@@ -1276,7 +1472,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/global_tunables seref
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.3.1/policy/mls
--- nsaserefpolicy/policy/mls 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/mls 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/mls 2009-01-13 19:18:30.000000000 +0100
@@ -371,78 +371,53 @@
@@ -1558,7 +1754,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/mls serefpolicy-3.3.1
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te serefpolicy-3.3.1/policy/modules/admin/alsa.te
--- nsaserefpolicy/policy/modules/admin/alsa.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/alsa.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/alsa.te 2009-01-13 19:18:30.000000000 +0100
@@ -48,6 +48,7 @@
files_search_home(alsa_t)
@@ -1569,7 +1765,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/alsa.te
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.fc serefpolicy-3.3.1/policy/modules/admin/amanda.fc
--- nsaserefpolicy/policy/modules/admin/amanda.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.fc 2009-01-13 19:18:30.000000000 +0100
@@ -3,6 +3,7 @@
/etc/amanda/.*/tapelist(/.*)? gen_context(system_u:object_r:amanda_data_t,s0)
/etc/amandates gen_context(system_u:object_r:amanda_amandates_t,s0)
@@ -1580,7 +1776,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.te serefpolicy-3.3.1/policy/modules/admin/amanda.te
--- nsaserefpolicy/policy/modules/admin/amanda.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/amanda.te 2009-01-13 19:18:30.000000000 +0100
@@ -82,8 +82,9 @@
allow amanda_t amanda_config_t:file { getattr read };
@@ -1630,7 +1826,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/amanda.
libs_use_shared_libs(amanda_recover_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anaconda.te serefpolicy-3.3.1/policy/modules/admin/anaconda.te
--- nsaserefpolicy/policy/modules/admin/anaconda.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/anaconda.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/anaconda.te 2009-01-13 19:18:30.000000000 +0100
@@ -31,15 +31,14 @@
modutils_domtrans_insmod(anaconda_t)
@@ -1653,7 +1849,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/anacond
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.if serefpolicy-3.3.1/policy/modules/admin/bootloader.if
--- nsaserefpolicy/policy/modules/admin/bootloader.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/bootloader.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/bootloader.if 2009-01-13 19:18:30.000000000 +0100
@@ -49,6 +49,10 @@
role $2 types bootloader_t;
@@ -1667,7 +1863,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloader.te serefpolicy-3.3.1/policy/modules/admin/bootloader.te
--- nsaserefpolicy/policy/modules/admin/bootloader.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/bootloader.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/bootloader.te 2009-01-13 19:18:30.000000000 +0100
@@ -215,3 +215,7 @@
userdom_dontaudit_search_staff_home_dirs(bootloader_t)
userdom_dontaudit_search_sysadm_home_dirs(bootloader_t)
@@ -1678,7 +1874,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/bootloa
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.te serefpolicy-3.3.1/policy/modules/admin/brctl.te
--- nsaserefpolicy/policy/modules/admin/brctl.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/brctl.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/brctl.te 2009-01-13 19:18:30.000000000 +0100
@@ -33,6 +33,8 @@
files_read_etc_files(brctl_t)
@@ -1690,7 +1886,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/brctl.t
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwatch.te serefpolicy-3.3.1/policy/modules/admin/certwatch.te
--- nsaserefpolicy/policy/modules/admin/certwatch.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/certwatch.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/certwatch.te 2009-01-13 19:18:30.000000000 +0100
@@ -18,6 +18,9 @@
files_read_etc_files(certwatch_t)
@@ -1703,7 +1899,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/certwat
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/consoletype.te serefpolicy-3.3.1/policy/modules/admin/consoletype.te
--- nsaserefpolicy/policy/modules/admin/consoletype.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/consoletype.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/consoletype.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,9 +8,11 @@
type consoletype_t;
@@ -1729,7 +1925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/console
init_use_fds(consoletype_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.if serefpolicy-3.3.1/policy/modules/admin/firstboot.if
--- nsaserefpolicy/policy/modules/admin/firstboot.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/firstboot.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/firstboot.if 2009-01-13 19:18:30.000000000 +0100
@@ -141,4 +141,6 @@
')
@@ -1739,7 +1935,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstboot.te serefpolicy-3.3.1/policy/modules/admin/firstboot.te
--- nsaserefpolicy/policy/modules/admin/firstboot.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/firstboot.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/firstboot.te 2009-01-13 19:18:30.000000000 +0100
@@ -35,9 +35,6 @@
allow firstboot_t firstboot_etc_t:file { getattr read };
@@ -1788,7 +1984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/firstbo
') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.fc serefpolicy-3.3.1/policy/modules/admin/kismet.fc
--- nsaserefpolicy/policy/modules/admin/kismet.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,4 @@
+/usr/bin/kismet -- gen_context(system_u:object_r:kismet_exec_t,s0)
+/var/lib/kismet(/.*)? gen_context(system_u:object_r:kismet_var_lib_t,s0)
@@ -1796,7 +1992,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+/var/run/kismet_server.pid -- gen_context(system_u:object_r:kismet_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.if serefpolicy-3.3.1/policy/modules/admin/kismet.if
--- nsaserefpolicy/policy/modules/admin/kismet.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,252 @@
+## Kismet is an 802.11 layer2 wireless network detector, sniffer, and intrusion detection system.
+
@@ -2052,8 +2248,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.te serefpolicy-3.3.1/policy/modules/admin/kismet.te
--- nsaserefpolicy/policy/modules/admin/kismet.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kismet.te 2009-01-05 11:17:34.000000000 +0100
-@@ -0,0 +1,75 @@
++++ serefpolicy-3.3.1/policy/modules/admin/kismet.te 2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,77 @@
+
+policy_module(kismet, 1.0.2)
+
@@ -2117,6 +2313,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+
+files_read_etc_files(kismet_t)
+
++files_read_usr_files(kismet_t)
++
+libs_use_ld_so(kismet_t)
+libs_use_shared_libs(kismet_t)
+
@@ -2131,7 +2329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kismet.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.te serefpolicy-3.3.1/policy/modules/admin/kudzu.te
--- nsaserefpolicy/policy/modules/admin/kudzu.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/kudzu.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/kudzu.te 2009-01-13 19:18:30.000000000 +0100
@@ -21,8 +21,8 @@
# Local policy
#
@@ -2192,7 +2390,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/kudzu.t
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrotate.te serefpolicy-3.3.1/policy/modules/admin/logrotate.te
--- nsaserefpolicy/policy/modules/admin/logrotate.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/logrotate.te 2009-01-13 19:18:30.000000000 +0100
@@ -96,9 +96,11 @@
files_read_etc_files(logrotate_t)
files_read_etc_runtime_files(logrotate_t)
@@ -2216,7 +2414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logrota
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatch.te serefpolicy-3.3.1/policy/modules/admin/logwatch.te
--- nsaserefpolicy/policy/modules/admin/logwatch.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/logwatch.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/logwatch.te 2009-01-13 19:18:30.000000000 +0100
@@ -43,6 +43,8 @@
kernel_read_fs_sysctls(logwatch_t)
kernel_read_kernel_sysctls(logwatch_t)
@@ -2275,7 +2473,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/logwatc
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te serefpolicy-3.3.1/policy/modules/admin/mrtg.te
--- nsaserefpolicy/policy/modules/admin/mrtg.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/mrtg.te 2009-01-13 19:18:30.000000000 +0100
@@ -78,6 +78,7 @@
dev_read_urand(mrtg_t)
@@ -2341,7 +2539,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/mrtg.te
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.if serefpolicy-3.3.1/policy/modules/admin/netutils.if
--- nsaserefpolicy/policy/modules/admin/netutils.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.if 2009-01-13 19:18:30.000000000 +0100
@@ -124,6 +124,24 @@
########################################
@@ -2369,7 +2567,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutils.te serefpolicy-3.3.1/policy/modules/admin/netutils.te
--- nsaserefpolicy/policy/modules/admin/netutils.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/netutils.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/netutils.te 2009-01-13 19:18:30.000000000 +0100
@@ -50,6 +50,7 @@
files_tmp_filetrans(netutils_t, netutils_tmp_t, { file dir })
@@ -2441,7 +2639,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
ifdef(`hide_broken_symptoms',`
init_dontaudit_use_fds(ping_t)
')
-@@ -143,11 +149,7 @@
+@@ -143,11 +149,8 @@
')
optional_policy(`
@@ -2451,10 +2649,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
-optional_policy(`
- nscd_socket_use(ping_t)
+ munin_append_log(ping_t)
++ munin_dontaudit_rw_tcp_sockets(ping_t)
')
optional_policy(`
-@@ -166,7 +168,6 @@
+@@ -166,7 +169,6 @@
allow traceroute_t self:capability { net_admin net_raw setuid setgid };
allow traceroute_t self:rawip_socket create_socket_perms;
allow traceroute_t self:packet_socket create_socket_perms;
@@ -2462,7 +2661,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
allow traceroute_t self:udp_socket create_socket_perms;
kernel_read_system_state(traceroute_t)
-@@ -200,6 +201,8 @@
+@@ -200,6 +202,8 @@
init_use_fds(traceroute_t)
@@ -2471,7 +2670,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
libs_use_ld_so(traceroute_t)
libs_use_shared_libs(traceroute_t)
-@@ -212,17 +215,7 @@
+@@ -212,17 +216,7 @@
dev_read_urand(traceroute_t)
files_read_usr_files(traceroute_t)
@@ -2491,7 +2690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/netutil
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink.te serefpolicy-3.3.1/policy/modules/admin/prelink.te
--- nsaserefpolicy/policy/modules/admin/prelink.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/prelink.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/prelink.te 2009-01-13 19:18:30.000000000 +0100
@@ -26,7 +26,7 @@
# Local policy
#
@@ -2551,7 +2750,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/prelink
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahead.te serefpolicy-3.3.1/policy/modules/admin/readahead.te
--- nsaserefpolicy/policy/modules/admin/readahead.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/readahead.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/readahead.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,7 +22,7 @@
# Local policy
#
@@ -2563,7 +2762,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/readahe
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc serefpolicy-3.3.1/policy/modules/admin/rpm.fc
--- nsaserefpolicy/policy/modules/admin/rpm.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,5 @@
+/usr/bin/rpm -- gen_context(system_u:object_r:rpm_exec_t,s0)
@@ -2600,7 +2799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.fc
ifdef(`distro_suse', `
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if serefpolicy-3.3.1/policy/modules/admin/rpm.if
--- nsaserefpolicy/policy/modules/admin/rpm.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.if 2009-01-13 19:18:30.000000000 +0100
@@ -152,6 +152,24 @@
########################################
@@ -2890,7 +3089,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.if
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te serefpolicy-3.3.1/policy/modules/admin/rpm.te
--- nsaserefpolicy/policy/modules/admin/rpm.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/rpm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/rpm.te 2009-01-13 19:18:30.000000000 +0100
@@ -31,6 +31,9 @@
files_type(rpm_var_lib_t)
typealias rpm_var_lib_t alias var_lib_rpm_t;
@@ -3042,7 +3241,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/rpm.te
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if serefpolicy-3.3.1/policy/modules/admin/sudo.if
--- nsaserefpolicy/policy/modules/admin/sudo.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/sudo.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/sudo.if 2009-01-13 19:18:30.000000000 +0100
@@ -55,7 +55,7 @@
#
@@ -3152,7 +3351,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/sudo.if
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if serefpolicy-3.3.1/policy/modules/admin/su.if
--- nsaserefpolicy/policy/modules/admin/su.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/su.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/su.if 2009-01-13 19:18:30.000000000 +0100
@@ -41,15 +41,13 @@
allow $2 $1_su_t:process signal;
@@ -3313,7 +3512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/su.if s
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreaper.te serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te
--- nsaserefpolicy/policy/modules/admin/tmpreaper.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/tmpreaper.te 2009-01-13 19:18:30.000000000 +0100
@@ -26,8 +26,12 @@
files_read_etc_files(tmpreaper_t)
files_read_var_lib_files(tmpreaper_t)
@@ -3364,7 +3563,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/tmpreap
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/usermanage.te serefpolicy-3.3.1/policy/modules/admin/usermanage.te
--- nsaserefpolicy/policy/modules/admin/usermanage.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/usermanage.te 2009-01-13 19:18:30.000000000 +0100
@@ -97,6 +97,7 @@
# allow checking if a shell is executable
@@ -3441,7 +3640,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/userman
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool.te serefpolicy-3.3.1/policy/modules/admin/vbetool.te
--- nsaserefpolicy/policy/modules/admin/vbetool.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vbetool.te 2009-01-13 19:18:30.000000000 +0100
@@ -23,6 +23,9 @@
dev_rwx_zero(vbetool_t)
dev_read_sysfs(vbetool_t)
@@ -3463,7 +3662,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vbetool
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc serefpolicy-3.3.1/policy/modules/admin/vpn.fc
--- nsaserefpolicy/policy/modules/admin/vpn.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.fc 2009-01-13 19:18:30.000000000 +0100
@@ -6,6 +6,7 @@
#
# /usr
@@ -3474,7 +3673,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.fc
/var/run/vpnc(/.*)? gen_context(system_u:object_r:vpnc_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if serefpolicy-3.3.1/policy/modules/admin/vpn.if
--- nsaserefpolicy/policy/modules/admin/vpn.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.if 2009-01-13 19:18:30.000000000 +0100
@@ -15,7 +15,7 @@
type vpnc_t, vpnc_exec_t;
')
@@ -3539,7 +3738,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.if
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te serefpolicy-3.3.1/policy/modules/admin/vpn.te
--- nsaserefpolicy/policy/modules/admin/vpn.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/admin/vpn.te 2009-01-13 19:18:30.000000000 +0100
@@ -1,5 +1,5 @@
-policy_module(vpn,1.7.1)
@@ -3580,7 +3779,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/admin/vpn.te
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.fc serefpolicy-3.3.1/policy/modules/apps/ethereal.fc
--- nsaserefpolicy/policy/modules/apps/ethereal.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,4 @@
-HOME_DIR/\.ethereal(/.*)? gen_context(system_u:object_r:ROLE_ethereal_home_t,s0)
+HOME_DIR/\.ethereal(/.*)? gen_context(system_u:object_r:user_ethereal_home_t,s0)
@@ -3589,7 +3788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
/usr/sbin/tethereal.* -- gen_context(system_u:object_r:tethereal_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.if serefpolicy-3.3.1/policy/modules/apps/ethereal.if
--- nsaserefpolicy/policy/modules/apps/ethereal.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,6 +35,7 @@
template(`ethereal_per_role_template',`
@@ -3647,7 +3846,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
#######################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal.te serefpolicy-3.3.1/policy/modules/apps/ethereal.te
--- nsaserefpolicy/policy/modules/apps/ethereal.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/ethereal.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/ethereal.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,13 @@
type tethereal_tmp_t;
files_tmp_file(tethereal_tmp_t)
@@ -3664,7 +3863,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/ethereal
# Tethereal policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolution.fc serefpolicy-3.3.1/policy/modules/apps/evolution.fc
--- nsaserefpolicy/policy/modules/apps/evolution.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/evolution.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/evolution.fc 2009-01-13 19:18:30.000000000 +0100
@@ -2,13 +2,13 @@
# HOME_DIR/
#
@@ -3684,7 +3883,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolutio
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolution.if serefpolicy-3.3.1/policy/modules/apps/evolution.if
--- nsaserefpolicy/policy/modules/apps/evolution.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/evolution.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/evolution.if 2009-01-13 19:18:30.000000000 +0100
@@ -247,7 +247,7 @@
mta_read_config($1_evolution_t)
@@ -3723,7 +3922,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/evolutio
nscd_socket_use($1_evolution_webcal_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if serefpolicy-3.3.1/policy/modules/apps/games.if
--- nsaserefpolicy/policy/modules/apps/games.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/games.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/games.if 2009-01-13 19:18:30.000000000 +0100
@@ -146,7 +146,7 @@
')
@@ -3759,7 +3958,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/games.if
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.fc serefpolicy-3.3.1/policy/modules/apps/gift.fc
--- nsaserefpolicy/policy/modules/apps/gift.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,4 @@
-HOME_DIR/\.giFT(/.*)? gen_context(system_u:object_r:ROLE_gift_home_t,s0)
+HOME_DIR/\.giFT(/.*)? gen_context(system_u:object_r:user_gift_home_t,s0)
@@ -3768,7 +3967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.fc
/usr/(local/)?bin/giftd -- gen_context(system_u:object_r:giftd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.if serefpolicy-3.3.1/policy/modules/apps/gift.if
--- nsaserefpolicy/policy/modules/apps/gift.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.if 2009-01-13 19:18:30.000000000 +0100
@@ -43,9 +43,9 @@
application_domain($1_gift_t,gift_exec_t)
role $3 types $1_gift_t;
@@ -3842,7 +4041,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.if
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.te serefpolicy-3.3.1/policy/modules/apps/gift.te
--- nsaserefpolicy/policy/modules/apps/gift.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gift.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gift.te 2009-01-13 19:18:30.000000000 +0100
@@ -11,3 +11,7 @@
type giftd_exec_t;
@@ -3853,7 +4052,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gift.te
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc serefpolicy-3.3.1/policy/modules/apps/gnome.fc
--- nsaserefpolicy/policy/modules/apps/gnome.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,8 +1,8 @@
-HOME_DIR/\.config/gtk-.* gen_context(system_u:object_r:ROLE_gnome_home_t,s0)
-HOME_DIR/\.gconf(d)?(/.*)? gen_context(system_u:object_r:ROLE_gconf_home_t,s0)
@@ -3870,7 +4069,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.fc
/usr/libexec/gconfd-2 -- gen_context(system_u:object_r:gconfd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if serefpolicy-3.3.1/policy/modules/apps/gnome.if
--- nsaserefpolicy/policy/modules/apps/gnome.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.if 2009-01-13 19:18:30.000000000 +0100
@@ -33,9 +33,60 @@
##
#
@@ -4106,7 +4305,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.if
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te serefpolicy-3.3.1/policy/modules/apps/gnome.te
--- nsaserefpolicy/policy/modules/apps/gnome.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gnome.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gnome.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,8 +8,19 @@
attribute gnomedomain;
@@ -4132,7 +4331,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gnome.te
+typealias user_gconf_tmp_t alias unconfined_gconf_tmp_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc serefpolicy-3.3.1/policy/modules/apps/gpg.fc
--- nsaserefpolicy/policy/modules/apps/gpg.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,9 +1,9 @@
-HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:ROLE_gpg_secret_t,s0)
+HOME_DIR/\.gnupg(/.+)? gen_context(system_u:object_r:user_gpg_secret_t,s0)
@@ -4149,7 +4348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.fc s
+/usr/lib(64)?/gnupg/gpgkeys.* -- gen_context(system_u:object_r:gpg_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if serefpolicy-3.3.1/policy/modules/apps/gpg.if
--- nsaserefpolicy/policy/modules/apps/gpg.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.if 2009-01-13 19:18:30.000000000 +0100
@@ -38,6 +38,10 @@
gen_require(`
type gpg_exec_t, gpg_helper_exec_t;
@@ -4475,7 +4674,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.if s
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te serefpolicy-3.3.1/policy/modules/apps/gpg.te
--- nsaserefpolicy/policy/modules/apps/gpg.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/gpg.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/gpg.te 2009-01-13 19:18:30.000000000 +0100
@@ -7,15 +7,243 @@
#
@@ -4726,7 +4925,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/gpg.te s
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc serefpolicy-3.3.1/policy/modules/apps/irc.fc
--- nsaserefpolicy/policy/modules/apps/irc.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,7 +1,7 @@
#
# /home
@@ -4738,7 +4937,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.fc s
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if serefpolicy-3.3.1/policy/modules/apps/irc.if
--- nsaserefpolicy/policy/modules/apps/irc.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,6 +35,7 @@
template(`irc_per_role_template',`
gen_require(`
@@ -4795,7 +4994,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.if s
domtrans_pattern($2,irc_exec_t,$1_irc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te serefpolicy-3.3.1/policy/modules/apps/irc.te
--- nsaserefpolicy/policy/modules/apps/irc.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/irc.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/irc.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,3 +8,10 @@
type irc_exec_t;
@@ -4809,7 +5008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/irc.te s
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc serefpolicy-3.3.1/policy/modules/apps/java.fc
--- nsaserefpolicy/policy/modules/apps/java.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.fc 2009-01-13 19:18:30.000000000 +0100
@@ -3,14 +3,15 @@
#
/opt/(.*/)?bin/java[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
@@ -4843,7 +5042,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.fc
+/usr/bin/octave-[^/]* -- gen_context(system_u:object_r:java_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if serefpolicy-3.3.1/policy/modules/apps/java.if
--- nsaserefpolicy/policy/modules/apps/java.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.if 2009-01-13 19:18:30.000000000 +0100
@@ -32,7 +32,7 @@
##
##
@@ -5111,7 +5310,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te serefpolicy-3.3.1/policy/modules/apps/java.te
--- nsaserefpolicy/policy/modules/apps/java.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/java.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/java.te 2009-01-13 19:18:30.000000000 +0100
@@ -6,16 +6,10 @@
# Declarations
#
@@ -5164,13 +5363,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/java.te
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.fc serefpolicy-3.3.1/policy/modules/apps/livecd.fc
--- nsaserefpolicy/policy/modules/apps/livecd.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,2 @@
+
+/usr/bin/livecd-creator -- gen_context(system_u:object_r:livecd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.if serefpolicy-3.3.1/policy/modules/apps/livecd.if
--- nsaserefpolicy/policy/modules/apps/livecd.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,56 @@
+
+## policy for livecd
@@ -5230,7 +5429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.te serefpolicy-3.3.1/policy/modules/apps/livecd.te
--- nsaserefpolicy/policy/modules/apps/livecd.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/livecd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/livecd.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,22 @@
+policy_module(livecd, 1.0.0)
+
@@ -5256,7 +5455,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/livecd.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys.te serefpolicy-3.3.1/policy/modules/apps/loadkeys.te
--- nsaserefpolicy/policy/modules/apps/loadkeys.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/loadkeys.te 2009-01-13 19:18:30.000000000 +0100
@@ -44,3 +44,7 @@
optional_policy(`
nscd_dontaudit_search_pid(loadkeys_t)
@@ -5267,7 +5466,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/loadkeys
+userdom_dontaudit_list_sysadm_home_dirs(loadkeys_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if serefpolicy-3.3.1/policy/modules/apps/mono.if
--- nsaserefpolicy/policy/modules/apps/mono.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mono.if 2009-01-13 19:18:30.000000000 +0100
@@ -18,3 +18,122 @@
corecmd_search_bin($1)
domtrans_pattern($1, mono_exec_t, mono_t)
@@ -5393,7 +5592,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.if
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te serefpolicy-3.3.1/policy/modules/apps/mono.te
--- nsaserefpolicy/policy/modules/apps/mono.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mono.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mono.te 2009-01-13 19:18:30.000000000 +0100
@@ -15,7 +15,7 @@
# Local policy
#
@@ -5413,7 +5612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mono.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.fc serefpolicy-3.3.1/policy/modules/apps/mozilla.fc
--- nsaserefpolicy/policy/modules/apps/mozilla.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,8 +1,8 @@
-HOME_DIR/\.galeon(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
-HOME_DIR/\.java(/.*)? gen_context(system_u:object_r:ROLE_mozilla_home_t,s0)
@@ -5444,7 +5643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
+/usr/lib64/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:mozilla_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.if serefpolicy-3.3.1/policy/modules/apps/mozilla.if
--- nsaserefpolicy/policy/modules/apps/mozilla.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,7 +35,10 @@
template(`mozilla_per_role_template',`
gen_require(`
@@ -5943,7 +6142,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.te serefpolicy-3.3.1/policy/modules/apps/mozilla.te
--- nsaserefpolicy/policy/modules/apps/mozilla.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mozilla.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mozilla.te 2009-01-13 19:18:30.000000000 +0100
@@ -6,15 +6,19 @@
# Declarations
#
@@ -5973,7 +6172,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mozilla.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.fc serefpolicy-3.3.1/policy/modules/apps/mplayer.fc
--- nsaserefpolicy/policy/modules/apps/mplayer.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,13 +1,8 @@
#
-# /etc
@@ -5991,7 +6190,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
+HOME_DIR/\.mplayer(/.*)? gen_context(system_u:object_r:user_mplayer_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.if serefpolicy-3.3.1/policy/modules/apps/mplayer.if
--- nsaserefpolicy/policy/modules/apps/mplayer.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,6 +35,7 @@
template(`mplayer_per_role_template',`
gen_require(`
@@ -6142,7 +6341,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.te serefpolicy-3.3.1/policy/modules/apps/mplayer.te
--- nsaserefpolicy/policy/modules/apps/mplayer.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/mplayer.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/mplayer.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,3 +22,7 @@
type mplayer_exec_t;
corecmd_executable_file(mplayer_exec_t)
@@ -6153,7 +6352,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/mplayer.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.fc serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc
--- nsaserefpolicy/policy/modules/apps/nsplugin.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,8 @@
+
+/usr/lib(64)?/nspluginwrapper/npviewer.bin -- gen_context(system_u:object_r:nsplugin_exec_t,s0)
@@ -6165,7 +6364,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+HOME_DIR/\.gstreamer-.* gen_context(system_u:object_r:user_nsplugin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.if serefpolicy-3.3.1/policy/modules/apps/nsplugin.if
--- nsaserefpolicy/policy/modules/apps/nsplugin.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,359 @@
+
+## policy for nsplugin
@@ -6528,7 +6727,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin.te serefpolicy-3.3.1/policy/modules/apps/nsplugin.te
--- nsaserefpolicy/policy/modules/apps/nsplugin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/nsplugin.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,235 @@
+
+policy_module(nsplugin,1.0.0)
@@ -6767,14 +6966,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/nsplugin
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.fc serefpolicy-3.3.1/policy/modules/apps/openoffice.fc
--- nsaserefpolicy/policy/modules/apps/openoffice.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,3 @@
+/usr/lib/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+/usr/lib64/openoffice\.org.*/program/.+\.bin -- gen_context(system_u:object_r:openoffice_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.if serefpolicy-3.3.1/policy/modules/apps/openoffice.if
--- nsaserefpolicy/policy/modules/apps/openoffice.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,98 @@
+## Openoffice
+
@@ -6876,7 +7075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffice.te serefpolicy-3.3.1/policy/modules/apps/openoffice.te
--- nsaserefpolicy/policy/modules/apps/openoffice.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/openoffice.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/openoffice.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,14 @@
+
+policy_module(openoffice,1.0.0)
@@ -6894,7 +7093,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/openoffi
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.fc serefpolicy-3.3.1/policy/modules/apps/screen.fc
--- nsaserefpolicy/policy/modules/apps/screen.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,7 +1,7 @@
#
# /home
@@ -6906,7 +7105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.f
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.if serefpolicy-3.3.1/policy/modules/apps/screen.if
--- nsaserefpolicy/policy/modules/apps/screen.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,6 +35,7 @@
template(`screen_per_role_template',`
gen_require(`
@@ -6961,7 +7160,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.i
kernel_read_kernel_sysctls($1_screen_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.te serefpolicy-3.3.1/policy/modules/apps/screen.te
--- nsaserefpolicy/policy/modules/apps/screen.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/screen.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/screen.te 2009-01-13 19:18:30.000000000 +0100
@@ -11,3 +11,7 @@
type screen_exec_t;
@@ -6972,7 +7171,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/screen.t
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.te serefpolicy-3.3.1/policy/modules/apps/slocate.te
--- nsaserefpolicy/policy/modules/apps/slocate.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/slocate.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/slocate.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,7 +22,7 @@
#
@@ -6992,7 +7191,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/slocate.
