
 --- nsaserefpolicy/policy/modules/services/pyzor.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.te	2009-01-13 19:18:30.000000000 +0100
 @@ -17,7 +17,7 @@
  init_daemon_domain(pyzord_t,pyzord_exec_t)
  
@@ -26304,7 +89250,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.if serefpolicy-3.3.1/policy/modules/services/qmail.if
 --- nsaserefpolicy/policy/modules/services/qmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/qmail.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/qmail.if	2009-01-13 19:18:30.000000000 +0100
 @@ -197,3 +197,4 @@
  
          domtrans_pattern(qmail_smtpd_t, $2, $1)
@@ -26312,7 +89258,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.3.1/policy/modules/services/qmail.te
 --- nsaserefpolicy/policy/modules/services/qmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/qmail.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/qmail.te	2009-01-13 19:18:30.000000000 +0100
 @@ -14,7 +14,7 @@
  qmail_child_domain_template(qmail_clean, qmail_start_t)
  
@@ -26370,7 +89316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.fc serefpolicy-3.3.1/policy/modules/services/radius.fc
 --- nsaserefpolicy/policy/modules/services/radius.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -20,3 +20,5 @@
  
  /var/run/radiusd(/.*)?		gen_context(system_u:object_r:radiusd_var_run_t,s0)
@@ -26379,7 +89325,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
 +/etc/rc\.d/init\.d/radiusd	--	gen_context(system_u:object_r:radius_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.3.1/policy/modules/services/radius.if
 --- nsaserefpolicy/policy/modules/services/radius.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.if	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,25 @@
  
  ########################################
@@ -26445,7 +89391,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.3.1/policy/modules/services/radius.te
 --- nsaserefpolicy/policy/modules/services/radius.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.te	2009-01-13 19:18:30.000000000 +0100
 @@ -25,6 +25,9 @@
  type radiusd_var_run_t;
  files_pid_file(radiusd_var_run_t)
@@ -26513,7 +89459,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.fc serefpolicy-3.3.1/policy/modules/services/radvd.fc
 --- nsaserefpolicy/policy/modules/services/radvd.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -5,3 +5,4 @@
  
  /var/run/radvd\.pid	--	gen_context(system_u:object_r:radvd_var_run_t,s0)
@@ -26521,7 +89467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
 +/etc/rc\.d/init\.d/radvd	--	gen_context(system_u:object_r:radvd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.if serefpolicy-3.3.1/policy/modules/services/radvd.if
 --- nsaserefpolicy/policy/modules/services/radvd.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.if	2009-01-13 19:18:30.000000000 +0100
 @@ -2,6 +2,25 @@
  
  ########################################
@@ -26577,7 +89523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.3.1/policy/modules/services/radvd.te
 --- nsaserefpolicy/policy/modules/services/radvd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.te	2009-01-05 11:30:30.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -15,11 +15,14 @@
  type radvd_etc_t;
  files_config_file(radvd_etc_t)
@@ -26604,7 +89550,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.3.1/policy/modules/services/razor.fc
 --- nsaserefpolicy/policy/modules/services/razor.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:ROLE_razor_home_t,s0)
 +HOME_DIR/\.razor(/.*)?		gen_context(system_u:object_r:user_razor_home_t,s0)
@@ -26613,7 +89559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.3.1/policy/modules/services/razor.if
 --- nsaserefpolicy/policy/modules/services/razor.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.if	2009-01-13 19:18:30.000000000 +0100
 @@ -137,6 +137,7 @@
  template(`razor_per_role_template',`
  	gen_require(`
@@ -26705,7 +89651,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.3.1/policy/modules/services/razor.te
 --- nsaserefpolicy/policy/modules/services/razor.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.te	2009-01-13 19:18:30.000000000 +0100
 @@ -23,6 +23,12 @@
  
  razor_common_domain_template(razor)
@@ -26721,7 +89667,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.if serefpolicy-3.3.1/policy/modules/services/rdisc.if
 --- nsaserefpolicy/policy/modules/services/rdisc.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rdisc.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rdisc.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,20 @@
  ## <summary>Network router discovery daemon</summary>
 +
@@ -26745,7 +89691,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdis
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.te serefpolicy-3.3.1/policy/modules/services/rdisc.te
 --- nsaserefpolicy/policy/modules/services/rdisc.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rdisc.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rdisc.te	2009-01-13 19:18:30.000000000 +0100
 @@ -45,6 +45,8 @@
  libs_use_ld_so(rdisc_t)
  libs_use_shared_libs(rdisc_t)
@@ -26757,7 +89703,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdis
  sysnet_read_config(rdisc_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.if serefpolicy-3.3.1/policy/modules/services/remotelogin.if
 --- nsaserefpolicy/policy/modules/services/remotelogin.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/remotelogin.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/remotelogin.if	2009-01-13 19:18:30.000000000 +0100
 @@ -35,3 +35,4 @@
  
  	allow $1 remote_login_t:process signal;
@@ -26765,7 +89711,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-3.3.1/policy/modules/services/remotelogin.te
 --- nsaserefpolicy/policy/modules/services/remotelogin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/remotelogin.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/remotelogin.te	2009-01-13 19:18:30.000000000 +0100
 @@ -85,6 +85,7 @@
  
  miscfiles_read_localization(remote_login_t)
@@ -26776,7 +89722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
  # Only permit unprivileged user domains to be entered via rlogin,
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.3.1/policy/modules/services/rhgb.te
 --- nsaserefpolicy/policy/modules/services/rhgb.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rhgb.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rhgb.te	2009-01-13 19:18:30.000000000 +0100
 @@ -92,6 +92,7 @@
  term_getattr_pty_fs(rhgb_t)
  
@@ -26795,7 +89741,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb
  	consoletype_exec(rhgb_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.3.1/policy/modules/services/ricci.if
 --- nsaserefpolicy/policy/modules/services/ricci.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ricci.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ricci.if	2009-01-13 19:18:30.000000000 +0100
 @@ -165,3 +165,4 @@
  
