From b59cb4deb8c9152a1ce4d5a8965b502b202700d5 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Sep 26 2008 14:04:16 +0000
Subject: - Allow kismet to bind to port 2501


---

diff --git a/policy-20071130.patch b/policy-20071130.patch
index 01de67e..078e66a 100644
--- a/policy-20071130.patch
+++ b/policy-20071130.patch
@@ -2083,8 +2083,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.3.1/policy/modules/admin/kismet.te
 --- nsaserefpolicy/policy/modules/admin/kismet.te	1969-12-31 19:00:00.000000000 -0500
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.te	2008-09-08 11:45:12.000000000 -0400
-@@ -0,0 +1,57 @@
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.te	2008-09-25 15:06:31.000000000 -0400
+@@ -0,0 +1,66 @@
 +
 +policy_module(kismet, 1.0.2)
 +
@@ -2115,8 +2115,9 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +allow kismet_t self:capability { net_admin net_raw setuid setgid };
 +allow kismet_t self:fifo_file rw_file_perms;
 +allow kismet_t self:packet_socket create_socket_perms;
-+allow kismet_t self:unix_dgram_socket create_socket_perms;
++allow kismet_t self:unix_dgram_socket { create_socket_perms sendto };
 +allow kismet_t self:unix_stream_socket create_stream_socket_perms;
++allow kismet_t self:tcp_socket create_stream_socket_perms;
 +
 +manage_files_pattern(kismet_t, kismet_log_t, kismet_log_t)
 +allow kismet_t kismet_log_t:dir setattr;
@@ -2132,6 +2133,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
 +
 +corecmd_exec_bin(kismet_t)
 +
++corenet_all_recvfrom_unlabeled(kismet_t)
++corenet_all_recvfrom_netlabel(kismet_t)
++corenet_tcp_sendrecv_all_if(kismet_t)
++corenet_tcp_sendrecv_all_nodes(kismet_t)
++corenet_tcp_sendrecv_all_ports(kismet_t)
++corenet_tcp_bind_all_nodes(kismet_t)
++corenet_tcp_bind_all_kismet_port(kismet_t)
++
 +kernel_search_debugfs(kismet_t)
 +
 +auth_use_nsswitch(kismet_t)
@@ -7581,7 +7590,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  ########################################
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
 --- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in	2008-06-12 23:38:02.000000000 -0400
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-09-08 11:45:12.000000000 -0400
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in	2008-09-25 15:05:52.000000000 -0400
 @@ -1,5 +1,5 @@
  
 -policy_module(corenetwork,1.2.15)
@@ -7615,7 +7624,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(ftp_data, tcp,20,s0)
  network_port(ftp, tcp,21,s0)
  network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
-@@ -109,11 +113,13 @@
+@@ -109,11 +113,14 @@
  network_port(ircd, tcp,6667,s0)
  network_port(isakmp, udp,500,s0)
  network_port(iscsi, tcp,3260,s0)
@@ -7625,11 +7634,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
  network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
  network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
++network_port(kismet, tcp,2501,s0)
 +network_port(kprop, tcp,754,s0)
  network_port(ktalkd, udp,517,s0, udp,518,s0)
  network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
  type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
-@@ -122,6 +128,8 @@
+@@ -122,6 +129,8 @@
  network_port(mmcc, tcp,5050,s0, udp,5050,s0)
  network_port(monopd, tcp,1234,s0)
  network_port(msnp, tcp,1863,s0, udp,1863,s0)
@@ -7638,7 +7648,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(mysqld, tcp,1186,s0, tcp,3306,s0)
  portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
  network_port(nessus, tcp,1241,s0)
-@@ -133,10 +141,13 @@
+@@ -133,10 +142,13 @@
  network_port(pegasus_http, tcp,5988,s0)
  network_port(pegasus_https, tcp,5989,s0)
  network_port(postfix_policyd, tcp,10031,s0)
@@ -7652,7 +7662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(printer, tcp,515,s0)
  network_port(ptal, tcp,5703,s0)
  network_port(pxe, udp,4011,s0)
-@@ -148,11 +159,11 @@
+@@ -148,11 +160,11 @@
  network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
  network_port(rlogind, tcp,513,s0)
  network_port(rndc, tcp,953,s0)
@@ -7666,7 +7676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
  network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
  network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
  network_port(spamd, tcp,783,s0)
-@@ -165,12 +176,18 @@
+@@ -165,12 +177,18 @@
  network_port(syslogd, udp,514,s0)
  network_port(telnetd, tcp,23,s0)
  network_port(tftp, udp,69,s0)