files_read_etc_files(locate_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.fc serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc
--- nsaserefpolicy/policy/modules/apps/thunderbird.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.fc 2009-01-13 19:18:30.000000000 +0100
@@ -3,4 +3,4 @@
#
/usr/bin/thunderbird.* -- gen_context(system_u:object_r:thunderbird_exec_t,s0)
@@ -7001,7 +7200,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
+HOME_DIR/\.thunderbird(/.*)? gen_context(system_u:object_r:user_thunderbird_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.if serefpolicy-3.3.1/policy/modules/apps/thunderbird.if
--- nsaserefpolicy/policy/modules/apps/thunderbird.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.if 2009-01-13 19:18:30.000000000 +0100
@@ -43,9 +43,9 @@
application_domain($1_thunderbird_t,thunderbird_exec_t)
role $3 types $1_thunderbird_t;
@@ -7060,7 +7259,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderbird.te serefpolicy-3.3.1/policy/modules/apps/thunderbird.te
--- nsaserefpolicy/policy/modules/apps/thunderbird.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/thunderbird.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,3 +8,7 @@
type thunderbird_exec_t;
@@ -7071,7 +7270,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/thunderb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.if serefpolicy-3.3.1/policy/modules/apps/tvtime.if
--- nsaserefpolicy/policy/modules/apps/tvtime.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/tvtime.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/tvtime.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,6 +35,7 @@
template(`tvtime_per_role_template',`
gen_require(`
@@ -7149,7 +7348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.i
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.te serefpolicy-3.3.1/policy/modules/apps/tvtime.te
--- nsaserefpolicy/policy/modules/apps/tvtime.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/tvtime.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/tvtime.te 2009-01-13 19:18:30.000000000 +0100
@@ -11,3 +11,9 @@
type tvtime_dir_t;
@@ -7162,7 +7361,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/tvtime.t
+files_tmp_file(user_tvtime_tmp_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc serefpolicy-3.3.1/policy/modules/apps/uml.fc
--- nsaserefpolicy/policy/modules/apps/uml.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/uml.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/uml.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,7 +1,7 @@
#
# HOME_DIR/
@@ -7174,7 +7373,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/uml.fc s
# /usr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelper.if serefpolicy-3.3.1/policy/modules/apps/userhelper.if
--- nsaserefpolicy/policy/modules/apps/userhelper.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/userhelper.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/userhelper.if 2009-01-13 19:18:30.000000000 +0100
@@ -181,24 +181,6 @@
nscd_socket_use($1_userhelper_t)
')
@@ -7241,7 +7440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/userhelp
allow $2 $1_userhelper_t:process sigchld;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetctl.if serefpolicy-3.3.1/policy/modules/apps/usernetctl.if
--- nsaserefpolicy/policy/modules/apps/usernetctl.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.if 2009-01-13 19:18:30.000000000 +0100
@@ -63,4 +63,8 @@
optional_policy(`
modutils_run_insmod(usernetctl_t,$2,$3)
@@ -7253,447 +7452,63083 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetc
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/usernetctl.te serefpolicy-3.3.1/policy/modules/apps/usernetctl.te
--- nsaserefpolicy/policy/modules/apps/usernetctl.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/usernetctl.te 2009-01-13 19:18:30.000000000 +0100
@@ -49,15 +49,21 @@
fs_search_auto_mountpoints(usernetctl_t)
+auth_use_nsswitch(usernetctl_t)
+
- libs_use_ld_so(usernetctl_t)
- libs_use_shared_libs(usernetctl_t)
-
-+logging_send_syslog_msg(usernetctl_t)
+ libs_use_ld_so(usernetctl_t)
+ libs_use_shared_libs(usernetctl_t)
+
++logging_send_syslog_msg(usernetctl_t)
++
+ miscfiles_read_localization(usernetctl_t)
+
+ seutil_read_config(usernetctl_t)
+
+ sysnet_read_config(usernetctl_t)
+
++term_search_ptys(usernetctl_t)
++
+ optional_policy(`
+ hostname_exec(usernetctl_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.3.1/policy/modules/apps/vmware.fc
+--- nsaserefpolicy/policy/modules/apps/vmware.fc 2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.fc 2009-01-13 19:18:30.000000000 +0100
+@@ -1,9 +1,9 @@
+ #
+ # HOME_DIR/
+ #
+-HOME_DIR/\.vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
+-HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
+-HOME_DIR/vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
++HOME_DIR/\.vmware(/.*)? gen_context(system_u:object_r:user_vmware_file_t,s0)
++HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:user_vmware_conf_t,s0)
++HOME_DIR/vmware(/.*)? gen_context(system_u:object_r:user_vmware_file_t,s0)
+
+ #
+ # /etc
+@@ -21,19 +21,25 @@
+ /usr/bin/vmware-nmbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-ping -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/sbin/vmware-guest.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+ /usr/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/sbin/vmware-serverd -- gen_context(system_u:object_r:vmware_exec_t,s0)
+
+ /usr/lib/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+
+ /usr/lib64/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
+ /usr/lib64/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /usr/lib64/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
++/usr/lib64/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+
+ ifdef(`distro_gentoo',`
+ /opt/vmware/workstation/bin/vmnet-bridge -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+@@ -49,3 +55,8 @@
+ /opt/vmware/workstation/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ /opt/vmware/workstation/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)
+ ')
++/var/log/vmware.* -- gen_context(system_u:object_r:vmware_log_t,s0)
++/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
++/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
++/usr/lib/vmware-tools/sbin32/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
++/usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.3.1/policy/modules/apps/vmware.if
+--- nsaserefpolicy/policy/modules/apps/vmware.if 2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.if 2009-01-13 19:18:30.000000000 +0100
+@@ -164,7 +164,7 @@
+ sysnet_dns_name_resolve($1_vmware_t)
+ sysnet_read_config($1_vmware_t)
+
+- xserver_user_client_template($1,$1_vmware_t,$1_vmware_tmpfs_t)
++ xserver_user_x_domain_template($1,$1_vmware,$1_vmware_t,$1_vmware_tmpfs_t)
+ ')
+
+ ########################################
+@@ -202,3 +202,22 @@
+
+ allow $1 vmware_sys_conf_t:file append;
+ ')
++
++########################################
++##
++## Append to VMWare log files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`vmware_append_log',`
++ gen_require(`
++ type vmware_log_t;
++ ')
++
++ logging_search_logs($1)
++ append_files_pattern($1,vmware_log_t,vmware_log_t)
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.3.1/policy/modules/apps/vmware.te
+--- nsaserefpolicy/policy/modules/apps/vmware.te 2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/vmware.te 2009-01-13 19:18:30.000000000 +0100
+@@ -22,17 +22,21 @@
+ type vmware_var_run_t;
+ files_pid_file(vmware_var_run_t)
+
++type vmware_log_t;
++logging_log_file(vmware_log_t)
++
+ ########################################
+ #
+ # VMWare host local policy
+ #
+
+-allow vmware_host_t self:capability { setuid net_raw };
++allow vmware_host_t self:capability { setgid setuid net_raw };
+ dontaudit vmware_host_t self:capability sys_tty_config;
+-allow vmware_host_t self:process signal_perms;
++allow vmware_host_t self:process { execstack execmem signal_perms };
+ allow vmware_host_t self:fifo_file rw_fifo_file_perms;
+ allow vmware_host_t self:unix_stream_socket create_stream_socket_perms;
+ allow vmware_host_t self:rawip_socket create_socket_perms;
++allow vmware_host_t self:tcp_socket create_socket_perms;
+
+ # cjp: the ro and rw files should be split up
+ manage_files_pattern(vmware_host_t,vmware_sys_conf_t,vmware_sys_conf_t)
+@@ -41,6 +45,11 @@
+ manage_sock_files_pattern(vmware_host_t,vmware_var_run_t,vmware_var_run_t)
+ files_pid_filetrans(vmware_host_t,vmware_var_run_t,{ file sock_file })
+
++manage_files_pattern(vmware_host_t,vmware_log_t,vmware_log_t)
++logging_log_filetrans(vmware_host_t,vmware_log_t,{ file dir })
++
++files_search_home(vmware_host_t)
++
+ kernel_read_kernel_sysctls(vmware_host_t)
+ kernel_list_proc(vmware_host_t)
+ kernel_read_proc_symlinks(vmware_host_t)
+@@ -63,6 +72,7 @@
+ corenet_sendrecv_all_server_packets(vmware_host_t)
+
+ dev_read_sysfs(vmware_host_t)
++dev_read_urand(vmware_host_t)
+ dev_rw_vmware(vmware_host_t)
+
+ domain_use_interactive_fds(vmware_host_t)
+@@ -99,14 +109,12 @@
+ ')
+ netutils_domtrans_ping(vmware_host_t)
+
+-ifdef(`TODO',`
+-# VMWare need access to pcmcia devices for network
+ optional_policy(`
+-allow kernel_t cardmgr_var_lib_t:dir { getattr search };
+-allow kernel_t cardmgr_var_lib_t:file { getattr ioctl read };
++ unconfined_domain(vmware_host_t)
+ ')
+-# Vmware create network devices
+-allow kernel_t self:capability net_admin;
+-allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
+-allow kernel_t self:socket create;
++
++optional_policy(`
++ xserver_xdm_rw_shm(vmware_host_t)
+ ')
++
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.3.1/policy/modules/apps/wine.fc
+--- nsaserefpolicy/policy/modules/apps/wine.fc 2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.fc 2009-01-13 19:18:30.000000000 +0100
+@@ -1,4 +1,6 @@
+ /usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+
+-/opt/cxoffice/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
+-/opt/picasa/wine/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
++/opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
++/opt/picasa/wine/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
++/opt/google/picasa(/.*)?/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
++HOME_DIR/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.3.1/policy/modules/apps/wine.if
+--- nsaserefpolicy/policy/modules/apps/wine.if 2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.if 2009-01-13 19:18:30.000000000 +0100
+@@ -49,3 +49,53 @@
+ role $2 types wine_t;
+ allow wine_t $3:chr_file rw_term_perms;
+ ')
++
++#######################################
++##
++## The per role template for the wine module.
++##
++##
++##
++## This template creates a derived domains which are used
++## for wine applications.
++##
++##
++##
++##
++## The prefix of the user domain (e.g., user
++## is the prefix for user_t).
++##
++##
++##
++##
++## The type of the user domain.
++##
++##
++##
++##
++## The role associated with the user domain.
++##
++##
++#
++template(`wine_per_role_template',`
++ gen_require(`
++ type wine_exec_t;
++ ')
++
++ type $1_wine_t;
++ domain_type($1_wine_t)
++ domain_entry_file($1_wine_t,wine_exec_t)
++ role $3 types $1_wine_t;
++
++ domain_interactive_fd($1_wine_t)
++
++ userdom_unpriv_usertype($1, $1_wine_t)
++
++ allow $1_wine_t self:process { execheap execmem };
++
++ domtrans_pattern($2, wine_exec_t, $1_wine_t)
++
++ optional_policy(`
++ xserver_xdm_rw_shm($1_wine_t)
++ ')
++')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.3.1/policy/modules/apps/wine.te
+--- nsaserefpolicy/policy/modules/apps/wine.te 2008-02-26 14:23:12.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/apps/wine.te 2009-01-13 19:18:30.000000000 +0100
+@@ -9,6 +9,7 @@
+ type wine_t;
+ type wine_exec_t;
+ application_domain(wine_t,wine_exec_t)
++role system_r types wine_t;
+
+ ########################################
+ #
+@@ -17,10 +18,17 @@
+
+ optional_policy(`
+ allow wine_t self:process { execstack execmem execheap };
++ domain_mmap_low_type(wine_t)
++ domain_mmap_low(wine_t)
+ unconfined_domain_noaudit(wine_t)
+ files_execmod_all_files(wine_t)
+
+- optional_policy(`
+- hal_dbus_chat(wine_t)
+- ')
++')
++
++optional_policy(`
++ hal_dbus_chat(wine_t)
++')
++
++optional_policy(`
++ xserver_xdm_rw_shm(wine_t)
+ ')
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc
+--- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2008-02-26 14:23:11.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc 2009-01-13 19:18:30.000000000 +0100
+@@ -7,11 +7,11 @@
+ /bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/bin/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
+-
+ #
+ # /dev
+ #
+@@ -67,6 +67,12 @@
+
+ /etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
+
++
++/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/netconsole -- gen_context(system_u:object_r:bin_t,s0)
++/etc/sysconfig/readonly-root -- gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/network-scripts/ifup-.* -- gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/network-scripts/ifup-.* -l gen_context(system_u:object_r:bin_t,s0)
+ /etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
+@@ -99,11 +105,6 @@
+ /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
+ ')
+
+-ifdef(`distro_redhat',`
+-/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
+-/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
+-')
+-
+ #
+ # /sbin
+ #
+@@ -127,6 +128,8 @@
+ /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
+ ')
+
++/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
++
+ #
+ # /usr
+ #
+@@ -144,10 +147,7 @@
+ /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+ /usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
+@@ -178,6 +178,8 @@
+ /usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
+ /usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/libsexec/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
++
+ /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
+
+ /usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
+@@ -185,8 +187,12 @@
+ /usr/local/Brother(/.*)?/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
+
++/usr/bin/scponly -- gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
+ /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
++/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
+
+ /usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
+@@ -213,9 +219,11 @@
+ /etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
+
+ /usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
+-/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib/vmware-tools/sbin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
+@@ -223,7 +231,6 @@
+ /usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
+-/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
+ /usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
+@@ -284,3 +291,12 @@
+ ifdef(`distro_suse',`
+ /var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
+ ')
++/usr/lib(64)?/nspluginwrapper/npconfig gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/nspluginwrapper/npviewer gen_context(system_u:object_r:bin_t,s0)
++
++/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
++/etc/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
++
++/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
++/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.3.1/policy/modules/kernel/corecommands.if
+--- nsaserefpolicy/policy/modules/kernel/corecommands.if 2008-02-26 14:23:11.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.if 2009-01-13 19:18:30.000000000 +0100
+@@ -875,6 +875,7 @@
+
+ read_lnk_files_pattern($1,bin_t,bin_t)
+ can_exec($1,chroot_exec_t)
++ allow $1 self:capability sys_chroot;
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if 2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,60874 @@
++#
++# This is a generated file! Instead of modifying this file, the
++# corenetwork.if.in or corenetwork.if.m4 file should be modified.
++#
++## Policy controlling access to network objects
++##
++## Contains the initial SIDs for network objects.
++##
++
++########################################
++##
++## Define type to be a network port type
++##
++##
++##
++## Define type to be a network port type
++##
++##
++## This is for supporting third party modules and its
++## use is not allowed in upstream reference policy.
++##
++##
++##
++##
++## Type to be used for network ports.
++##
++##
++#
++interface(`corenet_port',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ typeattribute $1 port_type;
++')
++
++########################################
++##
++## Define network type to be a reserved port (lt 1024)
++##
++##
++##
++## Define network type to be a reserved port (lt 1024)
++##
++##
++## This is for supporting third party modules and its
++## use is not allowed in upstream reference policy.
++##
++##
++##
++##
++## Type to be used for network ports.
++##
++##
++#
++interface(`corenet_reserved_port',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ typeattribute $1 reserved_port_type;
++')
++
++########################################
++##
++## Define network type to be a rpc port ( 512 lt PORT lt 1024)
++##
++##
++##
++## Define network type to be a rpc port ( 512 lt PORT lt 1024)
++##
++##
++## This is for supporting third party modules and its
++## use is not allowed in upstream reference policy.
++##
++##
++##
++##
++## Type to be used for network ports.
++##
++##
++#
++interface(`corenet_rpc_port',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ typeattribute $1 rpc_port_type;
++')
++
++########################################
++##
++## Define type to be a network client packet type
++##
++##
++##
++## Define type to be a network client packet type
++##
++##
++## This is for supporting third party modules and its
++## use is not allowed in upstream reference policy.
++##
++##
++##
++##
++## Type to be used for a network client packet.
++##
++##
++#
++interface(`corenet_client_packet',`
++ gen_require(`
++ attribute packet_type, client_packet_type;
++ ')
++
++ typeattribute $1 client_packet_type, packet_type;
++')
++
++########################################
++##
++## Define type to be a network server packet type
++##
++##
++##
++## Define type to be a network server packet type
++##
++##
++## This is for supporting third party modules and its
++## use is not allowed in upstream reference policy.
++##
++##
++##
++##
++## Type to be used for a network server packet.
++##
++##
++#
++interface(`corenet_server_packet',`
++ gen_require(`
++ attribute packet_type, server_packet_type;
++ ')
++
++ typeattribute $1 server_packet_type, packet_type;
++')
++
++########################################
++##
++## Send and receive TCP network traffic on the generic interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_generic_if',`
++ gen_require(`
++ type netif_t;
++ ')
++
++ allow $1 netif_t:netif { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP network traffic on generic interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_generic_if',`
++ gen_require(`
++ type netif_t;
++ ')
++
++ allow $1 netif_t:netif udp_send;
++')
++
++########################################
++##
++## Dontaudit attempts to send UDP network traffic
++## on generic interfaces.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_generic_if',`
++ gen_require(`
++ type netif_t;
++ ')
++
++ dontaudit $1 netif_t:netif udp_send;
++')
++
++########################################
++##
++## Receive UDP network traffic on generic interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_generic_if',`
++ gen_require(`
++ type netif_t;
++ ')
++
++ allow $1 netif_t:netif udp_recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP network
++## traffic on generic interfaces.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_generic_if',`
++ gen_require(`
++ type netif_t;
++ ')
++
++ dontaudit $1 netif_t:netif udp_recv;
++')
++
++########################################
++##
++## Send and Receive UDP network traffic on generic interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_generic_if',`
++ corenet_udp_send_generic_if($1)
++ corenet_udp_receive_generic_if($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive UDP network
++## traffic on generic interfaces.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_generic_if',`
++ corenet_dontaudit_udp_send_generic_if($1)
++ corenet_dontaudit_udp_receive_generic_if($1)
++')
++
++########################################
++##
++## Send raw IP packets on generic interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_send_generic_if',`
++ gen_require(`
++ type netif_t;
++ ')
++
++ allow $1 netif_t:netif rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on generic interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_receive_generic_if',`
++ gen_require(`
++ type netif_t;
++ ')
++
++ allow $1 netif_t:netif rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on generic interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_sendrecv_generic_if',`
++ corenet_raw_send_generic_if($1)
++ corenet_raw_receive_generic_if($1)
++')
++
++########################################
++##
++## Send and receive TCP network traffic on all interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_sendrecv_all_if',`
++ gen_require(`
++ attribute netif_type;
++ ')
++
++ allow $1 netif_type:netif { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP network traffic on all interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_all_if',`
++ gen_require(`
++ attribute netif_type;
++ ')
++
++ allow $1 netif_type:netif udp_send;
++')
++
++########################################
++##
++## Receive UDP network traffic on all interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_all_if',`
++ gen_require(`
++ attribute netif_type;
++ ')
++
++ allow $1 netif_type:netif udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on all interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_all_if',`
++ corenet_udp_send_all_if($1)
++ corenet_udp_receive_all_if($1)
++')
++
++########################################
++##
++## Send raw IP packets on all interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_send_all_if',`
++ gen_require(`
++ attribute netif_type;
++ ')
++
++ allow $1 netif_type:netif rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on all interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_receive_all_if',`
++ gen_require(`
++ attribute netif_type;
++ ')
++
++ allow $1 netif_type:netif rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on all interfaces.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_sendrecv_all_if',`
++ corenet_raw_send_all_if($1)
++ corenet_raw_receive_all_if($1)
++')
++
++########################################
++##
++## Send and receive TCP network traffic on generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_sendrecv_generic_node',`
++ gen_require(`
++ type node_t;
++ ')
++
++ allow $1 node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP network traffic on generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_generic_node',`
++ gen_require(`
++ type node_t;
++ ')
++
++ allow $1 node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP network traffic on generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_generic_node',`
++ gen_require(`
++ type node_t;
++ ')
++
++ allow $1 node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_generic_node',`
++ corenet_udp_send_generic_node($1)
++ corenet_udp_receive_generic_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_send_generic_node',`
++ gen_require(`
++ type node_t;
++ ')
++
++ allow $1 node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_receive_generic_node',`
++ gen_require(`
++ type node_t;
++ ')
++
++ allow $1 node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_sendrecv_generic_node',`
++ corenet_raw_send_generic_node($1)
++ corenet_raw_receive_generic_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_generic_node',`
++ gen_require(`
++ type node_t;
++ ')
++
++ allow $1 node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to generic nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_generic_node',`
++ gen_require(`
++ type node_t;
++ ')
++
++ allow $1 node_t:udp_socket node_bind;
++')
++
++########################################
++##
++## Send and receive TCP network traffic on all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_sendrecv_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP network traffic on all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:node udp_send;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP network
++## traffic on any nodes.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ dontaudit $1 node_type:node udp_send;
++')
++
++########################################
++##
++## Receive UDP network traffic on all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:node udp_recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP
++## network traffic on all nodes.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ dontaudit $1 node_type:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_all_nodes',`
++ corenet_udp_send_all_nodes($1)
++ corenet_udp_receive_all_nodes($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive UDP
++## network traffic on any nodes nodes.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_all_nodes',`
++ corenet_dontaudit_udp_send_all_nodes($1)
++ corenet_dontaudit_udp_receive_all_nodes($1)
++')
++
++########################################
++##
++## Send raw IP packets on all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_send_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_receive_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_raw_sendrecv_all_nodes',`
++ corenet_raw_send_all_nodes($1)
++ corenet_raw_receive_all_nodes($1)
++')
++
++########################################
++##
++## Bind TCP sockets to all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:udp_socket node_bind;
++')
++
++########################################
++##
++## Bind raw sockets to all nodes.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++# rawip_socket node_bind does not make much sense.