  	domtrans_pattern($1,ricci_modstorage_exec_t,ricci_modstorage_t)
@@ -26803,7 +89749,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.3.1/policy/modules/services/rlogin.te
 --- nsaserefpolicy/policy/modules/services/rlogin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rlogin.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rlogin.te	2009-01-13 19:18:30.000000000 +0100
 @@ -36,6 +36,8 @@
  allow rlogind_t rlogind_devpts_t:chr_file { rw_chr_file_perms setattr };
  term_create_pty(rlogind_t,rlogind_devpts_t)
@@ -26843,7 +89789,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.3.1/policy/modules/services/roundup.fc
 --- nsaserefpolicy/policy/modules/services/roundup.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -7,3 +7,5 @@
  # /var
  #
@@ -26852,7 +89798,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
 +/etc/rc\.d/init\.d/roundup	--	gen_context(system_u:object_r:roundup_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.if serefpolicy-3.3.1/policy/modules/services/roundup.if
 --- nsaserefpolicy/policy/modules/services/roundup.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,68 @@
  ## <summary>Roundup Issue Tracking System policy</summary>
 +
@@ -26924,7 +89870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.te serefpolicy-3.3.1/policy/modules/services/roundup.te
 --- nsaserefpolicy/policy/modules/services/roundup.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,9 @@
  type roundup_var_lib_t;
  files_type(roundup_var_lib_t)
@@ -26937,7 +89883,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
  # Local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.3.1/policy/modules/services/rpcbind.fc
 --- nsaserefpolicy/policy/modules/services/rpcbind.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -5,3 +5,5 @@
  /var/run/rpc.statd\.pid	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
  /var/run/rpcbind\.lock	--	gen_context(system_u:object_r:rpcbind_var_run_t,s0)
@@ -26946,7 +89892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
 +/etc/rc\.d/init\.d/rpcbind	--	gen_context(system_u:object_r:rpcbind_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.3.1/policy/modules/services/rpcbind.if
 --- nsaserefpolicy/policy/modules/services/rpcbind.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.if	2009-01-13 19:18:30.000000000 +0100
 @@ -95,3 +95,70 @@
  	manage_files_pattern($1,rpcbind_var_lib_t,rpcbind_var_lib_t)
  	files_search_var_lib($1)
@@ -27020,7 +89966,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.3.1/policy/modules/services/rpcbind.te
 --- nsaserefpolicy/policy/modules/services/rpcbind.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,16 +16,21 @@
  type rpcbind_var_lib_t;
  files_type(rpcbind_var_lib_t)
@@ -27054,7 +90000,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
  corenet_all_recvfrom_unlabeled(rpcbind_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.3.1/policy/modules/services/rpc.fc
 --- nsaserefpolicy/policy/modules/services/rpc.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -12,6 +12,7 @@
  # /usr
  #
@@ -27065,7 +90011,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  /usr/sbin/rpc\.nfsd	--	gen_context(system_u:object_r:nfsd_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.3.1/policy/modules/services/rpc.if
 --- nsaserefpolicy/policy/modules/services/rpc.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.if	2009-01-13 19:18:30.000000000 +0100
 @@ -88,8 +88,11 @@
  	# bind to arbitary unused ports
  	corenet_tcp_bind_generic_port($1_t)
@@ -27129,7 +90075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.3.1/policy/modules/services/rpc.te
 --- nsaserefpolicy/policy/modules/services/rpc.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.te	2009-01-13 19:18:30.000000000 +0100
 @@ -23,7 +23,7 @@
  gen_tunable(allow_nfsd_anon_write,false)
  
@@ -27243,7 +90189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.3.1/policy/modules/services/rshd.te
 --- nsaserefpolicy/policy/modules/services/rshd.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rshd.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rshd.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,7 +16,7 @@
  #
  # Local policy
@@ -27307,7 +90253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.fc serefpolicy-3.3.1/policy/modules/services/rsync.fc
 --- nsaserefpolicy/policy/modules/services/rsync.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,2 +1,6 @@
  
  /usr/bin/rsync		--	gen_context(system_u:object_r:rsync_exec_t,s0)
@@ -27317,7 +90263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +/var/run/rsyncd\.lock      --	gen_context(system_u:object_r:rsync_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.3.1/policy/modules/services/rsync.if
 --- nsaserefpolicy/policy/modules/services/rsync.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.if	2009-01-13 19:18:30.000000000 +0100
 @@ -103,3 +103,5 @@
  
  	can_exec($1,rsync_exec_t)
@@ -27326,7 +90272,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.3.1/policy/modules/services/rsync.te
 --- nsaserefpolicy/policy/modules/services/rsync.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.te	2009-01-13 19:18:30.000000000 +0100
 @@ -31,6 +31,9 @@
  type rsync_data_t;
  files_type(rsync_data_t)
@@ -27374,7 +90320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.fc serefpolicy-3.3.1/policy/modules/services/rwho.fc
 --- nsaserefpolicy/policy/modules/services/rwho.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -3,3 +3,5 @@
  /var/spool/rwho(/.*)?		gen_context(system_u:object_r:rwho_spool_t,s0)
  
@@ -27383,7 +90329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
 +/etc/rc\.d/init\.d/rwhod	--	gen_context(system_u:object_r:rwho_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-3.3.1/policy/modules/services/rwho.if
 --- nsaserefpolicy/policy/modules/services/rwho.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.if	2009-01-13 19:18:30.000000000 +0100
 @@ -118,6 +118,25 @@
  
  ########################################
@@ -27436,7 +90382,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.3.1/policy/modules/services/rwho.te
 --- nsaserefpolicy/policy/modules/services/rwho.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,9 @@
  type rwho_spool_t;
  files_type(rwho_spool_t)
@@ -27449,7 +90395,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
  # rwho local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.3.1/policy/modules/services/samba.fc
 --- nsaserefpolicy/policy/modules/services/samba.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -15,6 +15,7 @@
  /usr/bin/ntlm_auth		--	gen_context(system_u:object_r:winbind_helper_exec_t,s0)
  /usr/bin/smbmount		--	gen_context(system_u:object_r:smbmount_exec_t,s0)
@@ -27473,7 +90419,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
 --- nsaserefpolicy/policy/modules/services/samba.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.if	2009-01-13 19:18:30.000000000 +0100
 @@ -33,8 +33,8 @@
  	')
  
@@ -27842,7 +90788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
 --- nsaserefpolicy/policy/modules/services/samba.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.te	2009-01-13 19:18:30.000000000 +0100
 @@ -17,6 +17,13 @@
  
  ## <desc>
@@ -28301,7 +91247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
 +allow smbcontrol_t nmbd_var_run_t:file { read lock };
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.fc serefpolicy-3.3.1/policy/modules/services/sasl.fc
 --- nsaserefpolicy/policy/modules/services/sasl.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -8,3 +8,5 @@
  # /var
  #
@@ -28310,7 +91256,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
 +/etc/rc\.d/init\.d/sasl	--	gen_context(system_u:object_r:sasl_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.3.1/policy/modules/services/sasl.if
 --- nsaserefpolicy/policy/modules/services/sasl.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.if	2009-01-13 19:18:30.000000000 +0100
 @@ -21,6 +21,25 @@
  
  ########################################
@@ -28378,7 +91324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.3.1/policy/modules/services/sasl.te
 --- nsaserefpolicy/policy/modules/services/sasl.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.te	2009-01-13 19:18:30.000000000 +0100
 @@ -23,6 +23,9 @@
  type saslauthd_var_run_t;
  files_pid_file(saslauthd_var_run_t)
@@ -28411,7 +91357,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.3.1/policy/modules/services/sendmail.if
 --- nsaserefpolicy/policy/modules/services/sendmail.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.if	2009-01-13 19:18:30.000000000 +0100
 @@ -149,3 +149,104 @@
  
  	logging_log_filetrans($1,sendmail_log_t,file)
@@ -28519,7 +91465,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
 --- nsaserefpolicy/policy/modules/services/sendmail.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.te	2009-01-13 19:18:30.000000000 +0100
 @@ -20,13 +20,17 @@
  mta_mailserver_delivery(sendmail_t)
  mta_mailserver_sender(sendmail_t)
@@ -28680,7 +91626,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
 -') dnl end TODO
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -5,3 +5,5 @@
  /var/log/setroubleshoot(/.*)?		gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
  
@@ -28689,7 +91635,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +/etc/rc\.d/init\.d/setroubleshoot	--	gen_context(system_u:object_r:setroubleshoot_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.if	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if	2009-01-13 19:18:30.000000000 +0100
 @@ -16,14 +16,13 @@
  	')
  
@@ -28789,7 +91735,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te
 --- nsaserefpolicy/policy/modules/services/setroubleshoot.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,13 +22,16 @@
  type setroubleshoot_var_run_t;
  files_pid_file(setroubleshoot_var_run_t)
@@ -28871,13 +91817,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.fc serefpolicy-3.3.1/policy/modules/services/slattach.fc
 --- nsaserefpolicy/policy/modules/services/slattach.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,2 @@
 +
 +/sbin/slattach	--	gen_context(system_u:object_r:slattach_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.if serefpolicy-3.3.1/policy/modules/services/slattach.if
 --- nsaserefpolicy/policy/modules/services/slattach.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,22 @@
 +
 +## <summary>policy for slattach</summary>
@@ -28903,7 +91849,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slat
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.te serefpolicy-3.3.1/policy/modules/services/slattach.te
 --- nsaserefpolicy/policy/modules/services/slattach.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,31 @@
 +policy_module(slattach,1.0.0)
 +
@@ -28938,7 +91884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slat
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.fc serefpolicy-3.3.1/policy/modules/services/smartmon.fc
 --- nsaserefpolicy/policy/modules/services/smartmon.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -8,3 +8,4 @@
  #
  /var/run/smartd\.pid	--	gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
@@ -28946,7 +91892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
 +/etc/rc\.d/init\.d/smartd	--	gen_context(system_u:object_r:fsdaemon_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.3.1/policy/modules/services/smartmon.if
 --- nsaserefpolicy/policy/modules/services/smartmon.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.if	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,25 @@
  
  ########################################
@@ -29003,7 +91949,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.3.1/policy/modules/services/smartmon.te
 --- nsaserefpolicy/policy/modules/services/smartmon.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.te	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,10 @@
  type fsdaemon_tmp_t;
  files_tmp_file(fsdaemon_tmp_t)
@@ -29042,7 +91988,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
  userdom_dontaudit_search_sysadm_home_dirs(fsdaemon_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.3.1/policy/modules/services/snmp.fc
 --- nsaserefpolicy/policy/modules/services/snmp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -8,6 +8,7 @@
  #
  # /var
@@ -29060,7 +92006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
 +/etc/rc\.d/init\.d/snmptrapd --	gen_context(system_u:object_r:snmp_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.3.1/policy/modules/services/snmp.if
 --- nsaserefpolicy/policy/modules/services/snmp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.if	2009-01-13 19:18:30.000000000 +0100
 @@ -87,6 +87,25 @@
  
  ########################################
@@ -29123,7 +92069,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.3.1/policy/modules/services/snmp.te
 --- nsaserefpolicy/policy/modules/services/snmp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.te	2009-01-13 19:18:30.000000000 +0100
 @@ -18,12 +18,16 @@
  type snmpd_var_lib_t;
  files_type(snmpd_var_lib_t)
@@ -29206,7 +92152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.fc serefpolicy-3.3.1/policy/modules/services/snort.fc
 --- nsaserefpolicy/policy/modules/services/snort.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,6 +1,10 @@
 +/usr/s?bin/snort	--	gen_context(system_u:object_r:snort_exec_t,s0)
 +/usr/sbin/snort-plain	--	gen_context(system_u:object_r:snort_exec_t,s0)
@@ -29223,7 +92169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
 +/etc/rc\.d/init\.d/snortd	--	gen_context(system_u:object_r:snort_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.3.1/policy/modules/services/snort.if
 --- nsaserefpolicy/policy/modules/services/snort.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,95 @@
 -## <summary>Snort network intrusion detection system</summary>
 +## <summary>SELinux policy for Snort IDS</summary>
@@ -29323,7 +92269,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.3.1/policy/modules/services/snort.te
 --- nsaserefpolicy/policy/modules/services/snort.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,10 +8,13 @@
  
  type snort_t;
@@ -29374,7 +92320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.fc serefpolicy-3.3.1/policy/modules/services/soundserver.fc
 --- nsaserefpolicy/policy/modules/services/soundserver.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,10 +1,12 @@
 -/etc/nas(/.*)?			gen_context(system_u:object_r:soundd_etc_t,s0)
 -/etc/yiff(/.*)?			gen_context(system_u:object_r:soundd_etc_t,s0)
@@ -29393,7 +92339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
 +/etc/rc\.d/init\.d/nasd	--	gen_context(system_u:object_r:soundd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.3.1/policy/modules/services/soundserver.if
 --- nsaserefpolicy/policy/modules/services/soundserver.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.if	2009-01-13 19:18:30.000000000 +0100
 @@ -13,3 +13,74 @@
  interface(`soundserver_tcp_connect',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -29471,7 +92417,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.te serefpolicy-3.3.1/policy/modules/services/soundserver.te
 --- nsaserefpolicy/policy/modules/services/soundserver.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.te	2009-01-13 19:18:30.000000000 +0100
 @@ -10,9 +10,6 @@
  type soundd_exec_t;
  init_daemon_domain(soundd_t,soundd_exec_t)
@@ -29542,7 +92488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.3.1/policy/modules/services/spamassassin.fc
 --- nsaserefpolicy/policy/modules/services/spamassassin.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
 +HOME_DIR/\.spamassassin(/.*)?	gen_context(system_u:object_r:user_spamassassin_home_t,s0)
@@ -29570,7 +92516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +/etc/rc\.d/init\.d/spamd	--	gen_context(system_u:object_r:spamd_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.3.1/policy/modules/services/spamassassin.if
 --- nsaserefpolicy/policy/modules/services/spamassassin.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if	2009-01-13 19:18:30.000000000 +0100
 @@ -34,10 +34,11 @@
  # cjp: when tunables are available, spamc stuff should be
  # toggled on activation of spamc, and similarly for spamd.
@@ -30139,7 +93085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.3.1/policy/modules/services/spamassassin.te
 --- nsaserefpolicy/policy/modules/services/spamassassin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te	2009-01-05 11:33:33.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te	2009-01-13 19:18:30.000000000 +0100
 @@ -21,8 +21,10 @@
  gen_tunable(spamd_enable_home_dirs,true)
  
@@ -30499,7 +93445,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.3.1/policy/modules/services/squid.fc
 --- nsaserefpolicy/policy/modules/services/squid.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -12,3 +12,8 @@
  /var/run/squid\.pid	--	gen_context(system_u:object_r:squid_var_run_t,s0)
  
@@ -30511,7 +93457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.3.1/policy/modules/services/squid.if
 --- nsaserefpolicy/policy/modules/services/squid.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.if	2009-01-13 19:18:30.000000000 +0100
 @@ -131,3 +131,95 @@
  interface(`squid_use',`
  	refpolicywarn(`$0($*) has been deprecated.')
@@ -30610,7 +93556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.3.1/policy/modules/services/squid.te
 --- nsaserefpolicy/policy/modules/services/squid.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.te	2009-01-13 19:18:30.000000000 +0100
 @@ -31,12 +31,15 @@
  type squid_var_run_t;
  files_pid_file(squid_var_run_t)
@@ -30697,7 +93643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.3.1/policy/modules/services/ssh.fc
 --- nsaserefpolicy/policy/modules/services/ssh.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,4 @@
 -HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:ROLE_home_ssh_t,s0)
 +HOME_DIR/\.ssh(/.*)?			gen_context(system_u:object_r:user_ssh_home_t,s0)
@@ -30706,7 +93652,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  /etc/ssh/ssh_host_key 		--	gen_context(system_u:object_r:sshd_key_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.3.1/policy/modules/services/ssh.if
 --- nsaserefpolicy/policy/modules/services/ssh.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.if	2009-01-13 19:18:30.000000000 +0100
 @@ -36,6 +36,7 @@
  	gen_require(`
  		attribute ssh_server;
@@ -30961,7 +93907,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.3.1/policy/modules/services/ssh.te
 --- nsaserefpolicy/policy/modules/services/ssh.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.te	2009-01-13 19:18:30.000000000 +0100
 @@ -24,7 +24,7 @@
  