++# cjp: vmware hits this too
++interface(`corenet_raw_bind_all_nodes',`
++ gen_require(`
++ attribute node_type;
++ ')
++
++ allow $1 node_type:rawip_socket node_bind;
++')
++
++########################################
++##
++## Send and receive TCP network traffic on generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_sendrecv_generic_port',`
++ gen_require(`
++ type port_t;
++ ')
++
++ allow $1 port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Do not audit send and receive TCP network traffic on generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
++ gen_require(`
++ type port_t;
++ ')
++
++ dontaudit $1 port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP network traffic on generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_generic_port',`
++ gen_require(`
++ type port_t;
++ ')
++
++ allow $1 port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP network traffic on generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_generic_port',`
++ gen_require(`
++ type port_t;
++ ')
++
++ allow $1 port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_generic_port',`
++ corenet_udp_send_generic_port($1)
++ corenet_udp_receive_generic_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_generic_port',`
++ gen_require(`
++ type port_t;
++ attribute port_type;
++ ')
++
++ allow $1 port_t:tcp_socket name_bind;
++ dontaudit $1 { port_type -port_t }:tcp_socket name_bind;
++')
++
++########################################
++##
++## Do not audit bind TCP sockets to generic ports.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_bind_generic_port',`
++ gen_require(`
++ type port_t;
++ ')
++
++ dontaudit $1 port_t:tcp_socket name_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_generic_port',`
++ gen_require(`
++ type port_t;
++ attribute port_type;
++ ')
++
++ allow $1 port_t:udp_socket name_bind;
++ dontaudit $1 { port_type -port_t }:udp_socket name_bind;
++')
++
++########################################
++##
++## Connect TCP sockets to generic ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_connect_generic_port',`
++ gen_require(`
++ type port_t;
++ ')
++
++ allow $1 port_t:tcp_socket name_connect;
++')
++
++########################################
++##
++## Send and receive TCP network traffic on all ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_sendrecv_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ allow $1 port_type:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP network traffic on all ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ allow $1 port_type:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP network traffic on all ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ allow $1 port_type:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on all ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_all_ports',`
++ corenet_udp_send_all_ports($1)
++ corenet_udp_receive_all_ports($1)
++')
++
++########################################
++##
++## Bind TCP sockets to all ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ allow $1 port_type:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Do not audit attepts to bind TCP sockets to any ports.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_bind_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ dontaudit $1 port_type:tcp_socket name_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to all ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ allow $1 port_type:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Do not audit attepts to bind UDP sockets to any ports.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_bind_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ dontaudit $1 port_type:udp_socket name_bind;
++')
++
++########################################
++##
++## Connect TCP sockets to all ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_connect_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ allow $1 port_type:tcp_socket name_connect;
++')
++
++########################################
++##
++## Do not audit attempts to connect TCP sockets
++## to all ports.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_connect_all_ports',`
++ gen_require(`
++ attribute port_type;
++ ')
++
++ dontaudit $1 port_type:tcp_socket name_connect;
++')
++
++########################################
++##
++## Send and receive TCP network traffic on generic reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_sendrecv_reserved_port',`
++ gen_require(`
++ type reserved_port_t;
++ ')
++
++ allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP network traffic on generic reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_reserved_port',`
++ gen_require(`
++ type reserved_port_t;
++ ')
++
++ allow $1 reserved_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP network traffic on generic reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_reserved_port',`
++ gen_require(`
++ type reserved_port_t;
++ ')
++
++ allow $1 reserved_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on generic reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_reserved_port',`
++ corenet_udp_send_reserved_port($1)
++ corenet_udp_receive_reserved_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to generic reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_reserved_port',`
++ gen_require(`
++ type reserved_port_t;
++ ')
++
++ allow $1 reserved_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to generic reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_reserved_port',`
++ gen_require(`
++ type reserved_port_t;
++ ')
++
++ allow $1 reserved_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Connect TCP sockets to generic reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_connect_reserved_port',`
++ gen_require(`
++ type reserved_port_t;
++ ')
++
++ allow $1 reserved_port_t:tcp_socket name_connect;
++')
++
++########################################
++##
++## Send and receive TCP network traffic on all reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_sendrecv_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP network traffic on all reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_send_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ allow $1 reserved_port_type:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP network traffic on all reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_receive_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ allow $1 reserved_port_type:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on all reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_sendrecv_all_reserved_ports',`
++ corenet_udp_send_all_reserved_ports($1)
++ corenet_udp_receive_all_reserved_ports($1)
++')
++
++########################################
++##
++## Bind TCP sockets to all reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ allow $1 reserved_port_type:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Do not audit attempts to bind TCP sockets to all reserved ports.
++##
++##
++##
++## The type of the process to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ dontaudit $1 reserved_port_type:tcp_socket name_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to all reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ allow $1 reserved_port_type:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Do not audit attempts to bind UDP sockets to all reserved ports.
++##
++##
++##
++## The type of the process to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ dontaudit $1 reserved_port_type:udp_socket name_bind;
++')
++
++########################################
++##
++## Bind TCP sockets to all ports > 1024.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_all_unreserved_ports',`
++ gen_require(`
++ attribute port_type;
++ type hi_reserved_port_t, reserved_port_t;
++ ')
++
++ allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:tcp_socket name_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to all ports > 1024.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_all_unreserved_ports',`
++ gen_require(`
++ attribute port_type;
++ type hi_reserved_port_t, reserved_port_t;
++ ')
++
++ allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:udp_socket name_bind;
++')
++
++########################################
++##
++## Connect TCP sockets to reserved ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_connect_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ allow $1 reserved_port_type:tcp_socket name_connect;
++')
++
++########################################
++##
++## Do not audit attempts to connect TCP sockets
++## all reserved ports.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
++ gen_require(`
++ attribute reserved_port_type;
++ ')
++
++ dontaudit $1 reserved_port_type:tcp_socket name_connect;
++')
++
++########################################
++##
++## Connect TCP sockets to rpc ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ allow $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++##
++## Do not audit attempts to connect TCP sockets
++## all rpc ports.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_connect_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ dontaudit $1 rpc_port_type:tcp_socket name_connect;
++')
++
++########################################
++##
++## Read and write the TUN/TAP virtual network device.
++##
++##
++##
++## The domain allowed access.
++##
++##
++#
++interface(`corenet_rw_tun_tap_dev',`
++ gen_require(`
++ type tun_tap_device_t;
++ ')
++
++ dev_list_all_dev_nodes($1)
++ allow $1 tun_tap_device_t:chr_file { getattr read write ioctl lock append };
++')
++
++########################################
++##
++## Read and write the point-to-point device.
++##
++##
++##
++## The domain allowed access.
++##
++##
++#
++interface(`corenet_rw_ppp_dev',`
++ gen_require(`
++ type ppp_device_t;
++ ')
++
++ dev_list_all_dev_nodes($1)
++ allow $1 ppp_device_t:chr_file rw_file_perms;
++')
++
++########################################
++##
++## Bind TCP sockets to all RPC ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_tcp_bind_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ allow $1 rpc_port_type:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Do not audit attempts to bind TCP sockets to all RPC ports.
++##
++##
++##
++## The type of the process to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_bind_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ dontaudit $1 rpc_port_type:tcp_socket name_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to all RPC ports.
++##
++##
++##
++## The type of the process performing this action.
++##
++##
++#
++interface(`corenet_udp_bind_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ allow $1 rpc_port_type:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Do not audit attempts to bind UDP sockets to all RPC ports.
++##
++##
++##
++## The type of the process to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_bind_all_rpc_ports',`
++ gen_require(`
++ attribute rpc_port_type;
++ ')
++
++ dontaudit $1 rpc_port_type:udp_socket name_bind;
++')
++
++########################################
++##
++## Send and receive messages on a
++## non-encrypted (no IPSEC) network
++## session.
++##
++##
++##
++## Send and receive messages on a
++## non-encrypted (no IPSEC) network
++## session. (Deprecated)
++##
++##
++## The corenet_all_recvfrom_unlabeled() interface should be used instead
++## of this one.
++##
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_non_ipsec_sendrecv',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_all_recvfrom_unlabeled() instead.')
++ corenet_all_recvfrom_unlabeled($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## messages on a non-encrypted (no IPSEC) network
++## session.
++##
++##
++##
++## Do not audit attempts to send and receive
++## messages on a non-encrypted (no IPSEC) network
++## session.
++##
++##
++## The corenet_dontaudit_all_recvfrom_unlabeled() interface should be
++## used instead of this one.
++##
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_non_ipsec_sendrecv',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_all_recvfrom_unlabeled() instead.')
++ corenet_dontaudit_all_recvfrom_unlabeled($1)
++')
++
++########################################
++##
++## Receive TCP packets from a NetLabel connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_recv_netlabel',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_tcp_recvfrom_netlabel() instead.')
++ corenet_tcp_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Receive TCP packets from a NetLabel connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ allow $1 netlabel_peer_t:tcp_socket recvfrom;
++')
++
++########################################
++##
++## Receive TCP packets from an unlabled connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_recvfrom_unlabeled',`
++ kernel_tcp_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Do not audit attempts to receive TCP packets from a NetLabel
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_recv_netlabel',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_tcp_recvfrom_netlabel() instead.')
++ corenet_dontaudit_tcp_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Do not audit attempts to receive TCP packets from a NetLabel
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ dontaudit $1 netlabel_peer_t:tcp_socket recvfrom;
++')
++
++########################################
++##
++## Do not audit attempts to receive TCP packets from an unlabeled
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_tcp_recvfrom_unlabeled',`
++ kernel_dontaudit_tcp_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Receive UDP packets from a NetLabel connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_udp_recv_netlabel',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_udp_recvfrom_netlabel() instead.')
++ corenet_udp_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Receive UDP packets from a NetLabel connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_udp_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ allow $1 netlabel_peer_t:udp_socket recvfrom;
++')
++
++########################################
++##
++## Receive UDP packets from an unlabeled connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_udp_recvfrom_unlabeled',`
++ kernel_udp_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP packets from a NetLabel
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_recv_netlabel',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_udp_recvfrom_netlabel($1) instead.')
++ corenet_dontaudit_udp_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP packets from a NetLabel
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ dontaudit $1 netlabel_peer_t:udp_socket recvfrom;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP packets from an unlabeled
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_udp_recvfrom_unlabeled',`
++ kernel_dontaudit_udp_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Receive Raw IP packets from a NetLabel connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_raw_recv_netlabel',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_raw_recvfrom_netlabel() instead.')
++ corenet_raw_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Receive Raw IP packets from a NetLabel connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_raw_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ allow $1 netlabel_peer_t:rawip_socket recvfrom;
++')
++
++########################################
++##
++## Receive Raw IP packets from an unlabeled connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_raw_recvfrom_unlabeled',`
++ kernel_raw_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Do not audit attempts to receive Raw IP packets from a NetLabel
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_raw_recv_netlabel',`
++ refpolicywarn(`$0($*) has been deprecated, use corenet_dontaudit_raw_recvfrom_netlabel() instead.')
++ corenet_dontaudit_raw_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Do not audit attempts to receive Raw IP packets from a NetLabel
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_raw_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ dontaudit $1 netlabel_peer_t:rawip_socket recvfrom;
++')
++
++########################################
++##
++## Do not audit attempts to receive Raw IP packets from an unlabeled
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
++ kernel_dontaudit_raw_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Receive packets from an unlabeled connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_all_recvfrom_unlabeled',`
++ kernel_tcp_recvfrom_unlabeled($1)
++ kernel_udp_recvfrom_unlabeled($1)
++ kernel_raw_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Receive packets from a NetLabel connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_all_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ allow $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
++')
++
++########################################
++##
++## Do not audit attempts to receive packets from an unlabeled connection.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_dontaudit_all_recvfrom_unlabeled',`
++ kernel_dontaudit_tcp_recvfrom_unlabeled($1)
++ kernel_dontaudit_udp_recvfrom_unlabeled($1)
++ kernel_dontaudit_raw_recvfrom_unlabeled($1)
++
++ # XXX - at some point the oubound/send access check will be removed
++ # but for right now we need to keep this in place so as not to break
++ # older systems
++ kernel_dontaudit_sendrecv_unlabeled_association($1)
++')
++
++########################################
++##
++## Do not audit attempts to receive packets from a NetLabel
++## connection.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`corenet_dontaudit_all_recvfrom_netlabel',`
++ gen_require(`
++ type netlabel_peer_t;
++ ')
++
++ dontaudit $1 netlabel_peer_t:{ tcp_socket udp_socket rawip_socket } recvfrom;
++')
++
++########################################
++##
++## Rules for receiving labeled TCP packets.
++##
++##
++##
++## Rules for receiving labeled TCP packets.
++##
++##
++## Due to the nature of TCP, this is bidirectional.
++##
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## Peer domain.
++##
++##
++#
++interface(`corenet_tcp_recvfrom_labeled',`
++ allow { $1 $2 } self:association sendto;
++ allow $1 $2:{ association tcp_socket } recvfrom;
++ allow $2 $1:{ association tcp_socket } recvfrom;
++
++ # Netlabel (CIPSO)-based labeled networking
++ # currently only supports MLS portion of label
++ corenet_tcp_recvfrom_netlabel($1)
++ corenet_tcp_recvfrom_netlabel($2)
++')
++
++########################################
++##
++## Rules for receiving labeled UDP packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## Peer domain.
++##
++##
++#
++interface(`corenet_udp_recvfrom_labeled',`
++ allow $2 self:association sendto;
++ allow $1 $2:{ association udp_socket } recvfrom;
++
++ # Netlabel (CIPSO)-based labeled networking
++ # currently only supports MLS portion of label
++ corenet_udp_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Rules for receiving labeled raw IP packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## Peer domain.
++##
++##
++#
++interface(`corenet_raw_recvfrom_labeled',`
++ allow $2 self:association sendto;
++ allow $1 $2:{ association rawip_socket } recvfrom;
++
++ # Netlabel (CIPSO)-based labeled networking
++ # currently only supports MLS portion of label
++ corenet_raw_recvfrom_netlabel($1)
++')
++
++########################################
++##
++## Rules for receiving labeled packets via TCP, UDP and raw IP.
++##
++##
++##
++## Rules for receiving labeled packets via TCP, UDP and raw IP.
++##
++##
++## Due to the nature of TCP, the rules (for TCP
++## networking only) are bidirectional.
++##
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++##
++## Peer domain.
++##
++##
++#
++interface(`corenet_all_recvfrom_labeled',`
++ corenet_tcp_recvfrom_labeled($1,$2)
++ corenet_udp_recvfrom_labeled($1,$2)
++ corenet_raw_recvfrom_labeled($1,$2)
++')
++
++########################################
++##
++## Send generic client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_send_generic_client_packets',`
++ gen_require(`
++ type client_packet_t;
++ ')
++
++ allow $1 client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive generic client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_receive_generic_client_packets',`
++ gen_require(`
++ type client_packet_t;
++ ')
++
++ allow $1 client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive generic client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_sendrecv_generic_client_packets',`
++ corenet_send_generic_client_packets($1)
++ corenet_receive_generic_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to the generic client packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_generic_client_packets',`
++ gen_require(`
++ type client_packet_t;
++ ')
++
++ allow $1 client_packet_t:packet relabelto;
++')
++
++########################################
++##
++## Send generic server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_send_generic_server_packets',`
++ gen_require(`
++ type server_packet_t;
++ ')
++
++ allow $1 server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive generic server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_receive_generic_server_packets',`
++ gen_require(`
++ type server_packet_t;
++ ')
++
++ allow $1 server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive generic server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_sendrecv_generic_server_packets',`
++ corenet_send_generic_server_packets($1)
++ corenet_receive_generic_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to the generic server packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_generic_server_packets',`
++ gen_require(`
++ type server_packet_t;
++ ')
++
++ allow $1 server_packet_t:packet relabelto;
++')
++
++########################################
++##
++## Send and receive unlabeled packets.
++##
++##
++##
++## Send and receive unlabeled packets.
++## These packets do not match any netfilter
++## SECMARK rules.
++##
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_sendrecv_unlabeled_packets',`
++ kernel_sendrecv_unlabeled_packets($1)
++')
++
++########################################
++##
++## Send all client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_send_all_client_packets',`
++ gen_require(`
++ attribute client_packet_type;
++ ')
++
++ allow $1 client_packet_type:packet send;
++')
++
++########################################
++##
++## Receive all client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_receive_all_client_packets',`
++ gen_require(`
++ attribute client_packet_type;
++ ')
++
++ allow $1 client_packet_type:packet recv;
++')
++
++########################################
++##
++## Send and receive all client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_sendrecv_all_client_packets',`
++ corenet_send_all_client_packets($1)
++ corenet_receive_all_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to any client packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_all_client_packets',`
++ gen_require(`
++ attribute client_packet_type;
++ ')
++
++ allow $1 client_packet_type:packet relabelto;
++')
++
++########################################
++##
++## Send all server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_send_all_server_packets',`
++ gen_require(`
++ attribute server_packet_type;
++ ')
++
++ allow $1 server_packet_type:packet send;
++')
++
++########################################
++##
++## Receive all server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_receive_all_server_packets',`
++ gen_require(`
++ attribute server_packet_type;
++ ')
++
++ allow $1 server_packet_type:packet recv;
++')
++
++########################################
++##
++## Send and receive all server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_sendrecv_all_server_packets',`
++ corenet_send_all_server_packets($1)
++ corenet_receive_all_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to any server packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_all_server_packets',`
++ gen_require(`
++ attribute server_packet_type;
++ ')
++
++ allow $1 server_packet_type:packet relabelto;
++')
++
++########################################
++##
++## Send all packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_send_all_packets',`
++ gen_require(`
++ attribute packet_type;
++ ')
++
++ allow $1 packet_type:packet send;
++')
++
++########################################
++##
++## Receive all packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_receive_all_packets',`
++ gen_require(`
++ attribute packet_type;
++ ')
++
++ allow $1 packet_type:packet recv;
++')
++
++########################################
++##
++## Send and receive all packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_sendrecv_all_packets',`
++ corenet_send_all_packets($1)
++ corenet_receive_all_packets($1)
++')
++
++########################################
++##
++## Relabel packets to any packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_all_packets',`
++ gen_require(`
++ attribute packet_type;
++ ')
++
++ allow $1 packet_type:packet relabelto;
++')
++
++########################################
++##
++## Unconfined access to network objects.
++##
++##
++##
++## The domain allowed access.
++##
++##
++#
++interface(`corenet_unconfined',`
++ gen_require(`
++ attribute corenet_unconfined_type;
++ ')
++
++ typeattribute $1 corenet_unconfined_type;
++')
++#
++# shiftn(num,list...)
++#
++# shift the list num times
++#
++
++
++########################################
++#
++# Network Interface generated macros
++#
++########################################
++
++
++########################################
++#
++# Network node generated macros
++#
++########################################
++
++
++########################################
++#
++# Network port generated macros
++#
++########################################
++
++
++
++#
++# create_netif_*_interfaces(linux_interfacename)
++#
++
++
++
++#
++# network_interface(linux_interfacename,mls_sensitivity)
++#
++
++
++#
++# create_node_*_interfaces(node_name)
++#
++
++
++
++#
++# network_node(node_name,mls_sensitivity,address,netmask)
++#
++
++
++# These next three macros have formatting, and should not me indented
++
++#
++# create_port_*_interfaces(port_name, protocol,portnum,mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
++# (these wrap create_port_interfaces to handle attributes and types)
++
++
++
++#
++# network_port(port_name,protocol portnum mls_sensitivity [,protocol,portnum,mls_sensitivity[,...]])
++#
++
++
++#
++# network_packet(packet_name)
++#
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the afs_bos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ allow $1 afs_bos_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the afs_bos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ allow $1 afs_bos_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the afs_bos port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ dontaudit $1 afs_bos_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the afs_bos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ allow $1 afs_bos_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the afs_bos port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ dontaudit $1 afs_bos_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the afs_bos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_afs_bos_port',`
++ corenet_udp_send_afs_bos_port($1)
++ corenet_udp_receive_afs_bos_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the afs_bos port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_bos_port',`
++ corenet_dontaudit_udp_send_afs_bos_port($1)
++ corenet_dontaudit_udp_receive_afs_bos_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the afs_bos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ allow $1 afs_bos_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the afs_bos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ allow $1 afs_bos_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the afs_bos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_afs_bos_port',`
++ gen_require(`
++ type afs_bos_port_t;
++ ')
++
++ allow $1 afs_bos_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send afs_bos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_bos_client_packets',`
++ gen_require(`
++ type afs_bos_client_packet_t;
++ ')
++
++ allow $1 afs_bos_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_bos_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_bos_client_packets',`
++ gen_require(`
++ type afs_bos_client_packet_t;
++ ')
++
++ dontaudit $1 afs_bos_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_bos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_bos_client_packets',`
++ gen_require(`
++ type afs_bos_client_packet_t;
++ ')
++
++ allow $1 afs_bos_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_bos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_bos_client_packets',`
++ gen_require(`
++ type afs_bos_client_packet_t;
++ ')
++
++ dontaudit $1 afs_bos_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_bos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_bos_client_packets',`
++ corenet_send_afs_bos_client_packets($1)
++ corenet_receive_afs_bos_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_bos_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_bos_client_packets',`
++ corenet_dontaudit_send_afs_bos_client_packets($1)
++ corenet_dontaudit_receive_afs_bos_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_bos_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_bos_client_packets',`
++ gen_require(`
++ type afs_bos_client_packet_t;
++ ')
++
++ allow $1 afs_bos_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send afs_bos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_bos_server_packets',`
++ gen_require(`
++ type afs_bos_server_packet_t;
++ ')
++
++ allow $1 afs_bos_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_bos_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_bos_server_packets',`
++ gen_require(`
++ type afs_bos_server_packet_t;
++ ')
++
++ dontaudit $1 afs_bos_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_bos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_bos_server_packets',`
++ gen_require(`
++ type afs_bos_server_packet_t;
++ ')
++
++ allow $1 afs_bos_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_bos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_bos_server_packets',`
++ gen_require(`
++ type afs_bos_server_packet_t;
++ ')
++
++ dontaudit $1 afs_bos_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_bos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_bos_server_packets',`
++ corenet_send_afs_bos_server_packets($1)
++ corenet_receive_afs_bos_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_bos_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_bos_server_packets',`
++ corenet_dontaudit_send_afs_bos_server_packets($1)
++ corenet_dontaudit_receive_afs_bos_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_bos_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_bos_server_packets',`
++ gen_require(`
++ type afs_bos_server_packet_t;
++ ')
++
++ allow $1 afs_bos_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the afs_fs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ allow $1 afs_fs_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the afs_fs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ allow $1 afs_fs_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the afs_fs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ dontaudit $1 afs_fs_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the afs_fs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ allow $1 afs_fs_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the afs_fs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ dontaudit $1 afs_fs_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the afs_fs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_afs_fs_port',`
++ corenet_udp_send_afs_fs_port($1)
++ corenet_udp_receive_afs_fs_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the afs_fs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_fs_port',`
++ corenet_dontaudit_udp_send_afs_fs_port($1)
++ corenet_dontaudit_udp_receive_afs_fs_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the afs_fs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ allow $1 afs_fs_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the afs_fs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ allow $1 afs_fs_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the afs_fs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_afs_fs_port',`
++ gen_require(`
++ type afs_fs_port_t;
++ ')
++
++ allow $1 afs_fs_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send afs_fs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_fs_client_packets',`
++ gen_require(`
++ type afs_fs_client_packet_t;
++ ')
++
++ allow $1 afs_fs_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_fs_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_fs_client_packets',`
++ gen_require(`
++ type afs_fs_client_packet_t;
++ ')
++
++ dontaudit $1 afs_fs_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_fs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_fs_client_packets',`
++ gen_require(`
++ type afs_fs_client_packet_t;
++ ')
++
++ allow $1 afs_fs_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_fs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_fs_client_packets',`
++ gen_require(`
++ type afs_fs_client_packet_t;
++ ')
++
++ dontaudit $1 afs_fs_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_fs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_fs_client_packets',`
++ corenet_send_afs_fs_client_packets($1)
++ corenet_receive_afs_fs_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_fs_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_fs_client_packets',`
++ corenet_dontaudit_send_afs_fs_client_packets($1)
++ corenet_dontaudit_receive_afs_fs_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_fs_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_fs_client_packets',`
++ gen_require(`
++ type afs_fs_client_packet_t;
++ ')
++
++ allow $1 afs_fs_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send afs_fs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_fs_server_packets',`
++ gen_require(`
++ type afs_fs_server_packet_t;
++ ')
++
++ allow $1 afs_fs_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_fs_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_fs_server_packets',`
++ gen_require(`
++ type afs_fs_server_packet_t;
++ ')
++
++ dontaudit $1 afs_fs_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_fs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_fs_server_packets',`
++ gen_require(`
++ type afs_fs_server_packet_t;
++ ')
++
++ allow $1 afs_fs_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_fs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_fs_server_packets',`
++ gen_require(`
++ type afs_fs_server_packet_t;
++ ')
++
++ dontaudit $1 afs_fs_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_fs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_fs_server_packets',`
++ corenet_send_afs_fs_server_packets($1)
++ corenet_receive_afs_fs_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_fs_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_fs_server_packets',`
++ corenet_dontaudit_send_afs_fs_server_packets($1)
++ corenet_dontaudit_receive_afs_fs_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_fs_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_fs_server_packets',`
++ gen_require(`
++ type afs_fs_server_packet_t;
++ ')
++
++ allow $1 afs_fs_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the afs_ka port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ allow $1 afs_ka_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the afs_ka port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ allow $1 afs_ka_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the afs_ka port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ dontaudit $1 afs_ka_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the afs_ka port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ allow $1 afs_ka_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the afs_ka port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ dontaudit $1 afs_ka_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the afs_ka port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_afs_ka_port',`
++ corenet_udp_send_afs_ka_port($1)
++ corenet_udp_receive_afs_ka_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the afs_ka port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_ka_port',`
++ corenet_dontaudit_udp_send_afs_ka_port($1)
++ corenet_dontaudit_udp_receive_afs_ka_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the afs_ka port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ allow $1 afs_ka_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the afs_ka port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ allow $1 afs_ka_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the afs_ka port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_afs_ka_port',`
++ gen_require(`
++ type afs_ka_port_t;
++ ')
++
++ allow $1 afs_ka_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send afs_ka_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_ka_client_packets',`
++ gen_require(`
++ type afs_ka_client_packet_t;
++ ')
++
++ allow $1 afs_ka_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_ka_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_ka_client_packets',`
++ gen_require(`
++ type afs_ka_client_packet_t;
++ ')
++
++ dontaudit $1 afs_ka_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_ka_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_ka_client_packets',`
++ gen_require(`
++ type afs_ka_client_packet_t;
++ ')
++
++ allow $1 afs_ka_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_ka_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_ka_client_packets',`
++ gen_require(`
++ type afs_ka_client_packet_t;
++ ')
++
++ dontaudit $1 afs_ka_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_ka_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_ka_client_packets',`
++ corenet_send_afs_ka_client_packets($1)
++ corenet_receive_afs_ka_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_ka_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_ka_client_packets',`
++ corenet_dontaudit_send_afs_ka_client_packets($1)
++ corenet_dontaudit_receive_afs_ka_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_ka_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_ka_client_packets',`
++ gen_require(`
++ type afs_ka_client_packet_t;
++ ')
++
++ allow $1 afs_ka_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send afs_ka_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_ka_server_packets',`
++ gen_require(`
++ type afs_ka_server_packet_t;
++ ')
++
++ allow $1 afs_ka_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_ka_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_ka_server_packets',`
++ gen_require(`
++ type afs_ka_server_packet_t;
++ ')
++
++ dontaudit $1 afs_ka_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_ka_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_ka_server_packets',`
++ gen_require(`
++ type afs_ka_server_packet_t;
++ ')
++
++ allow $1 afs_ka_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_ka_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_ka_server_packets',`
++ gen_require(`
++ type afs_ka_server_packet_t;
++ ')
++
++ dontaudit $1 afs_ka_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_ka_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_ka_server_packets',`
++ corenet_send_afs_ka_server_packets($1)
++ corenet_receive_afs_ka_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_ka_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_ka_server_packets',`
++ corenet_dontaudit_send_afs_ka_server_packets($1)
++ corenet_dontaudit_receive_afs_ka_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_ka_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_ka_server_packets',`
++ gen_require(`
++ type afs_ka_server_packet_t;
++ ')
++
++ allow $1 afs_ka_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the afs_pt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ allow $1 afs_pt_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the afs_pt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ allow $1 afs_pt_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the afs_pt port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ dontaudit $1 afs_pt_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the afs_pt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ allow $1 afs_pt_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the afs_pt port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ dontaudit $1 afs_pt_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the afs_pt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_afs_pt_port',`
++ corenet_udp_send_afs_pt_port($1)
++ corenet_udp_receive_afs_pt_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the afs_pt port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_pt_port',`
++ corenet_dontaudit_udp_send_afs_pt_port($1)
++ corenet_dontaudit_udp_receive_afs_pt_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the afs_pt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ allow $1 afs_pt_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the afs_pt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ allow $1 afs_pt_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the afs_pt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_afs_pt_port',`
++ gen_require(`
++ type afs_pt_port_t;
++ ')
++
++ allow $1 afs_pt_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send afs_pt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_pt_client_packets',`
++ gen_require(`
++ type afs_pt_client_packet_t;
++ ')
++
++ allow $1 afs_pt_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_pt_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_pt_client_packets',`
++ gen_require(`
++ type afs_pt_client_packet_t;
++ ')
++
++ dontaudit $1 afs_pt_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_pt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_pt_client_packets',`
++ gen_require(`
++ type afs_pt_client_packet_t;
++ ')
++
++ allow $1 afs_pt_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_pt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_pt_client_packets',`
++ gen_require(`
++ type afs_pt_client_packet_t;
++ ')
++
++ dontaudit $1 afs_pt_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_pt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_pt_client_packets',`
++ corenet_send_afs_pt_client_packets($1)
++ corenet_receive_afs_pt_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_pt_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_pt_client_packets',`
++ corenet_dontaudit_send_afs_pt_client_packets($1)
++ corenet_dontaudit_receive_afs_pt_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_pt_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_pt_client_packets',`
++ gen_require(`
++ type afs_pt_client_packet_t;
++ ')
++
++ allow $1 afs_pt_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send afs_pt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_pt_server_packets',`
++ gen_require(`
++ type afs_pt_server_packet_t;
++ ')
++
++ allow $1 afs_pt_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_pt_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_pt_server_packets',`
++ gen_require(`
++ type afs_pt_server_packet_t;
++ ')
++
++ dontaudit $1 afs_pt_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_pt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_pt_server_packets',`
++ gen_require(`
++ type afs_pt_server_packet_t;
++ ')
++
++ allow $1 afs_pt_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_pt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_pt_server_packets',`
++ gen_require(`
++ type afs_pt_server_packet_t;
++ ')
++
++ dontaudit $1 afs_pt_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_pt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_pt_server_packets',`
++ corenet_send_afs_pt_server_packets($1)
++ corenet_receive_afs_pt_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_pt_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_pt_server_packets',`
++ corenet_dontaudit_send_afs_pt_server_packets($1)
++ corenet_dontaudit_receive_afs_pt_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_pt_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_pt_server_packets',`
++ gen_require(`
++ type afs_pt_server_packet_t;
++ ')
++
++ allow $1 afs_pt_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the afs_vl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ allow $1 afs_vl_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the afs_vl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ allow $1 afs_vl_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the afs_vl port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ dontaudit $1 afs_vl_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the afs_vl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ allow $1 afs_vl_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the afs_vl port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ dontaudit $1 afs_vl_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the afs_vl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_afs_vl_port',`
++ corenet_udp_send_afs_vl_port($1)
++ corenet_udp_receive_afs_vl_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the afs_vl port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_afs_vl_port',`
++ corenet_dontaudit_udp_send_afs_vl_port($1)
++ corenet_dontaudit_udp_receive_afs_vl_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the afs_vl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ allow $1 afs_vl_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the afs_vl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ allow $1 afs_vl_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the afs_vl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_afs_vl_port',`
++ gen_require(`
++ type afs_vl_port_t;
++ ')
++
++ allow $1 afs_vl_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send afs_vl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_vl_client_packets',`
++ gen_require(`
++ type afs_vl_client_packet_t;
++ ')
++
++ allow $1 afs_vl_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_vl_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_vl_client_packets',`
++ gen_require(`
++ type afs_vl_client_packet_t;
++ ')
++
++ dontaudit $1 afs_vl_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_vl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_vl_client_packets',`
++ gen_require(`
++ type afs_vl_client_packet_t;
++ ')
++
++ allow $1 afs_vl_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_vl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_vl_client_packets',`
++ gen_require(`
++ type afs_vl_client_packet_t;
++ ')
++
++ dontaudit $1 afs_vl_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_vl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_vl_client_packets',`
++ corenet_send_afs_vl_client_packets($1)
++ corenet_receive_afs_vl_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_vl_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_vl_client_packets',`
++ corenet_dontaudit_send_afs_vl_client_packets($1)
++ corenet_dontaudit_receive_afs_vl_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_vl_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_vl_client_packets',`
++ gen_require(`
++ type afs_vl_client_packet_t;
++ ')
++
++ allow $1 afs_vl_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send afs_vl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_afs_vl_server_packets',`
++ gen_require(`
++ type afs_vl_server_packet_t;
++ ')
++
++ allow $1 afs_vl_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send afs_vl_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_afs_vl_server_packets',`
++ gen_require(`
++ type afs_vl_server_packet_t;
++ ')
++
++ dontaudit $1 afs_vl_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive afs_vl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_afs_vl_server_packets',`
++ gen_require(`
++ type afs_vl_server_packet_t;
++ ')
++
++ allow $1 afs_vl_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive afs_vl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_afs_vl_server_packets',`
++ gen_require(`
++ type afs_vl_server_packet_t;
++ ')
++
++ dontaudit $1 afs_vl_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive afs_vl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_afs_vl_server_packets',`
++ corenet_send_afs_vl_server_packets($1)
++ corenet_receive_afs_vl_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive afs_vl_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_afs_vl_server_packets',`
++ corenet_dontaudit_send_afs_vl_server_packets($1)
++ corenet_dontaudit_receive_afs_vl_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to afs_vl_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_afs_vl_server_packets',`
++ gen_require(`
++ type afs_vl_server_packet_t;
++ ')
++
++ allow $1 afs_vl_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the amanda port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ allow $1 amanda_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the amanda port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ allow $1 amanda_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the amanda port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ dontaudit $1 amanda_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the amanda port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ allow $1 amanda_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the amanda port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ dontaudit $1 amanda_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the amanda port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_amanda_port',`
++ corenet_udp_send_amanda_port($1)
++ corenet_udp_receive_amanda_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the amanda port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_amanda_port',`
++ corenet_dontaudit_udp_send_amanda_port($1)
++ corenet_dontaudit_udp_receive_amanda_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the amanda port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ allow $1 amanda_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the amanda port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ allow $1 amanda_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the amanda port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_amanda_port',`
++ gen_require(`
++ type amanda_port_t;
++ ')
++
++ allow $1 amanda_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send amanda_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_amanda_client_packets',`
++ gen_require(`
++ type amanda_client_packet_t;
++ ')
++
++ allow $1 amanda_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send amanda_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_amanda_client_packets',`
++ gen_require(`
++ type amanda_client_packet_t;
++ ')
++
++ dontaudit $1 amanda_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive amanda_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_amanda_client_packets',`
++ gen_require(`
++ type amanda_client_packet_t;
++ ')
++
++ allow $1 amanda_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive amanda_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_amanda_client_packets',`
++ gen_require(`
++ type amanda_client_packet_t;
++ ')
++
++ dontaudit $1 amanda_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive amanda_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_amanda_client_packets',`
++ corenet_send_amanda_client_packets($1)
++ corenet_receive_amanda_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive amanda_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_amanda_client_packets',`
++ corenet_dontaudit_send_amanda_client_packets($1)
++ corenet_dontaudit_receive_amanda_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to amanda_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_amanda_client_packets',`
++ gen_require(`
++ type amanda_client_packet_t;
++ ')
++
++ allow $1 amanda_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send amanda_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_amanda_server_packets',`
++ gen_require(`
++ type amanda_server_packet_t;
++ ')
++
++ allow $1 amanda_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send amanda_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_amanda_server_packets',`
++ gen_require(`
++ type amanda_server_packet_t;
++ ')
++
++ dontaudit $1 amanda_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive amanda_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_amanda_server_packets',`
++ gen_require(`
++ type amanda_server_packet_t;
++ ')
++
++ allow $1 amanda_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive amanda_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_amanda_server_packets',`
++ gen_require(`
++ type amanda_server_packet_t;
++ ')
++
++ dontaudit $1 amanda_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive amanda_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_amanda_server_packets',`
++ corenet_send_amanda_server_packets($1)
++ corenet_receive_amanda_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive amanda_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_amanda_server_packets',`
++ corenet_dontaudit_send_amanda_server_packets($1)
++ corenet_dontaudit_receive_amanda_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to amanda_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_amanda_server_packets',`
++ gen_require(`
++ type amanda_server_packet_t;
++ ')
++
++ allow $1 amanda_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the amavisd_recv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ allow $1 amavisd_recv_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the amavisd_recv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ allow $1 amavisd_recv_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the amavisd_recv port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ dontaudit $1 amavisd_recv_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the amavisd_recv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ allow $1 amavisd_recv_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the amavisd_recv port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ dontaudit $1 amavisd_recv_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the amavisd_recv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_amavisd_recv_port',`
++ corenet_udp_send_amavisd_recv_port($1)
++ corenet_udp_receive_amavisd_recv_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the amavisd_recv port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_amavisd_recv_port',`
++ corenet_dontaudit_udp_send_amavisd_recv_port($1)
++ corenet_dontaudit_udp_receive_amavisd_recv_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the amavisd_recv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ allow $1 amavisd_recv_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the amavisd_recv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ allow $1 amavisd_recv_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the amavisd_recv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_amavisd_recv_port',`
++ gen_require(`
++ type amavisd_recv_port_t;
++ ')
++
++ allow $1 amavisd_recv_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send amavisd_recv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_amavisd_recv_client_packets',`
++ gen_require(`
++ type amavisd_recv_client_packet_t;
++ ')
++
++ allow $1 amavisd_recv_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send amavisd_recv_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_amavisd_recv_client_packets',`
++ gen_require(`
++ type amavisd_recv_client_packet_t;
++ ')
++
++ dontaudit $1 amavisd_recv_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive amavisd_recv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_amavisd_recv_client_packets',`
++ gen_require(`
++ type amavisd_recv_client_packet_t;
++ ')
++
++ allow $1 amavisd_recv_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive amavisd_recv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_amavisd_recv_client_packets',`
++ gen_require(`
++ type amavisd_recv_client_packet_t;
++ ')
++
++ dontaudit $1 amavisd_recv_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive amavisd_recv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_amavisd_recv_client_packets',`
++ corenet_send_amavisd_recv_client_packets($1)
++ corenet_receive_amavisd_recv_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive amavisd_recv_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_recv_client_packets',`
++ corenet_dontaudit_send_amavisd_recv_client_packets($1)
++ corenet_dontaudit_receive_amavisd_recv_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to amavisd_recv_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_amavisd_recv_client_packets',`
++ gen_require(`
++ type amavisd_recv_client_packet_t;
++ ')
++
++ allow $1 amavisd_recv_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send amavisd_recv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_amavisd_recv_server_packets',`
++ gen_require(`
++ type amavisd_recv_server_packet_t;
++ ')
++
++ allow $1 amavisd_recv_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send amavisd_recv_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_amavisd_recv_server_packets',`
++ gen_require(`
++ type amavisd_recv_server_packet_t;
++ ')
++
++ dontaudit $1 amavisd_recv_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive amavisd_recv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_amavisd_recv_server_packets',`
++ gen_require(`
++ type amavisd_recv_server_packet_t;
++ ')
++
++ allow $1 amavisd_recv_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive amavisd_recv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_amavisd_recv_server_packets',`
++ gen_require(`
++ type amavisd_recv_server_packet_t;
++ ')
++
++ dontaudit $1 amavisd_recv_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive amavisd_recv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_amavisd_recv_server_packets',`
++ corenet_send_amavisd_recv_server_packets($1)
++ corenet_receive_amavisd_recv_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive amavisd_recv_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_recv_server_packets',`
++ corenet_dontaudit_send_amavisd_recv_server_packets($1)
++ corenet_dontaudit_receive_amavisd_recv_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to amavisd_recv_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_amavisd_recv_server_packets',`
++ gen_require(`
++ type amavisd_recv_server_packet_t;
++ ')
++
++ allow $1 amavisd_recv_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the amavisd_send port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ allow $1 amavisd_send_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the amavisd_send port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ allow $1 amavisd_send_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the amavisd_send port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ dontaudit $1 amavisd_send_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the amavisd_send port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ allow $1 amavisd_send_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the amavisd_send port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ dontaudit $1 amavisd_send_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the amavisd_send port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_amavisd_send_port',`
++ corenet_udp_send_amavisd_send_port($1)
++ corenet_udp_receive_amavisd_send_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the amavisd_send port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_amavisd_send_port',`
++ corenet_dontaudit_udp_send_amavisd_send_port($1)
++ corenet_dontaudit_udp_receive_amavisd_send_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the amavisd_send port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ allow $1 amavisd_send_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the amavisd_send port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ allow $1 amavisd_send_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the amavisd_send port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_amavisd_send_port',`
++ gen_require(`
++ type amavisd_send_port_t;
++ ')
++
++ allow $1 amavisd_send_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send amavisd_send_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_amavisd_send_client_packets',`
++ gen_require(`
++ type amavisd_send_client_packet_t;
++ ')
++
++ allow $1 amavisd_send_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send amavisd_send_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_amavisd_send_client_packets',`
++ gen_require(`
++ type amavisd_send_client_packet_t;
++ ')
++
++ dontaudit $1 amavisd_send_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive amavisd_send_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_amavisd_send_client_packets',`
++ gen_require(`
++ type amavisd_send_client_packet_t;
++ ')
++
++ allow $1 amavisd_send_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive amavisd_send_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_amavisd_send_client_packets',`
++ gen_require(`
++ type amavisd_send_client_packet_t;
++ ')
++
++ dontaudit $1 amavisd_send_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive amavisd_send_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_amavisd_send_client_packets',`
++ corenet_send_amavisd_send_client_packets($1)
++ corenet_receive_amavisd_send_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive amavisd_send_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_send_client_packets',`
++ corenet_dontaudit_send_amavisd_send_client_packets($1)
++ corenet_dontaudit_receive_amavisd_send_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to amavisd_send_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_amavisd_send_client_packets',`
++ gen_require(`
++ type amavisd_send_client_packet_t;
++ ')
++
++ allow $1 amavisd_send_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send amavisd_send_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_amavisd_send_server_packets',`
++ gen_require(`
++ type amavisd_send_server_packet_t;
++ ')
++
++ allow $1 amavisd_send_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send amavisd_send_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_amavisd_send_server_packets',`
++ gen_require(`
++ type amavisd_send_server_packet_t;
++ ')
++
++ dontaudit $1 amavisd_send_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive amavisd_send_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_amavisd_send_server_packets',`
++ gen_require(`
++ type amavisd_send_server_packet_t;
++ ')
++
++ allow $1 amavisd_send_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive amavisd_send_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_amavisd_send_server_packets',`
++ gen_require(`
++ type amavisd_send_server_packet_t;
++ ')
++
++ dontaudit $1 amavisd_send_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive amavisd_send_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_amavisd_send_server_packets',`
++ corenet_send_amavisd_send_server_packets($1)
++ corenet_receive_amavisd_send_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive amavisd_send_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_amavisd_send_server_packets',`
++ corenet_dontaudit_send_amavisd_send_server_packets($1)
++ corenet_dontaudit_receive_amavisd_send_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to amavisd_send_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_amavisd_send_server_packets',`
++ gen_require(`
++ type amavisd_send_server_packet_t;
++ ')
++
++ allow $1 amavisd_send_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the aol port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ allow $1 aol_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the aol port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ allow $1 aol_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the aol port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ dontaudit $1 aol_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the aol port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ allow $1 aol_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the aol port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ dontaudit $1 aol_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the aol port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_aol_port',`
++ corenet_udp_send_aol_port($1)
++ corenet_udp_receive_aol_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the aol port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_aol_port',`
++ corenet_dontaudit_udp_send_aol_port($1)
++ corenet_dontaudit_udp_receive_aol_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the aol port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ allow $1 aol_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the aol port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ allow $1 aol_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the aol port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_aol_port',`
++ gen_require(`
++ type aol_port_t;
++ ')
++
++ allow $1 aol_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send aol_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_aol_client_packets',`
++ gen_require(`
++ type aol_client_packet_t;
++ ')
++
++ allow $1 aol_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send aol_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_aol_client_packets',`
++ gen_require(`
++ type aol_client_packet_t;
++ ')
++
++ dontaudit $1 aol_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive aol_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_aol_client_packets',`
++ gen_require(`
++ type aol_client_packet_t;
++ ')
++
++ allow $1 aol_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive aol_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_aol_client_packets',`
++ gen_require(`
++ type aol_client_packet_t;
++ ')
++
++ dontaudit $1 aol_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive aol_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_aol_client_packets',`
++ corenet_send_aol_client_packets($1)
++ corenet_receive_aol_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive aol_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_aol_client_packets',`
++ corenet_dontaudit_send_aol_client_packets($1)
++ corenet_dontaudit_receive_aol_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to aol_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_aol_client_packets',`
++ gen_require(`
++ type aol_client_packet_t;
++ ')
++
++ allow $1 aol_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send aol_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_aol_server_packets',`
++ gen_require(`
++ type aol_server_packet_t;
++ ')
++
++ allow $1 aol_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send aol_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_aol_server_packets',`
++ gen_require(`
++ type aol_server_packet_t;
++ ')
++
++ dontaudit $1 aol_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive aol_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_aol_server_packets',`
++ gen_require(`
++ type aol_server_packet_t;
++ ')
++
++ allow $1 aol_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive aol_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_aol_server_packets',`
++ gen_require(`
++ type aol_server_packet_t;
++ ')
++
++ dontaudit $1 aol_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive aol_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_aol_server_packets',`
++ corenet_send_aol_server_packets($1)
++ corenet_receive_aol_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive aol_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_aol_server_packets',`
++ corenet_dontaudit_send_aol_server_packets($1)
++ corenet_dontaudit_receive_aol_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to aol_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_aol_server_packets',`
++ gen_require(`
++ type aol_server_packet_t;
++ ')
++