  # Type for the ssh-agent executable.
@@ -31023,7 +93969,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.3.1/policy/modules/services/stunnel.fc
 --- nsaserefpolicy/policy/modules/services/stunnel.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -2,5 +2,6 @@
  /etc/stunnel(/.*)?          	gen_context(system_u:object_r:stunnel_etc_t,s0)
  
@@ -31033,7 +93979,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
  /var/run/stunnel(/.*)?		gen_context(system_u:object_r:stunnel_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.3.1/policy/modules/services/stunnel.if
 --- nsaserefpolicy/policy/modules/services/stunnel.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,25 @@
  ## <summary>SSL Tunneling Proxy</summary>
 +
@@ -31062,7 +94008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.3.1/policy/modules/services/stunnel.te
 --- nsaserefpolicy/policy/modules/services/stunnel.te	2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.te	2009-01-13 19:18:30.000000000 +0100
 @@ -20,7 +20,7 @@
  ')
  
@@ -31083,7 +94029,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
  corenet_tcp_sendrecv_all_if(stunnel_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.3.1/policy/modules/services/telnet.te
 --- nsaserefpolicy/policy/modules/services/telnet.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/telnet.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/telnet.te	2009-01-13 19:18:30.000000000 +0100
 @@ -37,6 +37,8 @@
  allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr };
  term_create_pty(telnetd_t,telnetd_devpts_t)
@@ -31135,7 +94081,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/teln
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.3.1/policy/modules/services/tftp.fc
 --- nsaserefpolicy/policy/modules/services/tftp.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -4,5 +4,5 @@
  
  /tftpboot		-d	gen_context(system_u:object_r:tftpdir_t,s0)
@@ -31145,7 +94091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.3.1/policy/modules/services/tftp.if
 --- nsaserefpolicy/policy/modules/services/tftp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.if	2009-01-13 19:18:30.000000000 +0100
 @@ -24,17 +24,17 @@
  #
  interface(`tftp_admin',`
@@ -31173,7 +94119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.3.1/policy/modules/services/tftp.te
 --- nsaserefpolicy/policy/modules/services/tftp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.te	2009-01-13 19:18:30.000000000 +0100
 @@ -37,7 +37,6 @@
  allow tftpd_t self:udp_socket create_socket_perms;
  allow tftpd_t self:unix_dgram_socket create_socket_perms;
@@ -31218,13 +94164,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/timidity.if serefpolicy-3.3.1/policy/modules/services/timidity.if
 --- nsaserefpolicy/policy/modules/services/timidity.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/timidity.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/timidity.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>MIDI to WAV converter and player configured as a service</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.3.1/policy/modules/services/tor.fc
 --- nsaserefpolicy/policy/modules/services/tor.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,8 +1,10 @@
  /etc/tor(/.*)?			gen_context(system_u:object_r:tor_etc_t,s0)
  
@@ -31239,7 +94185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
 +/etc/rc\.d/init\.d/tor	--	gen_context(system_u:object_r:tor_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.3.1/policy/modules/services/tor.if
 --- nsaserefpolicy/policy/modules/services/tor.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.if	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,25 @@
  
  ########################################
@@ -31303,7 +94249,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.3.1/policy/modules/services/tor.te
 --- nsaserefpolicy/policy/modules/services/tor.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.te	2009-01-13 19:18:30.000000000 +0100
 @@ -26,11 +26,15 @@
  type tor_var_run_t;
  files_pid_file(tor_var_run_t)
@@ -31338,7 +94284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.3.1/policy/modules/services/uucp.if
 --- nsaserefpolicy/policy/modules/services/uucp.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/uucp.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/uucp.if	2009-01-13 19:18:30.000000000 +0100
 @@ -85,27 +85,27 @@
  #
  interface(`uucp_admin',`
@@ -31380,7 +94326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.3.1/policy/modules/services/uucp.te
 --- nsaserefpolicy/policy/modules/services/uucp.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/uucp.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/uucp.te	2009-01-13 19:18:30.000000000 +0100
 @@ -116,6 +116,8 @@
  
  files_read_etc_files(uux_t)
@@ -31400,13 +94346,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.fc serefpolicy-3.3.1/policy/modules/services/w3c.fc
 --- nsaserefpolicy/policy/modules/services/w3c.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,2 @@
 +/usr/share/w3c-markup-validator(/.*)?		gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
 +/usr/share/w3c-markup-validator/cgi-bin(/.*)?	gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.if serefpolicy-3.3.1/policy/modules/services/w3c.if
 --- nsaserefpolicy/policy/modules/services/w3c.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,20 @@
 +## <summary>W3C</summary>
 +
@@ -31430,7 +94376,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.3.1/policy/modules/services/w3c.te
 --- nsaserefpolicy/policy/modules/services/w3c.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,14 @@
 +policy_module(w3c,1.2.1)
 +
@@ -31448,19 +94394,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
 +miscfiles_read_certs(httpd_w3c_validator_script_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/watchdog.if serefpolicy-3.3.1/policy/modules/services/watchdog.if
 --- nsaserefpolicy/policy/modules/services/watchdog.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/watchdog.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/watchdog.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>Software watchdog</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xprint.if serefpolicy-3.3.1/policy/modules/services/xprint.if
 --- nsaserefpolicy/policy/modules/services/xprint.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xprint.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xprint.if	2009-01-13 19:18:30.000000000 +0100
 @@ -1 +1,2 @@
  ## <summary>X print server</summary>
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.3.1/policy/modules/services/xserver.fc
 --- nsaserefpolicy/policy/modules/services/xserver.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,13 +1,13 @@
  #
  # HOME_DIR
@@ -31531,7 +94477,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
  /var/lib/pam_devperm/:0	--	gen_context(system_u:object_r:xdm_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
 --- nsaserefpolicy/policy/modules/services/xserver.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.if	2009-01-13 19:18:30.000000000 +0100
 @@ -12,9 +12,15 @@
  ##	</summary>
  ## </param>
@@ -33021,7 +95967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
 --- nsaserefpolicy/policy/modules/services/xserver.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,6 +8,14 @@
  
  ## <desc>
@@ -33688,7 +96634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-3.3.1/policy/modules/services/zabbix.fc
 --- nsaserefpolicy/policy/modules/services/zabbix.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,5 +1,8 @@
 +
  /usr/bin/zabbix_server	--	gen_context(system_u:object_r:zabbix_exec_t,s0)
@@ -33700,7 +96646,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
 +/etc/rc\.d/init\.d/zabbix	--	gen_context(system_u:object_r:zabbix_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-3.3.1/policy/modules/services/zabbix.if
 --- nsaserefpolicy/policy/modules/services/zabbix.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.if	2009-01-13 19:18:30.000000000 +0100
 @@ -79,6 +79,25 @@
  