++ allow $1 aol_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the apcupsd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ allow $1 apcupsd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the apcupsd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ allow $1 apcupsd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the apcupsd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ dontaudit $1 apcupsd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the apcupsd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ allow $1 apcupsd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the apcupsd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ dontaudit $1 apcupsd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the apcupsd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_apcupsd_port',`
++ corenet_udp_send_apcupsd_port($1)
++ corenet_udp_receive_apcupsd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the apcupsd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_apcupsd_port',`
++ corenet_dontaudit_udp_send_apcupsd_port($1)
++ corenet_dontaudit_udp_receive_apcupsd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the apcupsd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ allow $1 apcupsd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the apcupsd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ allow $1 apcupsd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the apcupsd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_apcupsd_port',`
++ gen_require(`
++ type apcupsd_port_t;
++ ')
++
++ allow $1 apcupsd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send apcupsd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_apcupsd_client_packets',`
++ gen_require(`
++ type apcupsd_client_packet_t;
++ ')
++
++ allow $1 apcupsd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send apcupsd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_apcupsd_client_packets',`
++ gen_require(`
++ type apcupsd_client_packet_t;
++ ')
++
++ dontaudit $1 apcupsd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive apcupsd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_apcupsd_client_packets',`
++ gen_require(`
++ type apcupsd_client_packet_t;
++ ')
++
++ allow $1 apcupsd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive apcupsd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_apcupsd_client_packets',`
++ gen_require(`
++ type apcupsd_client_packet_t;
++ ')
++
++ dontaudit $1 apcupsd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive apcupsd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_apcupsd_client_packets',`
++ corenet_send_apcupsd_client_packets($1)
++ corenet_receive_apcupsd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive apcupsd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_apcupsd_client_packets',`
++ corenet_dontaudit_send_apcupsd_client_packets($1)
++ corenet_dontaudit_receive_apcupsd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to apcupsd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_apcupsd_client_packets',`
++ gen_require(`
++ type apcupsd_client_packet_t;
++ ')
++
++ allow $1 apcupsd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send apcupsd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_apcupsd_server_packets',`
++ gen_require(`
++ type apcupsd_server_packet_t;
++ ')
++
++ allow $1 apcupsd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send apcupsd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_apcupsd_server_packets',`
++ gen_require(`
++ type apcupsd_server_packet_t;
++ ')
++
++ dontaudit $1 apcupsd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive apcupsd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_apcupsd_server_packets',`
++ gen_require(`
++ type apcupsd_server_packet_t;
++ ')
++
++ allow $1 apcupsd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive apcupsd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_apcupsd_server_packets',`
++ gen_require(`
++ type apcupsd_server_packet_t;
++ ')
++
++ dontaudit $1 apcupsd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive apcupsd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_apcupsd_server_packets',`
++ corenet_send_apcupsd_server_packets($1)
++ corenet_receive_apcupsd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive apcupsd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_apcupsd_server_packets',`
++ corenet_dontaudit_send_apcupsd_server_packets($1)
++ corenet_dontaudit_receive_apcupsd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to apcupsd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_apcupsd_server_packets',`
++ gen_require(`
++ type apcupsd_server_packet_t;
++ ')
++
++ allow $1 apcupsd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the asterisk port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ allow $1 asterisk_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the asterisk port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ allow $1 asterisk_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the asterisk port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ dontaudit $1 asterisk_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the asterisk port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ allow $1 asterisk_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the asterisk port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ dontaudit $1 asterisk_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the asterisk port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_asterisk_port',`
++ corenet_udp_send_asterisk_port($1)
++ corenet_udp_receive_asterisk_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the asterisk port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_asterisk_port',`
++ corenet_dontaudit_udp_send_asterisk_port($1)
++ corenet_dontaudit_udp_receive_asterisk_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the asterisk port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ allow $1 asterisk_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the asterisk port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ allow $1 asterisk_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the asterisk port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_asterisk_port',`
++ gen_require(`
++ type asterisk_port_t;
++ ')
++
++ allow $1 asterisk_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send asterisk_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_asterisk_client_packets',`
++ gen_require(`
++ type asterisk_client_packet_t;
++ ')
++
++ allow $1 asterisk_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send asterisk_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_asterisk_client_packets',`
++ gen_require(`
++ type asterisk_client_packet_t;
++ ')
++
++ dontaudit $1 asterisk_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive asterisk_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_asterisk_client_packets',`
++ gen_require(`
++ type asterisk_client_packet_t;
++ ')
++
++ allow $1 asterisk_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive asterisk_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_asterisk_client_packets',`
++ gen_require(`
++ type asterisk_client_packet_t;
++ ')
++
++ dontaudit $1 asterisk_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive asterisk_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_asterisk_client_packets',`
++ corenet_send_asterisk_client_packets($1)
++ corenet_receive_asterisk_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive asterisk_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_asterisk_client_packets',`
++ corenet_dontaudit_send_asterisk_client_packets($1)
++ corenet_dontaudit_receive_asterisk_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to asterisk_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_asterisk_client_packets',`
++ gen_require(`
++ type asterisk_client_packet_t;
++ ')
++
++ allow $1 asterisk_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send asterisk_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_asterisk_server_packets',`
++ gen_require(`
++ type asterisk_server_packet_t;
++ ')
++
++ allow $1 asterisk_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send asterisk_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_asterisk_server_packets',`
++ gen_require(`
++ type asterisk_server_packet_t;
++ ')
++
++ dontaudit $1 asterisk_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive asterisk_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_asterisk_server_packets',`
++ gen_require(`
++ type asterisk_server_packet_t;
++ ')
++
++ allow $1 asterisk_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive asterisk_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_asterisk_server_packets',`
++ gen_require(`
++ type asterisk_server_packet_t;
++ ')
++
++ dontaudit $1 asterisk_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive asterisk_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_asterisk_server_packets',`
++ corenet_send_asterisk_server_packets($1)
++ corenet_receive_asterisk_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive asterisk_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_asterisk_server_packets',`
++ corenet_dontaudit_send_asterisk_server_packets($1)
++ corenet_dontaudit_receive_asterisk_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to asterisk_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_asterisk_server_packets',`
++ gen_require(`
++ type asterisk_server_packet_t;
++ ')
++
++ allow $1 asterisk_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the audit port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ allow $1 audit_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the audit port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ allow $1 audit_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the audit port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ dontaudit $1 audit_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the audit port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ allow $1 audit_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the audit port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ dontaudit $1 audit_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the audit port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_audit_port',`
++ corenet_udp_send_audit_port($1)
++ corenet_udp_receive_audit_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the audit port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_audit_port',`
++ corenet_dontaudit_udp_send_audit_port($1)
++ corenet_dontaudit_udp_receive_audit_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the audit port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ allow $1 audit_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the audit port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ allow $1 audit_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the audit port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_audit_port',`
++ gen_require(`
++ type audit_port_t;
++ ')
++
++ allow $1 audit_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send audit_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_audit_client_packets',`
++ gen_require(`
++ type audit_client_packet_t;
++ ')
++
++ allow $1 audit_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send audit_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_audit_client_packets',`
++ gen_require(`
++ type audit_client_packet_t;
++ ')
++
++ dontaudit $1 audit_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive audit_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_audit_client_packets',`
++ gen_require(`
++ type audit_client_packet_t;
++ ')
++
++ allow $1 audit_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive audit_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_audit_client_packets',`
++ gen_require(`
++ type audit_client_packet_t;
++ ')
++
++ dontaudit $1 audit_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive audit_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_audit_client_packets',`
++ corenet_send_audit_client_packets($1)
++ corenet_receive_audit_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive audit_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_audit_client_packets',`
++ corenet_dontaudit_send_audit_client_packets($1)
++ corenet_dontaudit_receive_audit_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to audit_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_audit_client_packets',`
++ gen_require(`
++ type audit_client_packet_t;
++ ')
++
++ allow $1 audit_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send audit_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_audit_server_packets',`
++ gen_require(`
++ type audit_server_packet_t;
++ ')
++
++ allow $1 audit_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send audit_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_audit_server_packets',`
++ gen_require(`
++ type audit_server_packet_t;
++ ')
++
++ dontaudit $1 audit_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive audit_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_audit_server_packets',`
++ gen_require(`
++ type audit_server_packet_t;
++ ')
++
++ allow $1 audit_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive audit_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_audit_server_packets',`
++ gen_require(`
++ type audit_server_packet_t;
++ ')
++
++ dontaudit $1 audit_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive audit_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_audit_server_packets',`
++ corenet_send_audit_server_packets($1)
++ corenet_receive_audit_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive audit_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_audit_server_packets',`
++ corenet_dontaudit_send_audit_server_packets($1)
++ corenet_dontaudit_receive_audit_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to audit_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_audit_server_packets',`
++ gen_require(`
++ type audit_server_packet_t;
++ ')
++
++ allow $1 audit_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the auth port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ allow $1 auth_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the auth port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ allow $1 auth_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the auth port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ dontaudit $1 auth_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the auth port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ allow $1 auth_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the auth port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ dontaudit $1 auth_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the auth port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_auth_port',`
++ corenet_udp_send_auth_port($1)
++ corenet_udp_receive_auth_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the auth port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_auth_port',`
++ corenet_dontaudit_udp_send_auth_port($1)
++ corenet_dontaudit_udp_receive_auth_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the auth port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ allow $1 auth_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the auth port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ allow $1 auth_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the auth port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_auth_port',`
++ gen_require(`
++ type auth_port_t;
++ ')
++
++ allow $1 auth_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send auth_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_auth_client_packets',`
++ gen_require(`
++ type auth_client_packet_t;
++ ')
++
++ allow $1 auth_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send auth_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_auth_client_packets',`
++ gen_require(`
++ type auth_client_packet_t;
++ ')
++
++ dontaudit $1 auth_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive auth_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_auth_client_packets',`
++ gen_require(`
++ type auth_client_packet_t;
++ ')
++
++ allow $1 auth_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive auth_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_auth_client_packets',`
++ gen_require(`
++ type auth_client_packet_t;
++ ')
++
++ dontaudit $1 auth_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive auth_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_auth_client_packets',`
++ corenet_send_auth_client_packets($1)
++ corenet_receive_auth_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive auth_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_auth_client_packets',`
++ corenet_dontaudit_send_auth_client_packets($1)
++ corenet_dontaudit_receive_auth_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to auth_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_auth_client_packets',`
++ gen_require(`
++ type auth_client_packet_t;
++ ')
++
++ allow $1 auth_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send auth_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_auth_server_packets',`
++ gen_require(`
++ type auth_server_packet_t;
++ ')
++
++ allow $1 auth_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send auth_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_auth_server_packets',`
++ gen_require(`
++ type auth_server_packet_t;
++ ')
++
++ dontaudit $1 auth_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive auth_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_auth_server_packets',`
++ gen_require(`
++ type auth_server_packet_t;
++ ')
++
++ allow $1 auth_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive auth_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_auth_server_packets',`
++ gen_require(`
++ type auth_server_packet_t;
++ ')
++
++ dontaudit $1 auth_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive auth_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_auth_server_packets',`
++ corenet_send_auth_server_packets($1)
++ corenet_receive_auth_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive auth_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_auth_server_packets',`
++ corenet_dontaudit_send_auth_server_packets($1)
++ corenet_dontaudit_receive_auth_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to auth_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_auth_server_packets',`
++ gen_require(`
++ type auth_server_packet_t;
++ ')
++
++ allow $1 auth_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the bgp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ allow $1 bgp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the bgp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ allow $1 bgp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the bgp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ dontaudit $1 bgp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the bgp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ allow $1 bgp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the bgp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ dontaudit $1 bgp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the bgp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_bgp_port',`
++ corenet_udp_send_bgp_port($1)
++ corenet_udp_receive_bgp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the bgp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_bgp_port',`
++ corenet_dontaudit_udp_send_bgp_port($1)
++ corenet_dontaudit_udp_receive_bgp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the bgp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ allow $1 bgp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the bgp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ allow $1 bgp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the bgp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_bgp_port',`
++ gen_require(`
++ type bgp_port_t;
++ ')
++
++ allow $1 bgp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send bgp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_bgp_client_packets',`
++ gen_require(`
++ type bgp_client_packet_t;
++ ')
++
++ allow $1 bgp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send bgp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_bgp_client_packets',`
++ gen_require(`
++ type bgp_client_packet_t;
++ ')
++
++ dontaudit $1 bgp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive bgp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_bgp_client_packets',`
++ gen_require(`
++ type bgp_client_packet_t;
++ ')
++
++ allow $1 bgp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive bgp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_bgp_client_packets',`
++ gen_require(`
++ type bgp_client_packet_t;
++ ')
++
++ dontaudit $1 bgp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive bgp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_bgp_client_packets',`
++ corenet_send_bgp_client_packets($1)
++ corenet_receive_bgp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive bgp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_bgp_client_packets',`
++ corenet_dontaudit_send_bgp_client_packets($1)
++ corenet_dontaudit_receive_bgp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to bgp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_bgp_client_packets',`
++ gen_require(`
++ type bgp_client_packet_t;
++ ')
++
++ allow $1 bgp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send bgp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_bgp_server_packets',`
++ gen_require(`
++ type bgp_server_packet_t;
++ ')
++
++ allow $1 bgp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send bgp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_bgp_server_packets',`
++ gen_require(`
++ type bgp_server_packet_t;
++ ')
++
++ dontaudit $1 bgp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive bgp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_bgp_server_packets',`
++ gen_require(`
++ type bgp_server_packet_t;
++ ')
++
++ allow $1 bgp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive bgp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_bgp_server_packets',`
++ gen_require(`
++ type bgp_server_packet_t;
++ ')
++
++ dontaudit $1 bgp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive bgp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_bgp_server_packets',`
++ corenet_send_bgp_server_packets($1)
++ corenet_receive_bgp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive bgp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_bgp_server_packets',`
++ corenet_dontaudit_send_bgp_server_packets($1)
++ corenet_dontaudit_receive_bgp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to bgp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_bgp_server_packets',`
++ gen_require(`
++ type bgp_server_packet_t;
++ ')
++
++ allow $1 bgp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the clamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ allow $1 clamd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the clamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ allow $1 clamd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the clamd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ dontaudit $1 clamd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the clamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ allow $1 clamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the clamd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ dontaudit $1 clamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the clamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_clamd_port',`
++ corenet_udp_send_clamd_port($1)
++ corenet_udp_receive_clamd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the clamd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_clamd_port',`
++ corenet_dontaudit_udp_send_clamd_port($1)
++ corenet_dontaudit_udp_receive_clamd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the clamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ allow $1 clamd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the clamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ allow $1 clamd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the clamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_clamd_port',`
++ gen_require(`
++ type clamd_port_t;
++ ')
++
++ allow $1 clamd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send clamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_clamd_client_packets',`
++ gen_require(`
++ type clamd_client_packet_t;
++ ')
++
++ allow $1 clamd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send clamd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_clamd_client_packets',`
++ gen_require(`
++ type clamd_client_packet_t;
++ ')
++
++ dontaudit $1 clamd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive clamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_clamd_client_packets',`
++ gen_require(`
++ type clamd_client_packet_t;
++ ')
++
++ allow $1 clamd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive clamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_clamd_client_packets',`
++ gen_require(`
++ type clamd_client_packet_t;
++ ')
++
++ dontaudit $1 clamd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive clamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_clamd_client_packets',`
++ corenet_send_clamd_client_packets($1)
++ corenet_receive_clamd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive clamd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_clamd_client_packets',`
++ corenet_dontaudit_send_clamd_client_packets($1)
++ corenet_dontaudit_receive_clamd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to clamd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_clamd_client_packets',`
++ gen_require(`
++ type clamd_client_packet_t;
++ ')
++
++ allow $1 clamd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send clamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_clamd_server_packets',`
++ gen_require(`
++ type clamd_server_packet_t;
++ ')
++
++ allow $1 clamd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send clamd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_clamd_server_packets',`
++ gen_require(`
++ type clamd_server_packet_t;
++ ')
++
++ dontaudit $1 clamd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive clamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_clamd_server_packets',`
++ gen_require(`
++ type clamd_server_packet_t;
++ ')
++
++ allow $1 clamd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive clamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_clamd_server_packets',`
++ gen_require(`
++ type clamd_server_packet_t;
++ ')
++
++ dontaudit $1 clamd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive clamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_clamd_server_packets',`
++ corenet_send_clamd_server_packets($1)
++ corenet_receive_clamd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive clamd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_clamd_server_packets',`
++ corenet_dontaudit_send_clamd_server_packets($1)
++ corenet_dontaudit_receive_clamd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to clamd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_clamd_server_packets',`
++ gen_require(`
++ type clamd_server_packet_t;
++ ')
++
++ allow $1 clamd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the clockspeed port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ allow $1 clockspeed_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the clockspeed port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ allow $1 clockspeed_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the clockspeed port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ dontaudit $1 clockspeed_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the clockspeed port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ allow $1 clockspeed_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the clockspeed port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ dontaudit $1 clockspeed_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the clockspeed port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_clockspeed_port',`
++ corenet_udp_send_clockspeed_port($1)
++ corenet_udp_receive_clockspeed_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the clockspeed port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_clockspeed_port',`
++ corenet_dontaudit_udp_send_clockspeed_port($1)
++ corenet_dontaudit_udp_receive_clockspeed_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the clockspeed port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ allow $1 clockspeed_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the clockspeed port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ allow $1 clockspeed_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the clockspeed port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_clockspeed_port',`
++ gen_require(`
++ type clockspeed_port_t;
++ ')
++
++ allow $1 clockspeed_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send clockspeed_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_clockspeed_client_packets',`
++ gen_require(`
++ type clockspeed_client_packet_t;
++ ')
++
++ allow $1 clockspeed_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send clockspeed_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_clockspeed_client_packets',`
++ gen_require(`
++ type clockspeed_client_packet_t;
++ ')
++
++ dontaudit $1 clockspeed_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive clockspeed_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_clockspeed_client_packets',`
++ gen_require(`
++ type clockspeed_client_packet_t;
++ ')
++
++ allow $1 clockspeed_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive clockspeed_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_clockspeed_client_packets',`
++ gen_require(`
++ type clockspeed_client_packet_t;
++ ')
++
++ dontaudit $1 clockspeed_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive clockspeed_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_clockspeed_client_packets',`
++ corenet_send_clockspeed_client_packets($1)
++ corenet_receive_clockspeed_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive clockspeed_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_clockspeed_client_packets',`
++ corenet_dontaudit_send_clockspeed_client_packets($1)
++ corenet_dontaudit_receive_clockspeed_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to clockspeed_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_clockspeed_client_packets',`
++ gen_require(`
++ type clockspeed_client_packet_t;
++ ')
++
++ allow $1 clockspeed_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send clockspeed_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_clockspeed_server_packets',`
++ gen_require(`
++ type clockspeed_server_packet_t;
++ ')
++
++ allow $1 clockspeed_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send clockspeed_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_clockspeed_server_packets',`
++ gen_require(`
++ type clockspeed_server_packet_t;
++ ')
++
++ dontaudit $1 clockspeed_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive clockspeed_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_clockspeed_server_packets',`
++ gen_require(`
++ type clockspeed_server_packet_t;
++ ')
++
++ allow $1 clockspeed_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive clockspeed_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_clockspeed_server_packets',`
++ gen_require(`
++ type clockspeed_server_packet_t;
++ ')
++
++ dontaudit $1 clockspeed_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive clockspeed_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_clockspeed_server_packets',`
++ corenet_send_clockspeed_server_packets($1)
++ corenet_receive_clockspeed_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive clockspeed_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_clockspeed_server_packets',`
++ corenet_dontaudit_send_clockspeed_server_packets($1)
++ corenet_dontaudit_receive_clockspeed_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to clockspeed_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_clockspeed_server_packets',`
++ gen_require(`
++ type clockspeed_server_packet_t;
++ ')
++
++ allow $1 clockspeed_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the cluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ allow $1 cluster_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the cluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ allow $1 cluster_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the cluster port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ dontaudit $1 cluster_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the cluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ allow $1 cluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the cluster port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ dontaudit $1 cluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the cluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_cluster_port',`
++ corenet_udp_send_cluster_port($1)
++ corenet_udp_receive_cluster_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the cluster port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_cluster_port',`
++ corenet_dontaudit_udp_send_cluster_port($1)
++ corenet_dontaudit_udp_receive_cluster_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the cluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ allow $1 cluster_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the cluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ allow $1 cluster_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the cluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_cluster_port',`
++ gen_require(`
++ type cluster_port_t;
++ ')
++
++ allow $1 cluster_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send cluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_cluster_client_packets',`
++ gen_require(`
++ type cluster_client_packet_t;
++ ')
++
++ allow $1 cluster_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send cluster_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_cluster_client_packets',`
++ gen_require(`
++ type cluster_client_packet_t;
++ ')
++
++ dontaudit $1 cluster_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive cluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_cluster_client_packets',`
++ gen_require(`
++ type cluster_client_packet_t;
++ ')
++
++ allow $1 cluster_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive cluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_cluster_client_packets',`
++ gen_require(`
++ type cluster_client_packet_t;
++ ')
++
++ dontaudit $1 cluster_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive cluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_cluster_client_packets',`
++ corenet_send_cluster_client_packets($1)
++ corenet_receive_cluster_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive cluster_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_cluster_client_packets',`
++ corenet_dontaudit_send_cluster_client_packets($1)
++ corenet_dontaudit_receive_cluster_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to cluster_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_cluster_client_packets',`
++ gen_require(`
++ type cluster_client_packet_t;
++ ')
++
++ allow $1 cluster_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send cluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_cluster_server_packets',`
++ gen_require(`
++ type cluster_server_packet_t;
++ ')
++
++ allow $1 cluster_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send cluster_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_cluster_server_packets',`
++ gen_require(`
++ type cluster_server_packet_t;
++ ')
++
++ dontaudit $1 cluster_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive cluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_cluster_server_packets',`
++ gen_require(`
++ type cluster_server_packet_t;
++ ')
++
++ allow $1 cluster_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive cluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_cluster_server_packets',`
++ gen_require(`
++ type cluster_server_packet_t;
++ ')
++
++ dontaudit $1 cluster_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive cluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_cluster_server_packets',`
++ corenet_send_cluster_server_packets($1)
++ corenet_receive_cluster_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive cluster_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_cluster_server_packets',`
++ corenet_dontaudit_send_cluster_server_packets($1)
++ corenet_dontaudit_receive_cluster_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to cluster_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_cluster_server_packets',`
++ gen_require(`
++ type cluster_server_packet_t;
++ ')
++
++ allow $1 cluster_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the comsat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ allow $1 comsat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the comsat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ allow $1 comsat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the comsat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ dontaudit $1 comsat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the comsat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ allow $1 comsat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the comsat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ dontaudit $1 comsat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the comsat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_comsat_port',`
++ corenet_udp_send_comsat_port($1)
++ corenet_udp_receive_comsat_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the comsat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_comsat_port',`
++ corenet_dontaudit_udp_send_comsat_port($1)
++ corenet_dontaudit_udp_receive_comsat_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the comsat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ allow $1 comsat_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the comsat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ allow $1 comsat_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the comsat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_comsat_port',`
++ gen_require(`
++ type comsat_port_t;
++ ')
++
++ allow $1 comsat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send comsat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_comsat_client_packets',`
++ gen_require(`
++ type comsat_client_packet_t;
++ ')
++
++ allow $1 comsat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send comsat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_comsat_client_packets',`
++ gen_require(`
++ type comsat_client_packet_t;
++ ')
++
++ dontaudit $1 comsat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive comsat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_comsat_client_packets',`
++ gen_require(`
++ type comsat_client_packet_t;
++ ')
++
++ allow $1 comsat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive comsat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_comsat_client_packets',`
++ gen_require(`
++ type comsat_client_packet_t;
++ ')
++
++ dontaudit $1 comsat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive comsat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_comsat_client_packets',`
++ corenet_send_comsat_client_packets($1)
++ corenet_receive_comsat_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive comsat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_comsat_client_packets',`
++ corenet_dontaudit_send_comsat_client_packets($1)
++ corenet_dontaudit_receive_comsat_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to comsat_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_comsat_client_packets',`
++ gen_require(`
++ type comsat_client_packet_t;
++ ')
++
++ allow $1 comsat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send comsat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_comsat_server_packets',`
++ gen_require(`
++ type comsat_server_packet_t;
++ ')
++
++ allow $1 comsat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send comsat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_comsat_server_packets',`
++ gen_require(`
++ type comsat_server_packet_t;
++ ')
++
++ dontaudit $1 comsat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive comsat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_comsat_server_packets',`
++ gen_require(`
++ type comsat_server_packet_t;
++ ')
++
++ allow $1 comsat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive comsat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_comsat_server_packets',`
++ gen_require(`
++ type comsat_server_packet_t;
++ ')
++
++ dontaudit $1 comsat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive comsat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_comsat_server_packets',`
++ corenet_send_comsat_server_packets($1)
++ corenet_receive_comsat_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive comsat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_comsat_server_packets',`
++ corenet_dontaudit_send_comsat_server_packets($1)
++ corenet_dontaudit_receive_comsat_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to comsat_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_comsat_server_packets',`
++ gen_require(`
++ type comsat_server_packet_t;
++ ')
++
++ allow $1 comsat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the cyphesis port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ allow $1 cyphesis_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the cyphesis port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ allow $1 cyphesis_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the cyphesis port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ dontaudit $1 cyphesis_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the cyphesis port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ allow $1 cyphesis_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the cyphesis port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ dontaudit $1 cyphesis_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the cyphesis port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_cyphesis_port',`
++ corenet_udp_send_cyphesis_port($1)
++ corenet_udp_receive_cyphesis_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the cyphesis port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_cyphesis_port',`
++ corenet_dontaudit_udp_send_cyphesis_port($1)
++ corenet_dontaudit_udp_receive_cyphesis_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the cyphesis port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ allow $1 cyphesis_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the cyphesis port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ allow $1 cyphesis_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the cyphesis port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_cyphesis_port',`
++ gen_require(`
++ type cyphesis_port_t;
++ ')
++
++ allow $1 cyphesis_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send cyphesis_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_cyphesis_client_packets',`
++ gen_require(`
++ type cyphesis_client_packet_t;
++ ')
++
++ allow $1 cyphesis_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send cyphesis_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_cyphesis_client_packets',`
++ gen_require(`
++ type cyphesis_client_packet_t;
++ ')
++
++ dontaudit $1 cyphesis_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive cyphesis_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_cyphesis_client_packets',`
++ gen_require(`
++ type cyphesis_client_packet_t;
++ ')
++
++ allow $1 cyphesis_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive cyphesis_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_cyphesis_client_packets',`
++ gen_require(`
++ type cyphesis_client_packet_t;
++ ')
++
++ dontaudit $1 cyphesis_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive cyphesis_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_cyphesis_client_packets',`
++ corenet_send_cyphesis_client_packets($1)
++ corenet_receive_cyphesis_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive cyphesis_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_cyphesis_client_packets',`
++ corenet_dontaudit_send_cyphesis_client_packets($1)
++ corenet_dontaudit_receive_cyphesis_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to cyphesis_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_cyphesis_client_packets',`
++ gen_require(`
++ type cyphesis_client_packet_t;
++ ')
++
++ allow $1 cyphesis_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send cyphesis_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_cyphesis_server_packets',`
++ gen_require(`
++ type cyphesis_server_packet_t;
++ ')
++
++ allow $1 cyphesis_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send cyphesis_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_cyphesis_server_packets',`
++ gen_require(`
++ type cyphesis_server_packet_t;
++ ')
++
++ dontaudit $1 cyphesis_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive cyphesis_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_cyphesis_server_packets',`
++ gen_require(`
++ type cyphesis_server_packet_t;
++ ')
++
++ allow $1 cyphesis_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive cyphesis_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_cyphesis_server_packets',`
++ gen_require(`
++ type cyphesis_server_packet_t;
++ ')
++
++ dontaudit $1 cyphesis_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive cyphesis_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_cyphesis_server_packets',`
++ corenet_send_cyphesis_server_packets($1)
++ corenet_receive_cyphesis_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive cyphesis_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_cyphesis_server_packets',`
++ corenet_dontaudit_send_cyphesis_server_packets($1)
++ corenet_dontaudit_receive_cyphesis_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to cyphesis_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_cyphesis_server_packets',`
++ gen_require(`
++ type cyphesis_server_packet_t;
++ ')
++
++ allow $1 cyphesis_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the cvs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ allow $1 cvs_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the cvs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ allow $1 cvs_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the cvs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ dontaudit $1 cvs_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the cvs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ allow $1 cvs_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the cvs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ dontaudit $1 cvs_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the cvs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_cvs_port',`
++ corenet_udp_send_cvs_port($1)
++ corenet_udp_receive_cvs_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the cvs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_cvs_port',`
++ corenet_dontaudit_udp_send_cvs_port($1)
++ corenet_dontaudit_udp_receive_cvs_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the cvs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ allow $1 cvs_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the cvs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ allow $1 cvs_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the cvs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_cvs_port',`
++ gen_require(`
++ type cvs_port_t;
++ ')
++
++ allow $1 cvs_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send cvs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_cvs_client_packets',`
++ gen_require(`
++ type cvs_client_packet_t;
++ ')
++
++ allow $1 cvs_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send cvs_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_cvs_client_packets',`
++ gen_require(`
++ type cvs_client_packet_t;
++ ')
++
++ dontaudit $1 cvs_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive cvs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_cvs_client_packets',`
++ gen_require(`
++ type cvs_client_packet_t;
++ ')
++
++ allow $1 cvs_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive cvs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_cvs_client_packets',`
++ gen_require(`
++ type cvs_client_packet_t;
++ ')
++
++ dontaudit $1 cvs_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive cvs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_cvs_client_packets',`
++ corenet_send_cvs_client_packets($1)
++ corenet_receive_cvs_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive cvs_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_cvs_client_packets',`
++ corenet_dontaudit_send_cvs_client_packets($1)
++ corenet_dontaudit_receive_cvs_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to cvs_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_cvs_client_packets',`
++ gen_require(`
++ type cvs_client_packet_t;
++ ')
++
++ allow $1 cvs_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send cvs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_cvs_server_packets',`
++ gen_require(`
++ type cvs_server_packet_t;
++ ')
++
++ allow $1 cvs_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send cvs_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_cvs_server_packets',`
++ gen_require(`
++ type cvs_server_packet_t;
++ ')
++
++ dontaudit $1 cvs_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive cvs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_cvs_server_packets',`
++ gen_require(`
++ type cvs_server_packet_t;
++ ')
++
++ allow $1 cvs_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive cvs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_cvs_server_packets',`
++ gen_require(`
++ type cvs_server_packet_t;
++ ')
++
++ dontaudit $1 cvs_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive cvs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_cvs_server_packets',`
++ corenet_send_cvs_server_packets($1)
++ corenet_receive_cvs_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive cvs_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_cvs_server_packets',`
++ corenet_dontaudit_send_cvs_server_packets($1)
++ corenet_dontaudit_receive_cvs_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to cvs_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_cvs_server_packets',`
++ gen_require(`
++ type cvs_server_packet_t;
++ ')
++
++ allow $1 cvs_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the dcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ allow $1 dcc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the dcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ allow $1 dcc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the dcc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ dontaudit $1 dcc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the dcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ allow $1 dcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the dcc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ dontaudit $1 dcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the dcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_dcc_port',`
++ corenet_udp_send_dcc_port($1)
++ corenet_udp_receive_dcc_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the dcc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_dcc_port',`
++ corenet_dontaudit_udp_send_dcc_port($1)
++ corenet_dontaudit_udp_receive_dcc_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the dcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ allow $1 dcc_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the dcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ allow $1 dcc_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the dcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_dcc_port',`
++ gen_require(`
++ type dcc_port_t;
++ ')
++
++ allow $1 dcc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send dcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dcc_client_packets',`
++ gen_require(`
++ type dcc_client_packet_t;
++ ')
++
++ allow $1 dcc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dcc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dcc_client_packets',`
++ gen_require(`
++ type dcc_client_packet_t;
++ ')
++
++ dontaudit $1 dcc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dcc_client_packets',`
++ gen_require(`
++ type dcc_client_packet_t;
++ ')
++
++ allow $1 dcc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dcc_client_packets',`
++ gen_require(`
++ type dcc_client_packet_t;
++ ')
++
++ dontaudit $1 dcc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dcc_client_packets',`
++ corenet_send_dcc_client_packets($1)
++ corenet_receive_dcc_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dcc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dcc_client_packets',`
++ corenet_dontaudit_send_dcc_client_packets($1)
++ corenet_dontaudit_receive_dcc_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dcc_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dcc_client_packets',`
++ gen_require(`
++ type dcc_client_packet_t;
++ ')
++
++ allow $1 dcc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send dcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dcc_server_packets',`
++ gen_require(`
++ type dcc_server_packet_t;
++ ')
++
++ allow $1 dcc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dcc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dcc_server_packets',`
++ gen_require(`
++ type dcc_server_packet_t;
++ ')
++
++ dontaudit $1 dcc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dcc_server_packets',`
++ gen_require(`
++ type dcc_server_packet_t;
++ ')
++
++ allow $1 dcc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dcc_server_packets',`
++ gen_require(`
++ type dcc_server_packet_t;
++ ')
++
++ dontaudit $1 dcc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dcc_server_packets',`
++ corenet_send_dcc_server_packets($1)
++ corenet_receive_dcc_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dcc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dcc_server_packets',`
++ corenet_dontaudit_send_dcc_server_packets($1)
++ corenet_dontaudit_receive_dcc_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dcc_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dcc_server_packets',`
++ gen_require(`
++ type dcc_server_packet_t;
++ ')
++
++ allow $1 dcc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the dbskkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ allow $1 dbskkd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the dbskkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ allow $1 dbskkd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the dbskkd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ dontaudit $1 dbskkd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the dbskkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ allow $1 dbskkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the dbskkd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ dontaudit $1 dbskkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the dbskkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_dbskkd_port',`
++ corenet_udp_send_dbskkd_port($1)
++ corenet_udp_receive_dbskkd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the dbskkd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_dbskkd_port',`
++ corenet_dontaudit_udp_send_dbskkd_port($1)
++ corenet_dontaudit_udp_receive_dbskkd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the dbskkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ allow $1 dbskkd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the dbskkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ allow $1 dbskkd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the dbskkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_dbskkd_port',`
++ gen_require(`
++ type dbskkd_port_t;
++ ')
++
++ allow $1 dbskkd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send dbskkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dbskkd_client_packets',`
++ gen_require(`
++ type dbskkd_client_packet_t;
++ ')
++
++ allow $1 dbskkd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dbskkd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dbskkd_client_packets',`
++ gen_require(`
++ type dbskkd_client_packet_t;
++ ')
++
++ dontaudit $1 dbskkd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dbskkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dbskkd_client_packets',`
++ gen_require(`
++ type dbskkd_client_packet_t;
++ ')
++
++ allow $1 dbskkd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dbskkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dbskkd_client_packets',`
++ gen_require(`
++ type dbskkd_client_packet_t;
++ ')
++
++ dontaudit $1 dbskkd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dbskkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dbskkd_client_packets',`
++ corenet_send_dbskkd_client_packets($1)
++ corenet_receive_dbskkd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dbskkd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dbskkd_client_packets',`
++ corenet_dontaudit_send_dbskkd_client_packets($1)
++ corenet_dontaudit_receive_dbskkd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dbskkd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dbskkd_client_packets',`
++ gen_require(`
++ type dbskkd_client_packet_t;
++ ')
++
++ allow $1 dbskkd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send dbskkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dbskkd_server_packets',`
++ gen_require(`
++ type dbskkd_server_packet_t;
++ ')
++
++ allow $1 dbskkd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dbskkd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dbskkd_server_packets',`
++ gen_require(`
++ type dbskkd_server_packet_t;
++ ')
++
++ dontaudit $1 dbskkd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dbskkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dbskkd_server_packets',`
++ gen_require(`
++ type dbskkd_server_packet_t;
++ ')
++
++ allow $1 dbskkd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dbskkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dbskkd_server_packets',`
++ gen_require(`
++ type dbskkd_server_packet_t;
++ ')
++
++ dontaudit $1 dbskkd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dbskkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dbskkd_server_packets',`
++ corenet_send_dbskkd_server_packets($1)
++ corenet_receive_dbskkd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dbskkd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dbskkd_server_packets',`
++ corenet_dontaudit_send_dbskkd_server_packets($1)
++ corenet_dontaudit_receive_dbskkd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dbskkd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dbskkd_server_packets',`
++ gen_require(`
++ type dbskkd_server_packet_t;
++ ')
++
++ allow $1 dbskkd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the dhcpc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ allow $1 dhcpc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the dhcpc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ allow $1 dhcpc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the dhcpc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ dontaudit $1 dhcpc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the dhcpc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ allow $1 dhcpc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the dhcpc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ dontaudit $1 dhcpc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the dhcpc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_dhcpc_port',`
++ corenet_udp_send_dhcpc_port($1)
++ corenet_udp_receive_dhcpc_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the dhcpc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_dhcpc_port',`
++ corenet_dontaudit_udp_send_dhcpc_port($1)
++ corenet_dontaudit_udp_receive_dhcpc_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the dhcpc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ allow $1 dhcpc_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the dhcpc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ allow $1 dhcpc_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the dhcpc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_dhcpc_port',`
++ gen_require(`
++ type dhcpc_port_t;
++ ')
++
++ allow $1 dhcpc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send dhcpc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dhcpc_client_packets',`
++ gen_require(`
++ type dhcpc_client_packet_t;
++ ')
++
++ allow $1 dhcpc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dhcpc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dhcpc_client_packets',`
++ gen_require(`
++ type dhcpc_client_packet_t;
++ ')
++
++ dontaudit $1 dhcpc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dhcpc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dhcpc_client_packets',`
++ gen_require(`
++ type dhcpc_client_packet_t;
++ ')
++
++ allow $1 dhcpc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dhcpc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dhcpc_client_packets',`
++ gen_require(`
++ type dhcpc_client_packet_t;
++ ')
++
++ dontaudit $1 dhcpc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dhcpc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dhcpc_client_packets',`
++ corenet_send_dhcpc_client_packets($1)
++ corenet_receive_dhcpc_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dhcpc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dhcpc_client_packets',`
++ corenet_dontaudit_send_dhcpc_client_packets($1)
++ corenet_dontaudit_receive_dhcpc_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dhcpc_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dhcpc_client_packets',`
++ gen_require(`
++ type dhcpc_client_packet_t;
++ ')
++
++ allow $1 dhcpc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send dhcpc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dhcpc_server_packets',`
++ gen_require(`
++ type dhcpc_server_packet_t;
++ ')
++
++ allow $1 dhcpc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dhcpc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dhcpc_server_packets',`
++ gen_require(`
++ type dhcpc_server_packet_t;
++ ')
++
++ dontaudit $1 dhcpc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dhcpc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dhcpc_server_packets',`
++ gen_require(`
++ type dhcpc_server_packet_t;
++ ')
++
++ allow $1 dhcpc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dhcpc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dhcpc_server_packets',`
++ gen_require(`
++ type dhcpc_server_packet_t;
++ ')
++
++ dontaudit $1 dhcpc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dhcpc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dhcpc_server_packets',`
++ corenet_send_dhcpc_server_packets($1)
++ corenet_receive_dhcpc_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dhcpc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dhcpc_server_packets',`
++ corenet_dontaudit_send_dhcpc_server_packets($1)
++ corenet_dontaudit_receive_dhcpc_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dhcpc_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dhcpc_server_packets',`
++ gen_require(`
++ type dhcpc_server_packet_t;
++ ')
++
++ allow $1 dhcpc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the dhcpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ allow $1 dhcpd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the dhcpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ allow $1 dhcpd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the dhcpd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ dontaudit $1 dhcpd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the dhcpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ allow $1 dhcpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the dhcpd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ dontaudit $1 dhcpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the dhcpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_dhcpd_port',`
++ corenet_udp_send_dhcpd_port($1)
++ corenet_udp_receive_dhcpd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the dhcpd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_dhcpd_port',`
++ corenet_dontaudit_udp_send_dhcpd_port($1)
++ corenet_dontaudit_udp_receive_dhcpd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the dhcpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ allow $1 dhcpd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the dhcpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ allow $1 dhcpd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the dhcpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_dhcpd_port',`
++ gen_require(`
++ type dhcpd_port_t;
++ ')
++
++ allow $1 dhcpd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send dhcpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dhcpd_client_packets',`
++ gen_require(`
++ type dhcpd_client_packet_t;
++ ')
++
++ allow $1 dhcpd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dhcpd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dhcpd_client_packets',`
++ gen_require(`
++ type dhcpd_client_packet_t;
++ ')
++
++ dontaudit $1 dhcpd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dhcpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dhcpd_client_packets',`
++ gen_require(`
++ type dhcpd_client_packet_t;
++ ')
++
++ allow $1 dhcpd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dhcpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dhcpd_client_packets',`
++ gen_require(`
++ type dhcpd_client_packet_t;
++ ')
++
++ dontaudit $1 dhcpd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dhcpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dhcpd_client_packets',`
++ corenet_send_dhcpd_client_packets($1)
++ corenet_receive_dhcpd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dhcpd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dhcpd_client_packets',`
++ corenet_dontaudit_send_dhcpd_client_packets($1)
++ corenet_dontaudit_receive_dhcpd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dhcpd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dhcpd_client_packets',`
++ gen_require(`
++ type dhcpd_client_packet_t;
++ ')
++
++ allow $1 dhcpd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send dhcpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dhcpd_server_packets',`
++ gen_require(`
++ type dhcpd_server_packet_t;
++ ')
++
++ allow $1 dhcpd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dhcpd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dhcpd_server_packets',`
++ gen_require(`
++ type dhcpd_server_packet_t;
++ ')
++
++ dontaudit $1 dhcpd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dhcpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dhcpd_server_packets',`
++ gen_require(`
++ type dhcpd_server_packet_t;
++ ')
++
++ allow $1 dhcpd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dhcpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dhcpd_server_packets',`
++ gen_require(`
++ type dhcpd_server_packet_t;
++ ')
++
++ dontaudit $1 dhcpd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dhcpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dhcpd_server_packets',`
++ corenet_send_dhcpd_server_packets($1)
++ corenet_receive_dhcpd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dhcpd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dhcpd_server_packets',`
++ corenet_dontaudit_send_dhcpd_server_packets($1)
++ corenet_dontaudit_receive_dhcpd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dhcpd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dhcpd_server_packets',`
++ gen_require(`
++ type dhcpd_server_packet_t;
++ ')
++
++ allow $1 dhcpd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the dict port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ allow $1 dict_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the dict port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ allow $1 dict_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the dict port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ dontaudit $1 dict_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the dict port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ allow $1 dict_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the dict port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ dontaudit $1 dict_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the dict port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_dict_port',`
++ corenet_udp_send_dict_port($1)
++ corenet_udp_receive_dict_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the dict port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_dict_port',`
++ corenet_dontaudit_udp_send_dict_port($1)
++ corenet_dontaudit_udp_receive_dict_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the dict port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ allow $1 dict_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the dict port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ allow $1 dict_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the dict port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_dict_port',`
++ gen_require(`
++ type dict_port_t;
++ ')
++
++ allow $1 dict_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send dict_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dict_client_packets',`
++ gen_require(`
++ type dict_client_packet_t;
++ ')
++
++ allow $1 dict_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dict_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dict_client_packets',`
++ gen_require(`
++ type dict_client_packet_t;
++ ')
++
++ dontaudit $1 dict_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dict_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dict_client_packets',`
++ gen_require(`
++ type dict_client_packet_t;
++ ')
++
++ allow $1 dict_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dict_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dict_client_packets',`
++ gen_require(`
++ type dict_client_packet_t;
++ ')
++
++ dontaudit $1 dict_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dict_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dict_client_packets',`
++ corenet_send_dict_client_packets($1)
++ corenet_receive_dict_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dict_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dict_client_packets',`
++ corenet_dontaudit_send_dict_client_packets($1)
++ corenet_dontaudit_receive_dict_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dict_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dict_client_packets',`
++ gen_require(`
++ type dict_client_packet_t;
++ ')
++
++ allow $1 dict_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send dict_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dict_server_packets',`
++ gen_require(`
++ type dict_server_packet_t;
++ ')
++
++ allow $1 dict_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dict_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dict_server_packets',`
++ gen_require(`
++ type dict_server_packet_t;
++ ')
++
++ dontaudit $1 dict_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dict_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dict_server_packets',`
++ gen_require(`
++ type dict_server_packet_t;
++ ')
++
++ allow $1 dict_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dict_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dict_server_packets',`
++ gen_require(`
++ type dict_server_packet_t;
++ ')
++
++ dontaudit $1 dict_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dict_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dict_server_packets',`
++ corenet_send_dict_server_packets($1)
++ corenet_receive_dict_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dict_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dict_server_packets',`
++ corenet_dontaudit_send_dict_server_packets($1)
++ corenet_dontaudit_receive_dict_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dict_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dict_server_packets',`
++ gen_require(`
++ type dict_server_packet_t;
++ ')
++
++ allow $1 dict_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the distccd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ allow $1 distccd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the distccd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ allow $1 distccd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the distccd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ dontaudit $1 distccd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the distccd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ allow $1 distccd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the distccd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ dontaudit $1 distccd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the distccd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_distccd_port',`
++ corenet_udp_send_distccd_port($1)
++ corenet_udp_receive_distccd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the distccd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_distccd_port',`
++ corenet_dontaudit_udp_send_distccd_port($1)
++ corenet_dontaudit_udp_receive_distccd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the distccd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ allow $1 distccd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the distccd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ allow $1 distccd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the distccd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_distccd_port',`
++ gen_require(`
++ type distccd_port_t;
++ ')
++
++ allow $1 distccd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send distccd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_distccd_client_packets',`
++ gen_require(`
++ type distccd_client_packet_t;
++ ')
++
++ allow $1 distccd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send distccd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_distccd_client_packets',`
++ gen_require(`
++ type distccd_client_packet_t;
++ ')
++
++ dontaudit $1 distccd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive distccd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_distccd_client_packets',`
++ gen_require(`
++ type distccd_client_packet_t;
++ ')
++
++ allow $1 distccd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive distccd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_distccd_client_packets',`
++ gen_require(`
++ type distccd_client_packet_t;
++ ')
++
++ dontaudit $1 distccd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive distccd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_distccd_client_packets',`
++ corenet_send_distccd_client_packets($1)
++ corenet_receive_distccd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive distccd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_distccd_client_packets',`
++ corenet_dontaudit_send_distccd_client_packets($1)
++ corenet_dontaudit_receive_distccd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to distccd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_distccd_client_packets',`
++ gen_require(`
++ type distccd_client_packet_t;
++ ')
++
++ allow $1 distccd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send distccd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_distccd_server_packets',`
++ gen_require(`
++ type distccd_server_packet_t;
++ ')
++
++ allow $1 distccd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send distccd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_distccd_server_packets',`
++ gen_require(`
++ type distccd_server_packet_t;
++ ')
++
++ dontaudit $1 distccd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive distccd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_distccd_server_packets',`
++ gen_require(`
++ type distccd_server_packet_t;
++ ')
++
++ allow $1 distccd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive distccd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_distccd_server_packets',`
++ gen_require(`
++ type distccd_server_packet_t;
++ ')
++
++ dontaudit $1 distccd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive distccd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_distccd_server_packets',`
++ corenet_send_distccd_server_packets($1)
++ corenet_receive_distccd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive distccd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_distccd_server_packets',`
++ corenet_dontaudit_send_distccd_server_packets($1)
++ corenet_dontaudit_receive_distccd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to distccd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_distccd_server_packets',`
++ gen_require(`
++ type distccd_server_packet_t;
++ ')
++
++ allow $1 distccd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the dns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ allow $1 dns_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the dns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ allow $1 dns_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the dns port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ dontaudit $1 dns_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the dns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ allow $1 dns_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the dns port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ dontaudit $1 dns_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the dns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_dns_port',`
++ corenet_udp_send_dns_port($1)
++ corenet_udp_receive_dns_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the dns port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_dns_port',`
++ corenet_dontaudit_udp_send_dns_port($1)
++ corenet_dontaudit_udp_receive_dns_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the dns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ allow $1 dns_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the dns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ allow $1 dns_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the dns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_dns_port',`
++ gen_require(`
++ type dns_port_t;
++ ')
++
++ allow $1 dns_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send dns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dns_client_packets',`
++ gen_require(`
++ type dns_client_packet_t;
++ ')
++
++ allow $1 dns_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dns_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dns_client_packets',`
++ gen_require(`
++ type dns_client_packet_t;
++ ')
++
++ dontaudit $1 dns_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dns_client_packets',`
++ gen_require(`
++ type dns_client_packet_t;
++ ')
++
++ allow $1 dns_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dns_client_packets',`
++ gen_require(`
++ type dns_client_packet_t;
++ ')
++
++ dontaudit $1 dns_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dns_client_packets',`
++ corenet_send_dns_client_packets($1)
++ corenet_receive_dns_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dns_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dns_client_packets',`
++ corenet_dontaudit_send_dns_client_packets($1)
++ corenet_dontaudit_receive_dns_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dns_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dns_client_packets',`
++ gen_require(`
++ type dns_client_packet_t;
++ ')
++
++ allow $1 dns_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send dns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_dns_server_packets',`
++ gen_require(`
++ type dns_server_packet_t;
++ ')
++
++ allow $1 dns_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send dns_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_dns_server_packets',`
++ gen_require(`
++ type dns_server_packet_t;
++ ')
++
++ dontaudit $1 dns_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive dns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_dns_server_packets',`
++ gen_require(`
++ type dns_server_packet_t;
++ ')
++
++ allow $1 dns_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive dns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_dns_server_packets',`
++ gen_require(`
++ type dns_server_packet_t;
++ ')
++
++ dontaudit $1 dns_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive dns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_dns_server_packets',`
++ corenet_send_dns_server_packets($1)
++ corenet_receive_dns_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive dns_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_dns_server_packets',`
++ corenet_dontaudit_send_dns_server_packets($1)
++ corenet_dontaudit_receive_dns_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to dns_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_dns_server_packets',`
++ gen_require(`
++ type dns_server_packet_t;
++ ')
++
++ allow $1 dns_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the fingerd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ allow $1 fingerd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the fingerd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ allow $1 fingerd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the fingerd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ dontaudit $1 fingerd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the fingerd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ allow $1 fingerd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the fingerd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ dontaudit $1 fingerd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the fingerd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_fingerd_port',`
++ corenet_udp_send_fingerd_port($1)
++ corenet_udp_receive_fingerd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the fingerd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_fingerd_port',`
++ corenet_dontaudit_udp_send_fingerd_port($1)
++ corenet_dontaudit_udp_receive_fingerd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the fingerd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ allow $1 fingerd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the fingerd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ allow $1 fingerd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the fingerd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_fingerd_port',`
++ gen_require(`
++ type fingerd_port_t;
++ ')
++
++ allow $1 fingerd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send fingerd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_fingerd_client_packets',`
++ gen_require(`
++ type fingerd_client_packet_t;
++ ')
++
++ allow $1 fingerd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send fingerd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_fingerd_client_packets',`
++ gen_require(`
++ type fingerd_client_packet_t;
++ ')
++
++ dontaudit $1 fingerd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive fingerd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_fingerd_client_packets',`
++ gen_require(`
++ type fingerd_client_packet_t;
++ ')
++
++ allow $1 fingerd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive fingerd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_fingerd_client_packets',`
++ gen_require(`
++ type fingerd_client_packet_t;
++ ')
++
++ dontaudit $1 fingerd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive fingerd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_fingerd_client_packets',`
++ corenet_send_fingerd_client_packets($1)