  ########################################
@@ -33759,7 +96705,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.3.1/policy/modules/services/zabbix.te
 --- nsaserefpolicy/policy/modules/services/zabbix.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.te	2009-01-13 19:18:30.000000000 +0100
 @@ -18,6 +18,9 @@
  type zabbix_var_run_t;
  files_pid_file(zabbix_var_run_t)
@@ -33772,7 +96718,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
  # zabbix local policy
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.fc serefpolicy-3.3.1/policy/modules/services/zebra.fc
 --- nsaserefpolicy/policy/modules/services/zebra.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -14,3 +14,10 @@
  /var/run/\.zebra	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
  /var/run/\.zserv	-s	gen_context(system_u:object_r:zebra_var_run_t,s0)
@@ -33786,7 +96732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
 +/etc/rc\.d/init\.d/zebra	--	gen_context(system_u:object_r:zebra_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.3.1/policy/modules/services/zebra.if
 --- nsaserefpolicy/policy/modules/services/zebra.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.if	2009-01-13 19:18:30.000000000 +0100
 @@ -18,12 +18,32 @@
  
  	files_search_etc($1)
@@ -33863,7 +96809,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.3.1/policy/modules/services/zebra.te
 --- nsaserefpolicy/policy/modules/services/zebra.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.te	2009-01-13 19:18:30.000000000 +0100
 @@ -30,6 +30,9 @@
  type zebra_var_run_t;
  files_pid_file(zebra_var_run_t)
@@ -33893,7 +96839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.3.1/policy/modules/system/application.te
 --- nsaserefpolicy/policy/modules/system/application.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/application.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/application.te	2009-01-13 19:18:30.000000000 +0100
 @@ -7,6 +7,12 @@
  # Executables to be run by user
  attribute application_exec_type;
@@ -33909,7 +96855,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
  	ssh_rw_stream_sockets(application_domain_type)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.3.1/policy/modules/system/authlogin.fc
 --- nsaserefpolicy/policy/modules/system/authlogin.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -7,12 +7,10 @@
  /etc/passwd\.lock	--	gen_context(system_u:object_r:shadow_t,s0)
  /etc/shadow.*		--	gen_context(system_u:object_r:shadow_t,s0)
@@ -33938,7 +96884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +/var/cache/coolkey(/.*)?	gen_context(system_u:object_r:auth_cache_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.3.1/policy/modules/system/authlogin.if
 --- nsaserefpolicy/policy/modules/system/authlogin.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.if	2009-01-13 19:18:30.000000000 +0100
 @@ -56,10 +56,6 @@
  	miscfiles_read_localization($1_chkpwd_t)
  
@@ -34234,7 +97180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.3.1/policy/modules/system/authlogin.te
 --- nsaserefpolicy/policy/modules/system/authlogin.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.te	2009-01-13 19:18:30.000000000 +0100
 @@ -59,6 +59,9 @@
  type utempter_exec_t;
  application_domain(utempter_t,utempter_exec_t)
@@ -34337,7 +97283,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.3.1/policy/modules/system/fstools.fc
 --- nsaserefpolicy/policy/modules/system/fstools.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,3 @@
 -/sbin/badblocks		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
  /sbin/blkid		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -34353,7 +97299,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  /sbin/partx		--	gen_context(system_u:object_r:fsadm_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.if serefpolicy-3.3.1/policy/modules/system/fstools.if
 --- nsaserefpolicy/policy/modules/system/fstools.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.if	2009-01-13 19:18:30.000000000 +0100
 @@ -142,3 +142,21 @@
  
  	allow $1 swapfile_t:file getattr;
@@ -34378,7 +97324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.3.1/policy/modules/system/fstools.te
 --- nsaserefpolicy/policy/modules/system/fstools.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.te	2009-01-13 19:18:30.000000000 +0100
 @@ -97,6 +97,10 @@
  fs_getattr_tmpfs_dirs(fsadm_t)
  fs_read_tmpfs_symlinks(fsadm_t)
@@ -34402,7 +97348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-3.3.1/policy/modules/system/getty.fc
 --- nsaserefpolicy/policy/modules/system/getty.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -8,5 +8,5 @@
  
  /var/run/mgetty\.pid.*	--	gen_context(system_u:object_r:getty_var_run_t,s0)
@@ -34413,7 +97359,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
 +/var/spool/voice(/.*)?		gen_context(system_u:object_r:getty_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.3.1/policy/modules/system/getty.te
 --- nsaserefpolicy/policy/modules/system/getty.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.te	2009-01-13 19:18:30.000000000 +0100
 @@ -9,6 +9,7 @@
  type getty_t;
  type getty_exec_t;
@@ -34424,7 +97370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
  type getty_etc_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.3.1/policy/modules/system/hostname.te
 --- nsaserefpolicy/policy/modules/system/hostname.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hostname.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hostname.te	2009-01-13 19:18:30.000000000 +0100
 @@ -8,7 +8,9 @@
  
  type hostname_t;
@@ -34438,7 +97384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.3.1/policy/modules/system/hotplug.te
 --- nsaserefpolicy/policy/modules/system/hotplug.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hotplug.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hotplug.te	2009-01-13 19:18:30.000000000 +0100
 @@ -120,6 +120,7 @@
  	optional_policy(`
  		# for arping used for static IP addresses on PCMCIA ethernet
@@ -34457,7 +97403,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
  optional_policy(`
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.3.1/policy/modules/system/init.fc
 --- nsaserefpolicy/policy/modules/system/init.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -4,8 +4,7 @@
  /etc/init\.d/.*		--	gen_context(system_u:object_r:initrc_exec_t,s0)
  
@@ -34475,7 +97421,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
 -
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.3.1/policy/modules/system/init.if
 --- nsaserefpolicy/policy/modules/system/init.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.if	2009-01-13 19:18:30.000000000 +0100
 @@ -211,6 +211,16 @@
  			kernel_dontaudit_use_fds($1)
  		')
@@ -34853,7 +97799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
 --- nsaserefpolicy/policy/modules/system/init.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.te	2009-01-13 19:18:30.000000000 +0100
 @@ -10,6 +10,20 @@
  # Declarations
  #
@@ -35190,7 +98136,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.3.1/policy/modules/system/ipsec.fc
 --- nsaserefpolicy/policy/modules/system/ipsec.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -16,6 +16,8 @@
  /usr/lib(64)?/ipsec/pluto	--	gen_context(system_u:object_r:ipsec_exec_t,s0)
  /usr/lib(64)?/ipsec/spi		--	gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -35210,7 +98156,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.3.1/policy/modules/system/ipsec.if
 --- nsaserefpolicy/policy/modules/system/ipsec.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.if	2009-01-13 19:18:30.000000000 +0100
 @@ -152,6 +152,25 @@
  
  ########################################
@@ -35239,7 +98185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  ## <param name="domain">
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
 --- nsaserefpolicy/policy/modules/system/ipsec.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te	2009-01-13 19:18:30.000000000 +0100
 @@ -55,11 +55,13 @@
  
  allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -35269,7 +98215,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
  can_exec(ipsec_t, ipsec_mgmt_exec_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.3.1/policy/modules/system/iptables.if
 --- nsaserefpolicy/policy/modules/system/iptables.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.if	2009-01-13 19:18:30.000000000 +0100
 @@ -49,6 +49,12 @@
  	iptables_domtrans($1)
  	role $2 types iptables_t;
@@ -35285,7 +98231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
 --- nsaserefpolicy/policy/modules/system/iptables.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.te	2009-01-13 19:18:30.000000000 +0100
 @@ -27,7 +27,7 @@
  allow iptables_t self:process { sigchld sigkill sigstop signull signal };
  allow iptables_t self:rawip_socket create_socket_perms;
@@ -35327,7 +98273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-3.3.1/policy/modules/system/iscsi.fc
 --- nsaserefpolicy/policy/modules/system/iscsi.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,5 +1,5 @@
  /sbin/iscsid		--	gen_context(system_u:object_r:iscsid_exec_t,s0)
  