++ corenet_receive_fingerd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive fingerd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_fingerd_client_packets',`
++ corenet_dontaudit_send_fingerd_client_packets($1)
++ corenet_dontaudit_receive_fingerd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to fingerd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_fingerd_client_packets',`
++ gen_require(`
++ type fingerd_client_packet_t;
++ ')
++
++ allow $1 fingerd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send fingerd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_fingerd_server_packets',`
++ gen_require(`
++ type fingerd_server_packet_t;
++ ')
++
++ allow $1 fingerd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send fingerd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_fingerd_server_packets',`
++ gen_require(`
++ type fingerd_server_packet_t;
++ ')
++
++ dontaudit $1 fingerd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive fingerd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_fingerd_server_packets',`
++ gen_require(`
++ type fingerd_server_packet_t;
++ ')
++
++ allow $1 fingerd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive fingerd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_fingerd_server_packets',`
++ gen_require(`
++ type fingerd_server_packet_t;
++ ')
++
++ dontaudit $1 fingerd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive fingerd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_fingerd_server_packets',`
++ corenet_send_fingerd_server_packets($1)
++ corenet_receive_fingerd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive fingerd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_fingerd_server_packets',`
++ corenet_dontaudit_send_fingerd_server_packets($1)
++ corenet_dontaudit_receive_fingerd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to fingerd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_fingerd_server_packets',`
++ gen_require(`
++ type fingerd_server_packet_t;
++ ')
++
++ allow $1 fingerd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the flash port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ allow $1 flash_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the flash port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ allow $1 flash_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the flash port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ dontaudit $1 flash_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the flash port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ allow $1 flash_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the flash port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ dontaudit $1 flash_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the flash port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_flash_port',`
++ corenet_udp_send_flash_port($1)
++ corenet_udp_receive_flash_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the flash port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_flash_port',`
++ corenet_dontaudit_udp_send_flash_port($1)
++ corenet_dontaudit_udp_receive_flash_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the flash port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ allow $1 flash_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the flash port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ allow $1 flash_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the flash port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_flash_port',`
++ gen_require(`
++ type flash_port_t;
++ ')
++
++ allow $1 flash_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send flash_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_flash_client_packets',`
++ gen_require(`
++ type flash_client_packet_t;
++ ')
++
++ allow $1 flash_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send flash_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_flash_client_packets',`
++ gen_require(`
++ type flash_client_packet_t;
++ ')
++
++ dontaudit $1 flash_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive flash_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_flash_client_packets',`
++ gen_require(`
++ type flash_client_packet_t;
++ ')
++
++ allow $1 flash_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive flash_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_flash_client_packets',`
++ gen_require(`
++ type flash_client_packet_t;
++ ')
++
++ dontaudit $1 flash_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive flash_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_flash_client_packets',`
++ corenet_send_flash_client_packets($1)
++ corenet_receive_flash_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive flash_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_flash_client_packets',`
++ corenet_dontaudit_send_flash_client_packets($1)
++ corenet_dontaudit_receive_flash_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to flash_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_flash_client_packets',`
++ gen_require(`
++ type flash_client_packet_t;
++ ')
++
++ allow $1 flash_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send flash_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_flash_server_packets',`
++ gen_require(`
++ type flash_server_packet_t;
++ ')
++
++ allow $1 flash_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send flash_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_flash_server_packets',`
++ gen_require(`
++ type flash_server_packet_t;
++ ')
++
++ dontaudit $1 flash_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive flash_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_flash_server_packets',`
++ gen_require(`
++ type flash_server_packet_t;
++ ')
++
++ allow $1 flash_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive flash_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_flash_server_packets',`
++ gen_require(`
++ type flash_server_packet_t;
++ ')
++
++ dontaudit $1 flash_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive flash_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_flash_server_packets',`
++ corenet_send_flash_server_packets($1)
++ corenet_receive_flash_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive flash_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_flash_server_packets',`
++ corenet_dontaudit_send_flash_server_packets($1)
++ corenet_dontaudit_receive_flash_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to flash_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_flash_server_packets',`
++ gen_require(`
++ type flash_server_packet_t;
++ ')
++
++ allow $1 flash_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ftp_data port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ allow $1 ftp_data_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ftp_data port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ allow $1 ftp_data_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ftp_data port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ dontaudit $1 ftp_data_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ftp_data port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ allow $1 ftp_data_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ftp_data port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ dontaudit $1 ftp_data_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ftp_data port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ftp_data_port',`
++ corenet_udp_send_ftp_data_port($1)
++ corenet_udp_receive_ftp_data_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ftp_data port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ftp_data_port',`
++ corenet_dontaudit_udp_send_ftp_data_port($1)
++ corenet_dontaudit_udp_receive_ftp_data_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ftp_data port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ allow $1 ftp_data_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the ftp_data port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ allow $1 ftp_data_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the ftp_data port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ftp_data_port',`
++ gen_require(`
++ type ftp_data_port_t;
++ ')
++
++ allow $1 ftp_data_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ftp_data_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ftp_data_client_packets',`
++ gen_require(`
++ type ftp_data_client_packet_t;
++ ')
++
++ allow $1 ftp_data_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ftp_data_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ftp_data_client_packets',`
++ gen_require(`
++ type ftp_data_client_packet_t;
++ ')
++
++ dontaudit $1 ftp_data_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ftp_data_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ftp_data_client_packets',`
++ gen_require(`
++ type ftp_data_client_packet_t;
++ ')
++
++ allow $1 ftp_data_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ftp_data_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ftp_data_client_packets',`
++ gen_require(`
++ type ftp_data_client_packet_t;
++ ')
++
++ dontaudit $1 ftp_data_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ftp_data_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ftp_data_client_packets',`
++ corenet_send_ftp_data_client_packets($1)
++ corenet_receive_ftp_data_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ftp_data_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ftp_data_client_packets',`
++ corenet_dontaudit_send_ftp_data_client_packets($1)
++ corenet_dontaudit_receive_ftp_data_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ftp_data_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ftp_data_client_packets',`
++ gen_require(`
++ type ftp_data_client_packet_t;
++ ')
++
++ allow $1 ftp_data_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ftp_data_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ftp_data_server_packets',`
++ gen_require(`
++ type ftp_data_server_packet_t;
++ ')
++
++ allow $1 ftp_data_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ftp_data_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ftp_data_server_packets',`
++ gen_require(`
++ type ftp_data_server_packet_t;
++ ')
++
++ dontaudit $1 ftp_data_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ftp_data_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ftp_data_server_packets',`
++ gen_require(`
++ type ftp_data_server_packet_t;
++ ')
++
++ allow $1 ftp_data_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ftp_data_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ftp_data_server_packets',`
++ gen_require(`
++ type ftp_data_server_packet_t;
++ ')
++
++ dontaudit $1 ftp_data_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ftp_data_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ftp_data_server_packets',`
++ corenet_send_ftp_data_server_packets($1)
++ corenet_receive_ftp_data_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ftp_data_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ftp_data_server_packets',`
++ corenet_dontaudit_send_ftp_data_server_packets($1)
++ corenet_dontaudit_receive_ftp_data_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ftp_data_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ftp_data_server_packets',`
++ gen_require(`
++ type ftp_data_server_packet_t;
++ ')
++
++ allow $1 ftp_data_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ allow $1 ftp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ allow $1 ftp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ftp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ dontaudit $1 ftp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ allow $1 ftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ftp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ dontaudit $1 ftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ftp_port',`
++ corenet_udp_send_ftp_port($1)
++ corenet_udp_receive_ftp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ftp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ftp_port',`
++ corenet_dontaudit_udp_send_ftp_port($1)
++ corenet_dontaudit_udp_receive_ftp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ allow $1 ftp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the ftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ allow $1 ftp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the ftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ftp_port',`
++ gen_require(`
++ type ftp_port_t;
++ ')
++
++ allow $1 ftp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ftp_client_packets',`
++ gen_require(`
++ type ftp_client_packet_t;
++ ')
++
++ allow $1 ftp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ftp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ftp_client_packets',`
++ gen_require(`
++ type ftp_client_packet_t;
++ ')
++
++ dontaudit $1 ftp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ftp_client_packets',`
++ gen_require(`
++ type ftp_client_packet_t;
++ ')
++
++ allow $1 ftp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ftp_client_packets',`
++ gen_require(`
++ type ftp_client_packet_t;
++ ')
++
++ dontaudit $1 ftp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ftp_client_packets',`
++ corenet_send_ftp_client_packets($1)
++ corenet_receive_ftp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ftp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ftp_client_packets',`
++ corenet_dontaudit_send_ftp_client_packets($1)
++ corenet_dontaudit_receive_ftp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ftp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ftp_client_packets',`
++ gen_require(`
++ type ftp_client_packet_t;
++ ')
++
++ allow $1 ftp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ftp_server_packets',`
++ gen_require(`
++ type ftp_server_packet_t;
++ ')
++
++ allow $1 ftp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ftp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ftp_server_packets',`
++ gen_require(`
++ type ftp_server_packet_t;
++ ')
++
++ dontaudit $1 ftp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ftp_server_packets',`
++ gen_require(`
++ type ftp_server_packet_t;
++ ')
++
++ allow $1 ftp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ftp_server_packets',`
++ gen_require(`
++ type ftp_server_packet_t;
++ ')
++
++ dontaudit $1 ftp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ftp_server_packets',`
++ corenet_send_ftp_server_packets($1)
++ corenet_receive_ftp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ftp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ftp_server_packets',`
++ corenet_dontaudit_send_ftp_server_packets($1)
++ corenet_dontaudit_receive_ftp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ftp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ftp_server_packets',`
++ gen_require(`
++ type ftp_server_packet_t;
++ ')
++
++ allow $1 ftp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the gatekeeper port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ allow $1 gatekeeper_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the gatekeeper port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ allow $1 gatekeeper_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the gatekeeper port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ dontaudit $1 gatekeeper_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the gatekeeper port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ allow $1 gatekeeper_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the gatekeeper port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ dontaudit $1 gatekeeper_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the gatekeeper port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_gatekeeper_port',`
++ corenet_udp_send_gatekeeper_port($1)
++ corenet_udp_receive_gatekeeper_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the gatekeeper port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_gatekeeper_port',`
++ corenet_dontaudit_udp_send_gatekeeper_port($1)
++ corenet_dontaudit_udp_receive_gatekeeper_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the gatekeeper port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ allow $1 gatekeeper_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the gatekeeper port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ allow $1 gatekeeper_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the gatekeeper port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_gatekeeper_port',`
++ gen_require(`
++ type gatekeeper_port_t;
++ ')
++
++ allow $1 gatekeeper_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send gatekeeper_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_gatekeeper_client_packets',`
++ gen_require(`
++ type gatekeeper_client_packet_t;
++ ')
++
++ allow $1 gatekeeper_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send gatekeeper_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_gatekeeper_client_packets',`
++ gen_require(`
++ type gatekeeper_client_packet_t;
++ ')
++
++ dontaudit $1 gatekeeper_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive gatekeeper_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_gatekeeper_client_packets',`
++ gen_require(`
++ type gatekeeper_client_packet_t;
++ ')
++
++ allow $1 gatekeeper_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive gatekeeper_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_gatekeeper_client_packets',`
++ gen_require(`
++ type gatekeeper_client_packet_t;
++ ')
++
++ dontaudit $1 gatekeeper_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive gatekeeper_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_gatekeeper_client_packets',`
++ corenet_send_gatekeeper_client_packets($1)
++ corenet_receive_gatekeeper_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive gatekeeper_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_gatekeeper_client_packets',`
++ corenet_dontaudit_send_gatekeeper_client_packets($1)
++ corenet_dontaudit_receive_gatekeeper_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to gatekeeper_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_gatekeeper_client_packets',`
++ gen_require(`
++ type gatekeeper_client_packet_t;
++ ')
++
++ allow $1 gatekeeper_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send gatekeeper_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_gatekeeper_server_packets',`
++ gen_require(`
++ type gatekeeper_server_packet_t;
++ ')
++
++ allow $1 gatekeeper_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send gatekeeper_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_gatekeeper_server_packets',`
++ gen_require(`
++ type gatekeeper_server_packet_t;
++ ')
++
++ dontaudit $1 gatekeeper_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive gatekeeper_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_gatekeeper_server_packets',`
++ gen_require(`
++ type gatekeeper_server_packet_t;
++ ')
++
++ allow $1 gatekeeper_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive gatekeeper_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_gatekeeper_server_packets',`
++ gen_require(`
++ type gatekeeper_server_packet_t;
++ ')
++
++ dontaudit $1 gatekeeper_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive gatekeeper_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_gatekeeper_server_packets',`
++ corenet_send_gatekeeper_server_packets($1)
++ corenet_receive_gatekeeper_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive gatekeeper_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_gatekeeper_server_packets',`
++ corenet_dontaudit_send_gatekeeper_server_packets($1)
++ corenet_dontaudit_receive_gatekeeper_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to gatekeeper_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_gatekeeper_server_packets',`
++ gen_require(`
++ type gatekeeper_server_packet_t;
++ ')
++
++ allow $1 gatekeeper_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the giftd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ allow $1 giftd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the giftd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ allow $1 giftd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the giftd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ dontaudit $1 giftd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the giftd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ allow $1 giftd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the giftd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ dontaudit $1 giftd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the giftd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_giftd_port',`
++ corenet_udp_send_giftd_port($1)
++ corenet_udp_receive_giftd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the giftd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_giftd_port',`
++ corenet_dontaudit_udp_send_giftd_port($1)
++ corenet_dontaudit_udp_receive_giftd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the giftd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ allow $1 giftd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the giftd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ allow $1 giftd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the giftd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_giftd_port',`
++ gen_require(`
++ type giftd_port_t;
++ ')
++
++ allow $1 giftd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send giftd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_giftd_client_packets',`
++ gen_require(`
++ type giftd_client_packet_t;
++ ')
++
++ allow $1 giftd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send giftd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_giftd_client_packets',`
++ gen_require(`
++ type giftd_client_packet_t;
++ ')
++
++ dontaudit $1 giftd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive giftd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_giftd_client_packets',`
++ gen_require(`
++ type giftd_client_packet_t;
++ ')
++
++ allow $1 giftd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive giftd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_giftd_client_packets',`
++ gen_require(`
++ type giftd_client_packet_t;
++ ')
++
++ dontaudit $1 giftd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive giftd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_giftd_client_packets',`
++ corenet_send_giftd_client_packets($1)
++ corenet_receive_giftd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive giftd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_giftd_client_packets',`
++ corenet_dontaudit_send_giftd_client_packets($1)
++ corenet_dontaudit_receive_giftd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to giftd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_giftd_client_packets',`
++ gen_require(`
++ type giftd_client_packet_t;
++ ')
++
++ allow $1 giftd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send giftd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_giftd_server_packets',`
++ gen_require(`
++ type giftd_server_packet_t;
++ ')
++
++ allow $1 giftd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send giftd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_giftd_server_packets',`
++ gen_require(`
++ type giftd_server_packet_t;
++ ')
++
++ dontaudit $1 giftd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive giftd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_giftd_server_packets',`
++ gen_require(`
++ type giftd_server_packet_t;
++ ')
++
++ allow $1 giftd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive giftd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_giftd_server_packets',`
++ gen_require(`
++ type giftd_server_packet_t;
++ ')
++
++ dontaudit $1 giftd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive giftd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_giftd_server_packets',`
++ corenet_send_giftd_server_packets($1)
++ corenet_receive_giftd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive giftd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_giftd_server_packets',`
++ corenet_dontaudit_send_giftd_server_packets($1)
++ corenet_dontaudit_receive_giftd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to giftd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_giftd_server_packets',`
++ gen_require(`
++ type giftd_server_packet_t;
++ ')
++
++ allow $1 giftd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the gopher port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ allow $1 gopher_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the gopher port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ allow $1 gopher_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the gopher port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ dontaudit $1 gopher_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the gopher port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ allow $1 gopher_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the gopher port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ dontaudit $1 gopher_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the gopher port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_gopher_port',`
++ corenet_udp_send_gopher_port($1)
++ corenet_udp_receive_gopher_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the gopher port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_gopher_port',`
++ corenet_dontaudit_udp_send_gopher_port($1)
++ corenet_dontaudit_udp_receive_gopher_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the gopher port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ allow $1 gopher_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the gopher port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ allow $1 gopher_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the gopher port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_gopher_port',`
++ gen_require(`
++ type gopher_port_t;
++ ')
++
++ allow $1 gopher_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send gopher_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_gopher_client_packets',`
++ gen_require(`
++ type gopher_client_packet_t;
++ ')
++
++ allow $1 gopher_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send gopher_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_gopher_client_packets',`
++ gen_require(`
++ type gopher_client_packet_t;
++ ')
++
++ dontaudit $1 gopher_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive gopher_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_gopher_client_packets',`
++ gen_require(`
++ type gopher_client_packet_t;
++ ')
++
++ allow $1 gopher_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive gopher_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_gopher_client_packets',`
++ gen_require(`
++ type gopher_client_packet_t;
++ ')
++
++ dontaudit $1 gopher_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive gopher_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_gopher_client_packets',`
++ corenet_send_gopher_client_packets($1)
++ corenet_receive_gopher_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive gopher_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_gopher_client_packets',`
++ corenet_dontaudit_send_gopher_client_packets($1)
++ corenet_dontaudit_receive_gopher_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to gopher_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_gopher_client_packets',`
++ gen_require(`
++ type gopher_client_packet_t;
++ ')
++
++ allow $1 gopher_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send gopher_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_gopher_server_packets',`
++ gen_require(`
++ type gopher_server_packet_t;
++ ')
++
++ allow $1 gopher_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send gopher_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_gopher_server_packets',`
++ gen_require(`
++ type gopher_server_packet_t;
++ ')
++
++ dontaudit $1 gopher_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive gopher_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_gopher_server_packets',`
++ gen_require(`
++ type gopher_server_packet_t;
++ ')
++
++ allow $1 gopher_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive gopher_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_gopher_server_packets',`
++ gen_require(`
++ type gopher_server_packet_t;
++ ')
++
++ dontaudit $1 gopher_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive gopher_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_gopher_server_packets',`
++ corenet_send_gopher_server_packets($1)
++ corenet_receive_gopher_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive gopher_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_gopher_server_packets',`
++ corenet_dontaudit_send_gopher_server_packets($1)
++ corenet_dontaudit_receive_gopher_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to gopher_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_gopher_server_packets',`
++ gen_require(`
++ type gopher_server_packet_t;
++ ')
++
++ allow $1 gopher_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the http_cache port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ allow $1 http_cache_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the http_cache port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ allow $1 http_cache_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the http_cache port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ dontaudit $1 http_cache_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the http_cache port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ allow $1 http_cache_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the http_cache port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ dontaudit $1 http_cache_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the http_cache port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_http_cache_port',`
++ corenet_udp_send_http_cache_port($1)
++ corenet_udp_receive_http_cache_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the http_cache port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_http_cache_port',`
++ corenet_dontaudit_udp_send_http_cache_port($1)
++ corenet_dontaudit_udp_receive_http_cache_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the http_cache port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ allow $1 http_cache_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the http_cache port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ allow $1 http_cache_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the http_cache port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_http_cache_port',`
++ gen_require(`
++ type http_cache_port_t;
++ ')
++
++ allow $1 http_cache_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send http_cache_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_http_cache_client_packets',`
++ gen_require(`
++ type http_cache_client_packet_t;
++ ')
++
++ allow $1 http_cache_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send http_cache_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_http_cache_client_packets',`
++ gen_require(`
++ type http_cache_client_packet_t;
++ ')
++
++ dontaudit $1 http_cache_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive http_cache_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_http_cache_client_packets',`
++ gen_require(`
++ type http_cache_client_packet_t;
++ ')
++
++ allow $1 http_cache_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive http_cache_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_http_cache_client_packets',`
++ gen_require(`
++ type http_cache_client_packet_t;
++ ')
++
++ dontaudit $1 http_cache_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive http_cache_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_http_cache_client_packets',`
++ corenet_send_http_cache_client_packets($1)
++ corenet_receive_http_cache_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive http_cache_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_http_cache_client_packets',`
++ corenet_dontaudit_send_http_cache_client_packets($1)
++ corenet_dontaudit_receive_http_cache_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to http_cache_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_http_cache_client_packets',`
++ gen_require(`
++ type http_cache_client_packet_t;
++ ')
++
++ allow $1 http_cache_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send http_cache_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_http_cache_server_packets',`
++ gen_require(`
++ type http_cache_server_packet_t;
++ ')
++
++ allow $1 http_cache_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send http_cache_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_http_cache_server_packets',`
++ gen_require(`
++ type http_cache_server_packet_t;
++ ')
++
++ dontaudit $1 http_cache_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive http_cache_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_http_cache_server_packets',`
++ gen_require(`
++ type http_cache_server_packet_t;
++ ')
++
++ allow $1 http_cache_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive http_cache_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_http_cache_server_packets',`
++ gen_require(`
++ type http_cache_server_packet_t;
++ ')
++
++ dontaudit $1 http_cache_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive http_cache_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_http_cache_server_packets',`
++ corenet_send_http_cache_server_packets($1)
++ corenet_receive_http_cache_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive http_cache_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_http_cache_server_packets',`
++ corenet_dontaudit_send_http_cache_server_packets($1)
++ corenet_dontaudit_receive_http_cache_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to http_cache_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_http_cache_server_packets',`
++ gen_require(`
++ type http_cache_server_packet_t;
++ ')
++
++ allow $1 http_cache_server_packet_t:packet relabelto;
++')
++
++ # 8118 is for privoxy
++
++
++########################################
++##
++## Send and receive TCP traffic on the http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ allow $1 http_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ allow $1 http_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the http port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ dontaudit $1 http_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ allow $1 http_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the http port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ dontaudit $1 http_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_http_port',`
++ corenet_udp_send_http_port($1)
++ corenet_udp_receive_http_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the http port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_http_port',`
++ corenet_dontaudit_udp_send_http_port($1)
++ corenet_dontaudit_udp_receive_http_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ allow $1 http_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ allow $1 http_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_http_port',`
++ gen_require(`
++ type http_port_t;
++ ')
++
++ allow $1 http_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_http_client_packets',`
++ gen_require(`
++ type http_client_packet_t;
++ ')
++
++ allow $1 http_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send http_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_http_client_packets',`
++ gen_require(`
++ type http_client_packet_t;
++ ')
++
++ dontaudit $1 http_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_http_client_packets',`
++ gen_require(`
++ type http_client_packet_t;
++ ')
++
++ allow $1 http_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_http_client_packets',`
++ gen_require(`
++ type http_client_packet_t;
++ ')
++
++ dontaudit $1 http_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_http_client_packets',`
++ corenet_send_http_client_packets($1)
++ corenet_receive_http_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive http_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_http_client_packets',`
++ corenet_dontaudit_send_http_client_packets($1)
++ corenet_dontaudit_receive_http_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to http_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_http_client_packets',`
++ gen_require(`
++ type http_client_packet_t;
++ ')
++
++ allow $1 http_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_http_server_packets',`
++ gen_require(`
++ type http_server_packet_t;
++ ')
++
++ allow $1 http_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send http_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_http_server_packets',`
++ gen_require(`
++ type http_server_packet_t;
++ ')
++
++ dontaudit $1 http_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_http_server_packets',`
++ gen_require(`
++ type http_server_packet_t;
++ ')
++
++ allow $1 http_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_http_server_packets',`
++ gen_require(`
++ type http_server_packet_t;
++ ')
++
++ dontaudit $1 http_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_http_server_packets',`
++ corenet_send_http_server_packets($1)
++ corenet_receive_http_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive http_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_http_server_packets',`
++ corenet_dontaudit_send_http_server_packets($1)
++ corenet_dontaudit_receive_http_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to http_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_http_server_packets',`
++ gen_require(`
++ type http_server_packet_t;
++ ')
++
++ allow $1 http_server_packet_t:packet relabelto;
++')
++
++ #8443 is mod_nss default port
++
++
++########################################
++##
++## Send and receive TCP traffic on the howl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ allow $1 howl_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the howl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ allow $1 howl_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the howl port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ dontaudit $1 howl_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the howl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ allow $1 howl_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the howl port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ dontaudit $1 howl_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the howl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_howl_port',`
++ corenet_udp_send_howl_port($1)
++ corenet_udp_receive_howl_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the howl port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_howl_port',`
++ corenet_dontaudit_udp_send_howl_port($1)
++ corenet_dontaudit_udp_receive_howl_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the howl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ allow $1 howl_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the howl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ allow $1 howl_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the howl port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_howl_port',`
++ gen_require(`
++ type howl_port_t;
++ ')
++
++ allow $1 howl_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send howl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_howl_client_packets',`
++ gen_require(`
++ type howl_client_packet_t;
++ ')
++
++ allow $1 howl_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send howl_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_howl_client_packets',`
++ gen_require(`
++ type howl_client_packet_t;
++ ')
++
++ dontaudit $1 howl_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive howl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_howl_client_packets',`
++ gen_require(`
++ type howl_client_packet_t;
++ ')
++
++ allow $1 howl_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive howl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_howl_client_packets',`
++ gen_require(`
++ type howl_client_packet_t;
++ ')
++
++ dontaudit $1 howl_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive howl_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_howl_client_packets',`
++ corenet_send_howl_client_packets($1)
++ corenet_receive_howl_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive howl_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_howl_client_packets',`
++ corenet_dontaudit_send_howl_client_packets($1)
++ corenet_dontaudit_receive_howl_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to howl_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_howl_client_packets',`
++ gen_require(`
++ type howl_client_packet_t;
++ ')
++
++ allow $1 howl_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send howl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_howl_server_packets',`
++ gen_require(`
++ type howl_server_packet_t;
++ ')
++
++ allow $1 howl_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send howl_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_howl_server_packets',`
++ gen_require(`
++ type howl_server_packet_t;
++ ')
++
++ dontaudit $1 howl_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive howl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_howl_server_packets',`
++ gen_require(`
++ type howl_server_packet_t;
++ ')
++
++ allow $1 howl_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive howl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_howl_server_packets',`
++ gen_require(`
++ type howl_server_packet_t;
++ ')
++
++ dontaudit $1 howl_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive howl_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_howl_server_packets',`
++ corenet_send_howl_server_packets($1)
++ corenet_receive_howl_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive howl_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_howl_server_packets',`
++ corenet_dontaudit_send_howl_server_packets($1)