@@ -35338,7 +98284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  /var/run/iscsid\.pid	--	gen_context(system_u:object_r:iscsi_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.3.1/policy/modules/system/iscsi.te
 --- nsaserefpolicy/policy/modules/system/iscsi.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.te	2009-01-13 19:18:30.000000000 +0100
 @@ -28,8 +28,8 @@
  # iscsid local policy
  #
@@ -35369,7 +98315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
 --- nsaserefpolicy/policy/modules/system/libraries.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -69,8 +69,10 @@
  ifdef(`distro_gentoo',`
  # despite the extensions, they are actually libs
@@ -35483,7 +98429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.3.1/policy/modules/system/libraries.te
 --- nsaserefpolicy/policy/modules/system/libraries.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.te	2009-01-13 19:18:30.000000000 +0100
 @@ -23,6 +23,9 @@
  init_system_domain(ldconfig_t,ldconfig_exec_t)
  role system_r types ldconfig_t;
@@ -35562,7 +98508,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.3.1/policy/modules/system/locallogin.te
 --- nsaserefpolicy/policy/modules/system/locallogin.te	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/locallogin.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/locallogin.te	2009-01-13 19:18:30.000000000 +0100
 @@ -131,6 +131,7 @@
  
  miscfiles_read_localization(local_login_t)
@@ -35631,7 +98577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
 -')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.3.1/policy/modules/system/logging.fc
 --- nsaserefpolicy/policy/modules/system/logging.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -4,6 +4,8 @@
  /etc/syslog.conf		gen_context(system_u:object_r:syslog_conf_t,s0)
  /etc/audit(/.*)?		gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
@@ -35679,7 +98625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +/var/cfengine/outputs(/.*)?	gen_context(system_u:object_r:var_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
 --- nsaserefpolicy/policy/modules/system/logging.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.if	2009-01-13 19:18:30.000000000 +0100
 @@ -213,12 +213,7 @@
  ## </param>
  #
@@ -35694,7 +98640,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -596,6 +591,8 @@
+@@ -513,6 +508,25 @@
+ 	dontaudit $1 logfile:file getattr;
+ ')
+ 
++#######################################
++## <summary>
++##      Getattr generic log files (/var/log/).
++## </summary>
++## <param name="domain">
++##      <summary>
++##      Domain allowed access.
++##      </summary>
++## </param>
++#
++interface(`logging_getattr_generic_log_files',`
++        gen_require(`
++		type var_log_t;
++        ')
++
++	logging_search_logs($1)
++        getattr_files_pattern($1, var_log_t, var_log_t)
++')
++
+ ########################################
+ ## <summary>
+ ##	Append to all log files.
+@@ -596,6 +610,8 @@
  	files_search_var($1)
  	manage_files_pattern($1,logfile,logfile)
  	read_lnk_files_pattern($1,logfile,logfile)
@@ -35703,7 +98675,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -641,6 +638,25 @@
+@@ -641,6 +657,25 @@
  
  ########################################
  ## <summary>
@@ -35729,7 +98701,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ##	Read and write generic log files.
  ## </summary>
  ## <param name="domain">
-@@ -705,6 +721,7 @@
+@@ -705,6 +740,7 @@
  interface(`logging_admin_audit',`
  	gen_require(`
  		type auditd_t, auditd_etc_t, auditd_log_t;
@@ -35737,7 +98709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  		type auditd_var_run_t;
  	')
  
-@@ -719,6 +736,15 @@
+@@ -719,6 +755,15 @@
  
  	manage_dirs_pattern($1, auditd_var_run_t, auditd_var_run_t)
  	manage_files_pattern($1, auditd_var_run_t, auditd_var_run_t)
@@ -35753,7 +98725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -749,6 +775,7 @@
+@@ -749,6 +794,7 @@
  		type syslogd_tmp_t, syslogd_var_lib_t;
  		type syslogd_var_run_t, klogd_var_run_t;
  		type klogd_tmp_t, var_log_t;
@@ -35761,7 +98733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  	')
  
  	allow $1 syslogd_t:process { ptrace signal_perms };
-@@ -776,6 +803,13 @@
+@@ -776,6 +822,13 @@
  	manage_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
  
  	logging_manage_all_logs($1)
@@ -35775,7 +98747,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
  ')
  
  ########################################
-@@ -804,3 +838,128 @@
+@@ -804,3 +857,128 @@
  	logging_admin_audit($1, $2, $3)
  	logging_admin_syslog($1, $2, $3)
  ')
@@ -35906,7 +98878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.3.1/policy/modules/system/logging.te
 --- nsaserefpolicy/policy/modules/system/logging.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.te	2009-01-13 19:18:30.000000000 +0100
 @@ -61,10 +61,29 @@
  logging_log_file(var_log_t)
  files_mountpoint(var_log_t)
@@ -36159,7 +99131,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.3.1/policy/modules/system/lvm.fc
 --- nsaserefpolicy/policy/modules/system/lvm.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -55,6 +55,7 @@
  /sbin/lvs		--	gen_context(system_u:object_r:lvm_exec_t,s0)
  /sbin/lvscan		--	gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -36175,7 +99147,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
 +/var/run/dmevent.*		gen_context(system_u:object_r:lvm_var_run_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.3.1/policy/modules/system/lvm.te
 --- nsaserefpolicy/policy/modules/system/lvm.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,7 +22,7 @@
  role system_r types lvm_t;
  
@@ -36354,7 +99326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.3.1/policy/modules/system/miscfiles.fc
 --- nsaserefpolicy/policy/modules/system/miscfiles.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -11,6 +11,7 @@
  /etc/avahi/etc/localtime --	gen_context(system_u:object_r:locale_t,s0)
  /etc/localtime		--	gen_context(system_u:object_r:locale_t,s0)
@@ -36370,7 +99342,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
 +HOME_DIR/\.fontconfig(/.*)?	gen_context(system_u:object_r:user_fonts_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.3.1/policy/modules/system/miscfiles.if
 --- nsaserefpolicy/policy/modules/system/miscfiles.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if	2009-01-13 19:18:30.000000000 +0100
 @@ -489,3 +489,65 @@
  	manage_lnk_files_pattern($1,locale_t,locale_t)
  ')
@@ -36439,7 +99411,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.3.1/policy/modules/system/miscfiles.te
 --- nsaserefpolicy/policy/modules/system/miscfiles.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,14 @@
  files_type(fonts_t)
  
@@ -36457,7 +99429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
  type hwdata_t;
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.3.1/policy/modules/system/modutils.if
 --- nsaserefpolicy/policy/modules/system/modutils.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.if	2009-01-13 19:18:30.000000000 +0100
 @@ -66,6 +66,25 @@
  
  ########################################
@@ -36494,7 +99466,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.3.1/policy/modules/system/modutils.te
 --- nsaserefpolicy/policy/modules/system/modutils.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.te	2009-01-13 19:18:30.000000000 +0100
 @@ -22,6 +22,8 @@
  type insmod_exec_t;
  application_domain(insmod_t,insmod_exec_t)
@@ -36637,7 +99609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
  #################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.3.1/policy/modules/system/mount.fc
 --- nsaserefpolicy/policy/modules/system/mount.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,6 @@
  /bin/mount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
  /bin/umount.*			--	gen_context(system_u:object_r:mount_exec_t,s0)
@@ -36649,7 +99621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +/usr/bin/fusermount            --      gen_context(system_u:object_r:mount_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.3.1/policy/modules/system/mount.if
 --- nsaserefpolicy/policy/modules/system/mount.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.if	2009-01-13 19:18:30.000000000 +0100
 @@ -48,7 +48,9 @@
  
  	mount_domtrans($1)
@@ -36663,7 +99635,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
  		samba_run_smbmount($1, $2, $3)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.3.1/policy/modules/system/mount.te
 --- nsaserefpolicy/policy/modules/system/mount.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.te	2009-01-13 19:18:30.000000000 +0100
 @@ -18,17 +18,18 @@
  init_system_domain(mount_t,mount_exec_t)
  role system_r types mount_t;
@@ -36824,7 +99796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-3.3.1/policy/modules/system/netlabel.te
 --- nsaserefpolicy/policy/modules/system/netlabel.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/netlabel.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/netlabel.te	2009-01-13 19:18:30.000000000 +0100
 @@ -9,6 +9,7 @@
  type netlabel_mgmt_t;
  type netlabel_mgmt_exec_t;
@@ -36835,14 +99807,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlab
  #
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.fc serefpolicy-3.3.1/policy/modules/system/qemu.fc
 --- nsaserefpolicy/policy/modules/system/qemu.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,3 @@
 +
 +/usr/bin/qemu	--	gen_context(system_u:object_r:qemu_exec_t,s0)
 +/usr/bin/qemu-kvm --	gen_context(system_u:object_r:qemu_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.3.1/policy/modules/system/qemu.if
 --- nsaserefpolicy/policy/modules/system/qemu.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,336 @@
 +
 +## <summary>policy for qemu</summary>
@@ -37182,7 +100154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.3.1/policy/modules/system/qemu.te
 --- nsaserefpolicy/policy/modules/system/qemu.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,79 @@
 +policy_module(qemu,1.0.0)
 +
@@ -37265,7 +100237,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.3.1/policy/modules/system/raid.te
 --- nsaserefpolicy/policy/modules/system/raid.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/raid.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/raid.te	2009-01-13 19:18:30.000000000 +0100
 @@ -19,7 +19,7 @@
  # Local policy
  #
@@ -37293,7 +100265,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc
 --- nsaserefpolicy/policy/modules/system/selinuxutil.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -38,7 +38,7 @@
  /usr/sbin/restorecond		--	gen_context(system_u:object_r:restorecond_exec_t,s0)
  /usr/sbin/run_init		--	gen_context(system_u:object_r:run_init_exec_t,s0)
@@ -37314,7 +100286,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +/var/lib/selinux(/.*)?			gen_context(system_u:object_r:selinux_var_lib_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.3.1/policy/modules/system/selinuxutil.if
 --- nsaserefpolicy/policy/modules/system/selinuxutil.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if	2009-01-13 19:18:30.000000000 +0100
 @@ -389,7 +389,7 @@
  ##	</summary>
  ## </param>
@@ -37814,7 +100786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.3.1/policy/modules/system/selinuxutil.te
 --- nsaserefpolicy/policy/modules/system/selinuxutil.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te	2009-01-13 19:18:30.000000000 +0100
 @@ -23,6 +23,9 @@
  type selinux_config_t;
  files_type(selinux_config_t)
@@ -38177,7 +101149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-3.3.1/policy/modules/system/setrans.fc
 --- nsaserefpolicy/policy/modules/system/setrans.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,3 +1,5 @@
  /sbin/mcstransd	--	gen_context(system_u:object_r:setrans_exec_t,s0)
  
@@ -38186,7 +101158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
 +/etc/rc\.d/init\.d/mcstrans	--	gen_context(system_u:object_r:setrans_script_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.3.1/policy/modules/system/setrans.if
 --- nsaserefpolicy/policy/modules/system/setrans.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.if	2009-01-13 19:18:30.000000000 +0100
 @@ -13,6 +13,7 @@
  interface(`setrans_translate_context',`
  	gen_require(`
@@ -38221,7 +101193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.3.1/policy/modules/system/setrans.te
 --- nsaserefpolicy/policy/modules/system/setrans.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.te	2009-01-13 19:18:30.000000000 +0100
 @@ -14,6 +14,9 @@
  files_pid_file(setrans_var_run_t)
  mls_trusted_object(setrans_var_run_t)
@@ -38251,7 +101223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
  
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc
 --- nsaserefpolicy/policy/modules/system/sysnetwork.fc	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -57,3 +57,5 @@
  ifdef(`distro_gentoo',`
  /var/lib/dhcpc(/.*)?		gen_context(system_u:object_r:dhcpc_state_t,s0)
@@ -38260,7 +101232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
 --- nsaserefpolicy/policy/modules/system/sysnetwork.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if	2009-01-13 19:18:30.000000000 +0100
 @@ -145,6 +145,25 @@
  
  ########################################
@@ -38398,7 +101370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
 --- nsaserefpolicy/policy/modules/system/sysnetwork.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te	2009-01-13 19:18:30.000000000 +0100
 @@ -20,6 +20,10 @@
  init_daemon_domain(dhcpc_t,dhcpc_exec_t)
  role system_r types dhcpc_t;
@@ -38599,7 +101571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
  	xen_append_log(ifconfig_t)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.3.1/policy/modules/system/udev.if
 --- nsaserefpolicy/policy/modules/system/udev.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.if	2009-01-13 19:18:30.000000000 +0100
 @@ -96,6 +96,24 @@
  
  ########################################
@@ -38655,7 +101627,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.3.1/policy/modules/system/udev.te
 --- nsaserefpolicy/policy/modules/system/udev.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.te	2009-01-13 19:18:30.000000000 +0100
 @@ -83,6 +83,7 @@
  kernel_rw_unix_dgram_sockets(udev_t)
  kernel_dgram_send(udev_t)
@@ -38713,7 +101685,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.3.1/policy/modules/system/unconfined.fc
 --- nsaserefpolicy/policy/modules/system/unconfined.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,16 +1,26 @@
  # Add programs here which should not be confined by SELinux
  # e.g.:
@@ -38749,7 +101721,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +/opt/real/(.*/)?realplay\.bin --	gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.3.1/policy/modules/system/unconfined.if
 --- nsaserefpolicy/policy/modules/system/unconfined.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.if	2009-01-13 19:18:30.000000000 +0100
 @@ -12,14 +12,13 @@
  #
  interface(`unconfined_domain_noaudit',`
@@ -39105,7 +102077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
  ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
 --- nsaserefpolicy/policy/modules/system/unconfined.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te	2009-01-13 19:18:30.000000000 +0100
 @@ -6,35 +6,72 @@
  # Declarations
  #
@@ -39446,7 +102418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.3.1/policy/modules/system/userdomain.fc
 --- nsaserefpolicy/policy/modules/system/userdomain.fc	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -1,4 +1,5 @@
 -HOME_DIR	-d	gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
 -HOME_DIR/.+		gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -39459,7 +102431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +/root(/.*)?	 	gen_context(system_u:object_r:admin_home_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
 --- nsaserefpolicy/policy/modules/system/userdomain.if	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if	2009-01-13 19:18:30.000000000 +0100
 @@ -29,9 +29,14 @@
  	')
  
@@ -42616,7 +105588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.3.1/policy/modules/system/userdomain.te
 --- nsaserefpolicy/policy/modules/system/userdomain.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.te	2009-01-13 19:18:30.000000000 +0100
 @@ -2,12 +2,7 @@
  policy_module(userdomain,2.5.0)
  
@@ -42942,7 +105914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.fc serefpolicy-3.3.1/policy/modules/system/virt.fc
 --- nsaserefpolicy/policy/modules/system/virt.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,13 @@
 +
 +/usr/sbin/libvirtd	--	gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -42959,7 +105931,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.f
 +/etc/libvirt/.*/.*		gen_context(system_u:object_r:virt_etc_rw_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.3.1/policy/modules/system/virt.if
 --- nsaserefpolicy/policy/modules/system/virt.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,343 @@
 +
 +## <summary>policy for virt</summary>
@@ -43306,7 +106278,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.i
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
 --- nsaserefpolicy/policy/modules/system/virt.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,204 @@
 +
 +policy_module(virt,1.0.0)
@@ -43514,7 +106486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.3.1/policy/modules/system/xen.if
 --- nsaserefpolicy/policy/modules/system/xen.if	2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.if	2009-01-13 19:18:30.000000000 +0100
 @@ -167,11 +167,14 @@
  #
  interface(`xen_stream_connect',`
@@ -43558,7 +106530,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.3.1/policy/modules/system/xen.te
 --- nsaserefpolicy/policy/modules/system/xen.te	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.te	2009-01-13 19:18:30.000000000 +0100
 @@ -6,6 +6,13 @@
  # Declarations
  #
@@ -43768,17 +106740,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.fc serefpolicy-3.3.1/policy/modules/users/auditadm.fc
 --- nsaserefpolicy/policy/modules/users/auditadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No auditadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.if serefpolicy-3.3.1/policy/modules/users/auditadm.if
 --- nsaserefpolicy/policy/modules/users/auditadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for auditadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.te serefpolicy-3.3.1/policy/modules/users/auditadm.te
 --- nsaserefpolicy/policy/modules/users/auditadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,25 @@
 +policy_module(auditadm,1.0.1)
 +gen_require(`
@@ -43807,17 +106779,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditad
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.3.1/policy/modules/users/guest.fc
 --- nsaserefpolicy/policy/modules/users/guest.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No guest file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.3.1/policy/modules/users/guest.if
 --- nsaserefpolicy/policy/modules/users/guest.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for guest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.3.1/policy/modules/users/guest.te
 --- nsaserefpolicy/policy/modules/users/guest.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,33 @@
 +policy_module(guest,1.0.1)
 +userdom_restricted_user_template(guest)
@@ -43854,17 +106826,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.t
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.3.1/policy/modules/users/logadm.fc
 --- nsaserefpolicy/policy/modules/users/logadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No logadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.3.1/policy/modules/users/logadm.if
 --- nsaserefpolicy/policy/modules/users/logadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for logadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.3.1/policy/modules/users/logadm.te
 --- nsaserefpolicy/policy/modules/users/logadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,11 @@
 +policy_module(logadm,1.0.0)
 +
@@ -43879,22 +106851,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.
 +logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.3.1/policy/modules/users/metadata.xml
 --- nsaserefpolicy/policy/modules/users/metadata.xml	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/metadata.xml	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/metadata.xml	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +<summary>Policy modules for users</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.fc serefpolicy-3.3.1/policy/modules/users/secadm.fc
 --- nsaserefpolicy/policy/modules/users/secadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No secadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.3.1/policy/modules/users/secadm.if
 --- nsaserefpolicy/policy/modules/users/secadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for secadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.3.1/policy/modules/users/secadm.te
 --- nsaserefpolicy/policy/modules/users/secadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,39 @@
 +policy_module(secadm,1.0.1)
 +gen_require(`
@@ -43937,17 +106909,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.3.1/policy/modules/users/staff.fc
 --- nsaserefpolicy/policy/modules/users/staff.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No staff file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.3.1/policy/modules/users/staff.if
 --- nsaserefpolicy/policy/modules/users/staff.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for staff user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.3.1/policy/modules/users/staff.te
 --- nsaserefpolicy/policy/modules/users/staff.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,30 @@
 +policy_module(staff,1.0.1)
 +userdom_admin_login_user_template(staff)
@@ -43981,17 +106953,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.t
 +
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.3.1/policy/modules/users/user.fc
 --- nsaserefpolicy/policy/modules/users/user.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No user file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.3.1/policy/modules/users/user.if
 --- nsaserefpolicy/policy/modules/users/user.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for user user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.3.1/policy/modules/users/user.te
 --- nsaserefpolicy/policy/modules/users/user.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,18 @@
 +policy_module(user,1.0.1)
 +userdom_unpriv_user_template(user)
@@ -44013,17 +106985,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.3.1/policy/modules/users/webadm.fc
 --- nsaserefpolicy/policy/modules/users/webadm.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No webadm file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.3.1/policy/modules/users/webadm.if
 --- nsaserefpolicy/policy/modules/users/webadm.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for webadm user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.3.1/policy/modules/users/webadm.te
 --- nsaserefpolicy/policy/modules/users/webadm.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,41 @@
 +policy_module(webadm,1.0.0)
 +
@@ -44068,17 +107040,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.
 +userdom_role_change_template(staff, webadm)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.3.1/policy/modules/users/xguest.fc
 --- nsaserefpolicy/policy/modules/users/xguest.fc	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.fc	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.fc	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +# No xguest file contexts.
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.3.1/policy/modules/users/xguest.if
 --- nsaserefpolicy/policy/modules/users/xguest.if	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.if	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.if	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1 @@
 +## <summary>Policy for xguest user</summary>
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.3.1/policy/modules/users/xguest.te
 --- nsaserefpolicy/policy/modules/users/xguest.te	1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.te	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.te	2009-01-13 19:18:30.000000000 +0100
 @@ -0,0 +1,69 @@
 +policy_module(xguest,1.0.1)
 +
@@ -44151,7 +107123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.3.1/policy/support/file_patterns.spt
 --- nsaserefpolicy/policy/support/file_patterns.spt	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/file_patterns.spt	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/file_patterns.spt	2009-01-13 19:18:30.000000000 +0100
 @@ -537,3 +537,23 @@
  	allow $1 $2:dir rw_dir_perms;
  	type_transition $1 $2:$4 $3;
@@ -44178,7 +107150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.3.1/policy/support/obj_perm_sets.spt
 --- nsaserefpolicy/policy/support/obj_perm_sets.spt	2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt	2009-01-13 19:18:30.000000000 +0100
 @@ -193,7 +193,7 @@
  define(`create_dir_perms',`{ getattr create }')
  define(`rename_dir_perms',`{ getattr rename }')
@@ -44258,7 +107230,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
 +define(`manage_key_perms', `{ create link read search setattr view write } ')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3.1/policy/users
 --- nsaserefpolicy/policy/users	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/users	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/users	2009-01-13 19:18:30.000000000 +0100
 @@ -16,7 +16,7 @@
  # and a user process should never be assigned the system user
  # identity.
@@ -44294,7 +107266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3
 +gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.3.1/Rules.modular
 --- nsaserefpolicy/Rules.modular	2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.modular	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/Rules.modular	2009-01-13 19:18:30.000000000 +0100
 @@ -73,8 +73,8 @@
  $(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
  	@echo "Compliling $(NAME) $(@F) module"
@@ -44326,7 +107298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.
  $(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.3.1/Rules.monolithic
 --- nsaserefpolicy/Rules.monolithic	2008-02-26 14:23:13.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.monolithic	2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/Rules.monolithic	2009-01-13 19:18:30.000000000 +0100
 @@ -96,7 +96,7 @@
  #
  # Load the binary policy
diff --git a/selinux-policy.spec b/selinux-policy.spec
index cb2ab15..2f554e1 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
 Summary: SELinux policy configuration
 Name: selinux-policy
 Version: 3.3.1
-Release: 117%{?dist}
+Release: 118%{?dist}
 License: GPLv2+
 Group: System Environment/Base
 Source: serefpolicy-%{version}.tgz
@@ -443,6 +443,10 @@ exit 0
 %endif
 
 %changelog
+* Tue Jan 13 2009 Miroslav Grepl <mgrepl@redhat.com> 3.3.1-118
+- Allow kismet read generic files in /usr
+- Lots of fixes for munin
+
 * Mon Jan 5 2009  Miroslav Grepl <mgrepl@redhat.com> 3.3.1-117
 - Add label to /var/run/mod_.*
 - Add label to /var/turboprint(/.*)?