++ corenet_dontaudit_receive_howl_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to howl_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_howl_server_packets',`
++ gen_require(`
++ type howl_server_packet_t;
++ ')
++
++ allow $1 howl_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the hplip port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ allow $1 hplip_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the hplip port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ allow $1 hplip_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the hplip port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ dontaudit $1 hplip_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the hplip port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ allow $1 hplip_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the hplip port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ dontaudit $1 hplip_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the hplip port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_hplip_port',`
++ corenet_udp_send_hplip_port($1)
++ corenet_udp_receive_hplip_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the hplip port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_hplip_port',`
++ corenet_dontaudit_udp_send_hplip_port($1)
++ corenet_dontaudit_udp_receive_hplip_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the hplip port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ allow $1 hplip_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the hplip port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ allow $1 hplip_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the hplip port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_hplip_port',`
++ gen_require(`
++ type hplip_port_t;
++ ')
++
++ allow $1 hplip_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send hplip_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_hplip_client_packets',`
++ gen_require(`
++ type hplip_client_packet_t;
++ ')
++
++ allow $1 hplip_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send hplip_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_hplip_client_packets',`
++ gen_require(`
++ type hplip_client_packet_t;
++ ')
++
++ dontaudit $1 hplip_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive hplip_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_hplip_client_packets',`
++ gen_require(`
++ type hplip_client_packet_t;
++ ')
++
++ allow $1 hplip_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive hplip_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_hplip_client_packets',`
++ gen_require(`
++ type hplip_client_packet_t;
++ ')
++
++ dontaudit $1 hplip_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive hplip_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_hplip_client_packets',`
++ corenet_send_hplip_client_packets($1)
++ corenet_receive_hplip_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive hplip_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_hplip_client_packets',`
++ corenet_dontaudit_send_hplip_client_packets($1)
++ corenet_dontaudit_receive_hplip_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to hplip_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_hplip_client_packets',`
++ gen_require(`
++ type hplip_client_packet_t;
++ ')
++
++ allow $1 hplip_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send hplip_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_hplip_server_packets',`
++ gen_require(`
++ type hplip_server_packet_t;
++ ')
++
++ allow $1 hplip_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send hplip_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_hplip_server_packets',`
++ gen_require(`
++ type hplip_server_packet_t;
++ ')
++
++ dontaudit $1 hplip_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive hplip_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_hplip_server_packets',`
++ gen_require(`
++ type hplip_server_packet_t;
++ ')
++
++ allow $1 hplip_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive hplip_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_hplip_server_packets',`
++ gen_require(`
++ type hplip_server_packet_t;
++ ')
++
++ dontaudit $1 hplip_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive hplip_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_hplip_server_packets',`
++ corenet_send_hplip_server_packets($1)
++ corenet_receive_hplip_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive hplip_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_hplip_server_packets',`
++ corenet_dontaudit_send_hplip_server_packets($1)
++ corenet_dontaudit_receive_hplip_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to hplip_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_hplip_server_packets',`
++ gen_require(`
++ type hplip_server_packet_t;
++ ')
++
++ allow $1 hplip_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the i18n_input port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ allow $1 i18n_input_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the i18n_input port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ allow $1 i18n_input_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the i18n_input port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ dontaudit $1 i18n_input_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the i18n_input port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ allow $1 i18n_input_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the i18n_input port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ dontaudit $1 i18n_input_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the i18n_input port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_i18n_input_port',`
++ corenet_udp_send_i18n_input_port($1)
++ corenet_udp_receive_i18n_input_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the i18n_input port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_i18n_input_port',`
++ corenet_dontaudit_udp_send_i18n_input_port($1)
++ corenet_dontaudit_udp_receive_i18n_input_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the i18n_input port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ allow $1 i18n_input_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the i18n_input port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ allow $1 i18n_input_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the i18n_input port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_i18n_input_port',`
++ gen_require(`
++ type i18n_input_port_t;
++ ')
++
++ allow $1 i18n_input_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send i18n_input_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_i18n_input_client_packets',`
++ gen_require(`
++ type i18n_input_client_packet_t;
++ ')
++
++ allow $1 i18n_input_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send i18n_input_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_i18n_input_client_packets',`
++ gen_require(`
++ type i18n_input_client_packet_t;
++ ')
++
++ dontaudit $1 i18n_input_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive i18n_input_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_i18n_input_client_packets',`
++ gen_require(`
++ type i18n_input_client_packet_t;
++ ')
++
++ allow $1 i18n_input_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive i18n_input_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_i18n_input_client_packets',`
++ gen_require(`
++ type i18n_input_client_packet_t;
++ ')
++
++ dontaudit $1 i18n_input_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive i18n_input_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_i18n_input_client_packets',`
++ corenet_send_i18n_input_client_packets($1)
++ corenet_receive_i18n_input_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive i18n_input_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_i18n_input_client_packets',`
++ corenet_dontaudit_send_i18n_input_client_packets($1)
++ corenet_dontaudit_receive_i18n_input_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to i18n_input_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_i18n_input_client_packets',`
++ gen_require(`
++ type i18n_input_client_packet_t;
++ ')
++
++ allow $1 i18n_input_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send i18n_input_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_i18n_input_server_packets',`
++ gen_require(`
++ type i18n_input_server_packet_t;
++ ')
++
++ allow $1 i18n_input_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send i18n_input_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_i18n_input_server_packets',`
++ gen_require(`
++ type i18n_input_server_packet_t;
++ ')
++
++ dontaudit $1 i18n_input_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive i18n_input_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_i18n_input_server_packets',`
++ gen_require(`
++ type i18n_input_server_packet_t;
++ ')
++
++ allow $1 i18n_input_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive i18n_input_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_i18n_input_server_packets',`
++ gen_require(`
++ type i18n_input_server_packet_t;
++ ')
++
++ dontaudit $1 i18n_input_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive i18n_input_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_i18n_input_server_packets',`
++ corenet_send_i18n_input_server_packets($1)
++ corenet_receive_i18n_input_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive i18n_input_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_i18n_input_server_packets',`
++ corenet_dontaudit_send_i18n_input_server_packets($1)
++ corenet_dontaudit_receive_i18n_input_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to i18n_input_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_i18n_input_server_packets',`
++ gen_require(`
++ type i18n_input_server_packet_t;
++ ')
++
++ allow $1 i18n_input_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the imaze port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ allow $1 imaze_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the imaze port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ allow $1 imaze_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the imaze port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ dontaudit $1 imaze_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the imaze port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ allow $1 imaze_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the imaze port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ dontaudit $1 imaze_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the imaze port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_imaze_port',`
++ corenet_udp_send_imaze_port($1)
++ corenet_udp_receive_imaze_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the imaze port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_imaze_port',`
++ corenet_dontaudit_udp_send_imaze_port($1)
++ corenet_dontaudit_udp_receive_imaze_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the imaze port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ allow $1 imaze_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the imaze port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ allow $1 imaze_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the imaze port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_imaze_port',`
++ gen_require(`
++ type imaze_port_t;
++ ')
++
++ allow $1 imaze_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send imaze_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_imaze_client_packets',`
++ gen_require(`
++ type imaze_client_packet_t;
++ ')
++
++ allow $1 imaze_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send imaze_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_imaze_client_packets',`
++ gen_require(`
++ type imaze_client_packet_t;
++ ')
++
++ dontaudit $1 imaze_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive imaze_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_imaze_client_packets',`
++ gen_require(`
++ type imaze_client_packet_t;
++ ')
++
++ allow $1 imaze_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive imaze_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_imaze_client_packets',`
++ gen_require(`
++ type imaze_client_packet_t;
++ ')
++
++ dontaudit $1 imaze_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive imaze_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_imaze_client_packets',`
++ corenet_send_imaze_client_packets($1)
++ corenet_receive_imaze_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive imaze_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_imaze_client_packets',`
++ corenet_dontaudit_send_imaze_client_packets($1)
++ corenet_dontaudit_receive_imaze_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to imaze_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_imaze_client_packets',`
++ gen_require(`
++ type imaze_client_packet_t;
++ ')
++
++ allow $1 imaze_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send imaze_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_imaze_server_packets',`
++ gen_require(`
++ type imaze_server_packet_t;
++ ')
++
++ allow $1 imaze_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send imaze_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_imaze_server_packets',`
++ gen_require(`
++ type imaze_server_packet_t;
++ ')
++
++ dontaudit $1 imaze_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive imaze_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_imaze_server_packets',`
++ gen_require(`
++ type imaze_server_packet_t;
++ ')
++
++ allow $1 imaze_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive imaze_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_imaze_server_packets',`
++ gen_require(`
++ type imaze_server_packet_t;
++ ')
++
++ dontaudit $1 imaze_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive imaze_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_imaze_server_packets',`
++ corenet_send_imaze_server_packets($1)
++ corenet_receive_imaze_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive imaze_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_imaze_server_packets',`
++ corenet_dontaudit_send_imaze_server_packets($1)
++ corenet_dontaudit_receive_imaze_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to imaze_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_imaze_server_packets',`
++ gen_require(`
++ type imaze_server_packet_t;
++ ')
++
++ allow $1 imaze_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the inetd_child port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ allow $1 inetd_child_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the inetd_child port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ allow $1 inetd_child_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the inetd_child port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ dontaudit $1 inetd_child_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the inetd_child port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ allow $1 inetd_child_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the inetd_child port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ dontaudit $1 inetd_child_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the inetd_child port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_inetd_child_port',`
++ corenet_udp_send_inetd_child_port($1)
++ corenet_udp_receive_inetd_child_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the inetd_child port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_inetd_child_port',`
++ corenet_dontaudit_udp_send_inetd_child_port($1)
++ corenet_dontaudit_udp_receive_inetd_child_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the inetd_child port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ allow $1 inetd_child_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the inetd_child port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ allow $1 inetd_child_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the inetd_child port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_inetd_child_port',`
++ gen_require(`
++ type inetd_child_port_t;
++ ')
++
++ allow $1 inetd_child_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send inetd_child_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_inetd_child_client_packets',`
++ gen_require(`
++ type inetd_child_client_packet_t;
++ ')
++
++ allow $1 inetd_child_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send inetd_child_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_inetd_child_client_packets',`
++ gen_require(`
++ type inetd_child_client_packet_t;
++ ')
++
++ dontaudit $1 inetd_child_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive inetd_child_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_inetd_child_client_packets',`
++ gen_require(`
++ type inetd_child_client_packet_t;
++ ')
++
++ allow $1 inetd_child_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive inetd_child_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_inetd_child_client_packets',`
++ gen_require(`
++ type inetd_child_client_packet_t;
++ ')
++
++ dontaudit $1 inetd_child_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive inetd_child_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_inetd_child_client_packets',`
++ corenet_send_inetd_child_client_packets($1)
++ corenet_receive_inetd_child_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive inetd_child_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_inetd_child_client_packets',`
++ corenet_dontaudit_send_inetd_child_client_packets($1)
++ corenet_dontaudit_receive_inetd_child_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to inetd_child_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_inetd_child_client_packets',`
++ gen_require(`
++ type inetd_child_client_packet_t;
++ ')
++
++ allow $1 inetd_child_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send inetd_child_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_inetd_child_server_packets',`
++ gen_require(`
++ type inetd_child_server_packet_t;
++ ')
++
++ allow $1 inetd_child_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send inetd_child_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_inetd_child_server_packets',`
++ gen_require(`
++ type inetd_child_server_packet_t;
++ ')
++
++ dontaudit $1 inetd_child_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive inetd_child_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_inetd_child_server_packets',`
++ gen_require(`
++ type inetd_child_server_packet_t;
++ ')
++
++ allow $1 inetd_child_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive inetd_child_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_inetd_child_server_packets',`
++ gen_require(`
++ type inetd_child_server_packet_t;
++ ')
++
++ dontaudit $1 inetd_child_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive inetd_child_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_inetd_child_server_packets',`
++ corenet_send_inetd_child_server_packets($1)
++ corenet_receive_inetd_child_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive inetd_child_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_inetd_child_server_packets',`
++ corenet_dontaudit_send_inetd_child_server_packets($1)
++ corenet_dontaudit_receive_inetd_child_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to inetd_child_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_inetd_child_server_packets',`
++ gen_require(`
++ type inetd_child_server_packet_t;
++ ')
++
++ allow $1 inetd_child_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the innd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ allow $1 innd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the innd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ allow $1 innd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the innd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ dontaudit $1 innd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the innd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ allow $1 innd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the innd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ dontaudit $1 innd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the innd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_innd_port',`
++ corenet_udp_send_innd_port($1)
++ corenet_udp_receive_innd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the innd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_innd_port',`
++ corenet_dontaudit_udp_send_innd_port($1)
++ corenet_dontaudit_udp_receive_innd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the innd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ allow $1 innd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the innd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ allow $1 innd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the innd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_innd_port',`
++ gen_require(`
++ type innd_port_t;
++ ')
++
++ allow $1 innd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send innd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_innd_client_packets',`
++ gen_require(`
++ type innd_client_packet_t;
++ ')
++
++ allow $1 innd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send innd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_innd_client_packets',`
++ gen_require(`
++ type innd_client_packet_t;
++ ')
++
++ dontaudit $1 innd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive innd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_innd_client_packets',`
++ gen_require(`
++ type innd_client_packet_t;
++ ')
++
++ allow $1 innd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive innd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_innd_client_packets',`
++ gen_require(`
++ type innd_client_packet_t;
++ ')
++
++ dontaudit $1 innd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive innd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_innd_client_packets',`
++ corenet_send_innd_client_packets($1)
++ corenet_receive_innd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive innd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_innd_client_packets',`
++ corenet_dontaudit_send_innd_client_packets($1)
++ corenet_dontaudit_receive_innd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to innd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_innd_client_packets',`
++ gen_require(`
++ type innd_client_packet_t;
++ ')
++
++ allow $1 innd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send innd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_innd_server_packets',`
++ gen_require(`
++ type innd_server_packet_t;
++ ')
++
++ allow $1 innd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send innd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_innd_server_packets',`
++ gen_require(`
++ type innd_server_packet_t;
++ ')
++
++ dontaudit $1 innd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive innd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_innd_server_packets',`
++ gen_require(`
++ type innd_server_packet_t;
++ ')
++
++ allow $1 innd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive innd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_innd_server_packets',`
++ gen_require(`
++ type innd_server_packet_t;
++ ')
++
++ dontaudit $1 innd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive innd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_innd_server_packets',`
++ corenet_send_innd_server_packets($1)
++ corenet_receive_innd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive innd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_innd_server_packets',`
++ corenet_dontaudit_send_innd_server_packets($1)
++ corenet_dontaudit_receive_innd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to innd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_innd_server_packets',`
++ gen_require(`
++ type innd_server_packet_t;
++ ')
++
++ allow $1 innd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ipp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ allow $1 ipp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ipp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ allow $1 ipp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ipp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ dontaudit $1 ipp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ipp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ allow $1 ipp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ipp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ dontaudit $1 ipp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ipp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ipp_port',`
++ corenet_udp_send_ipp_port($1)
++ corenet_udp_receive_ipp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ipp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ipp_port',`
++ corenet_dontaudit_udp_send_ipp_port($1)
++ corenet_dontaudit_udp_receive_ipp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ipp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ allow $1 ipp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the ipp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ allow $1 ipp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the ipp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ipp_port',`
++ gen_require(`
++ type ipp_port_t;
++ ')
++
++ allow $1 ipp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ipp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ipp_client_packets',`
++ gen_require(`
++ type ipp_client_packet_t;
++ ')
++
++ allow $1 ipp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ipp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ipp_client_packets',`
++ gen_require(`
++ type ipp_client_packet_t;
++ ')
++
++ dontaudit $1 ipp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ipp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ipp_client_packets',`
++ gen_require(`
++ type ipp_client_packet_t;
++ ')
++
++ allow $1 ipp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ipp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ipp_client_packets',`
++ gen_require(`
++ type ipp_client_packet_t;
++ ')
++
++ dontaudit $1 ipp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ipp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ipp_client_packets',`
++ corenet_send_ipp_client_packets($1)
++ corenet_receive_ipp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ipp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ipp_client_packets',`
++ corenet_dontaudit_send_ipp_client_packets($1)
++ corenet_dontaudit_receive_ipp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ipp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ipp_client_packets',`
++ gen_require(`
++ type ipp_client_packet_t;
++ ')
++
++ allow $1 ipp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ipp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ipp_server_packets',`
++ gen_require(`
++ type ipp_server_packet_t;
++ ')
++
++ allow $1 ipp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ipp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ipp_server_packets',`
++ gen_require(`
++ type ipp_server_packet_t;
++ ')
++
++ dontaudit $1 ipp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ipp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ipp_server_packets',`
++ gen_require(`
++ type ipp_server_packet_t;
++ ')
++
++ allow $1 ipp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ipp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ipp_server_packets',`
++ gen_require(`
++ type ipp_server_packet_t;
++ ')
++
++ dontaudit $1 ipp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ipp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ipp_server_packets',`
++ corenet_send_ipp_server_packets($1)
++ corenet_receive_ipp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ipp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ipp_server_packets',`
++ corenet_dontaudit_send_ipp_server_packets($1)
++ corenet_dontaudit_receive_ipp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ipp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ipp_server_packets',`
++ gen_require(`
++ type ipp_server_packet_t;
++ ')
++
++ allow $1 ipp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ipsecnat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ allow $1 ipsecnat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ipsecnat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ allow $1 ipsecnat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ipsecnat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ dontaudit $1 ipsecnat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ipsecnat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ allow $1 ipsecnat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ipsecnat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ dontaudit $1 ipsecnat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ipsecnat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ipsecnat_port',`
++ corenet_udp_send_ipsecnat_port($1)
++ corenet_udp_receive_ipsecnat_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ipsecnat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ipsecnat_port',`
++ corenet_dontaudit_udp_send_ipsecnat_port($1)
++ corenet_dontaudit_udp_receive_ipsecnat_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ipsecnat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ allow $1 ipsecnat_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the ipsecnat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ allow $1 ipsecnat_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the ipsecnat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ipsecnat_port',`
++ gen_require(`
++ type ipsecnat_port_t;
++ ')
++
++ allow $1 ipsecnat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ipsecnat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ipsecnat_client_packets',`
++ gen_require(`
++ type ipsecnat_client_packet_t;
++ ')
++
++ allow $1 ipsecnat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ipsecnat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ipsecnat_client_packets',`
++ gen_require(`
++ type ipsecnat_client_packet_t;
++ ')
++
++ dontaudit $1 ipsecnat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ipsecnat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ipsecnat_client_packets',`
++ gen_require(`
++ type ipsecnat_client_packet_t;
++ ')
++
++ allow $1 ipsecnat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ipsecnat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ipsecnat_client_packets',`
++ gen_require(`
++ type ipsecnat_client_packet_t;
++ ')
++
++ dontaudit $1 ipsecnat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ipsecnat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ipsecnat_client_packets',`
++ corenet_send_ipsecnat_client_packets($1)
++ corenet_receive_ipsecnat_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ipsecnat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ipsecnat_client_packets',`
++ corenet_dontaudit_send_ipsecnat_client_packets($1)
++ corenet_dontaudit_receive_ipsecnat_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ipsecnat_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ipsecnat_client_packets',`
++ gen_require(`
++ type ipsecnat_client_packet_t;
++ ')
++
++ allow $1 ipsecnat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ipsecnat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ipsecnat_server_packets',`
++ gen_require(`
++ type ipsecnat_server_packet_t;
++ ')
++
++ allow $1 ipsecnat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ipsecnat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ipsecnat_server_packets',`
++ gen_require(`
++ type ipsecnat_server_packet_t;
++ ')
++
++ dontaudit $1 ipsecnat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ipsecnat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ipsecnat_server_packets',`
++ gen_require(`
++ type ipsecnat_server_packet_t;
++ ')
++
++ allow $1 ipsecnat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ipsecnat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ipsecnat_server_packets',`
++ gen_require(`
++ type ipsecnat_server_packet_t;
++ ')
++
++ dontaudit $1 ipsecnat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ipsecnat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ipsecnat_server_packets',`
++ corenet_send_ipsecnat_server_packets($1)
++ corenet_receive_ipsecnat_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ipsecnat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ipsecnat_server_packets',`
++ corenet_dontaudit_send_ipsecnat_server_packets($1)
++ corenet_dontaudit_receive_ipsecnat_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ipsecnat_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ipsecnat_server_packets',`
++ gen_require(`
++ type ipsecnat_server_packet_t;
++ ')
++
++ allow $1 ipsecnat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ircd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ allow $1 ircd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ircd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ allow $1 ircd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ircd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ dontaudit $1 ircd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ircd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ allow $1 ircd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ircd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ dontaudit $1 ircd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ircd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ircd_port',`
++ corenet_udp_send_ircd_port($1)
++ corenet_udp_receive_ircd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ircd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ircd_port',`
++ corenet_dontaudit_udp_send_ircd_port($1)
++ corenet_dontaudit_udp_receive_ircd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ircd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ allow $1 ircd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the ircd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ allow $1 ircd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the ircd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ircd_port',`
++ gen_require(`
++ type ircd_port_t;
++ ')
++
++ allow $1 ircd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ircd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ircd_client_packets',`
++ gen_require(`
++ type ircd_client_packet_t;
++ ')
++
++ allow $1 ircd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ircd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ircd_client_packets',`
++ gen_require(`
++ type ircd_client_packet_t;
++ ')
++
++ dontaudit $1 ircd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ircd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ircd_client_packets',`
++ gen_require(`
++ type ircd_client_packet_t;
++ ')
++
++ allow $1 ircd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ircd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ircd_client_packets',`
++ gen_require(`
++ type ircd_client_packet_t;
++ ')
++
++ dontaudit $1 ircd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ircd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ircd_client_packets',`
++ corenet_send_ircd_client_packets($1)
++ corenet_receive_ircd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ircd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ircd_client_packets',`
++ corenet_dontaudit_send_ircd_client_packets($1)
++ corenet_dontaudit_receive_ircd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ircd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ircd_client_packets',`
++ gen_require(`
++ type ircd_client_packet_t;
++ ')
++
++ allow $1 ircd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ircd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ircd_server_packets',`
++ gen_require(`
++ type ircd_server_packet_t;
++ ')
++
++ allow $1 ircd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ircd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ircd_server_packets',`
++ gen_require(`
++ type ircd_server_packet_t;
++ ')
++
++ dontaudit $1 ircd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ircd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ircd_server_packets',`
++ gen_require(`
++ type ircd_server_packet_t;
++ ')
++
++ allow $1 ircd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ircd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ircd_server_packets',`
++ gen_require(`
++ type ircd_server_packet_t;
++ ')
++
++ dontaudit $1 ircd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ircd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ircd_server_packets',`
++ corenet_send_ircd_server_packets($1)
++ corenet_receive_ircd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ircd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ircd_server_packets',`
++ corenet_dontaudit_send_ircd_server_packets($1)
++ corenet_dontaudit_receive_ircd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ircd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ircd_server_packets',`
++ gen_require(`
++ type ircd_server_packet_t;
++ ')
++
++ allow $1 ircd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the isakmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ allow $1 isakmp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the isakmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ allow $1 isakmp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the isakmp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ dontaudit $1 isakmp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the isakmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ allow $1 isakmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the isakmp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ dontaudit $1 isakmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the isakmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_isakmp_port',`
++ corenet_udp_send_isakmp_port($1)
++ corenet_udp_receive_isakmp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the isakmp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_isakmp_port',`
++ corenet_dontaudit_udp_send_isakmp_port($1)
++ corenet_dontaudit_udp_receive_isakmp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the isakmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ allow $1 isakmp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the isakmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ allow $1 isakmp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the isakmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_isakmp_port',`
++ gen_require(`
++ type isakmp_port_t;
++ ')
++
++ allow $1 isakmp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send isakmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_isakmp_client_packets',`
++ gen_require(`
++ type isakmp_client_packet_t;
++ ')
++
++ allow $1 isakmp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send isakmp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_isakmp_client_packets',`
++ gen_require(`
++ type isakmp_client_packet_t;
++ ')
++
++ dontaudit $1 isakmp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive isakmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_isakmp_client_packets',`
++ gen_require(`
++ type isakmp_client_packet_t;
++ ')
++
++ allow $1 isakmp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive isakmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_isakmp_client_packets',`
++ gen_require(`
++ type isakmp_client_packet_t;
++ ')
++
++ dontaudit $1 isakmp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive isakmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_isakmp_client_packets',`
++ corenet_send_isakmp_client_packets($1)
++ corenet_receive_isakmp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive isakmp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_isakmp_client_packets',`
++ corenet_dontaudit_send_isakmp_client_packets($1)
++ corenet_dontaudit_receive_isakmp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to isakmp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_isakmp_client_packets',`
++ gen_require(`
++ type isakmp_client_packet_t;
++ ')
++
++ allow $1 isakmp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send isakmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_isakmp_server_packets',`
++ gen_require(`
++ type isakmp_server_packet_t;
++ ')
++
++ allow $1 isakmp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send isakmp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_isakmp_server_packets',`
++ gen_require(`
++ type isakmp_server_packet_t;
++ ')
++
++ dontaudit $1 isakmp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive isakmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_isakmp_server_packets',`
++ gen_require(`
++ type isakmp_server_packet_t;
++ ')
++
++ allow $1 isakmp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive isakmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_isakmp_server_packets',`
++ gen_require(`
++ type isakmp_server_packet_t;
++ ')
++
++ dontaudit $1 isakmp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive isakmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_isakmp_server_packets',`
++ corenet_send_isakmp_server_packets($1)
++ corenet_receive_isakmp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive isakmp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_isakmp_server_packets',`
++ corenet_dontaudit_send_isakmp_server_packets($1)
++ corenet_dontaudit_receive_isakmp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to isakmp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_isakmp_server_packets',`
++ gen_require(`
++ type isakmp_server_packet_t;
++ ')
++
++ allow $1 isakmp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the iscsi port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ allow $1 iscsi_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the iscsi port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ allow $1 iscsi_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the iscsi port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ dontaudit $1 iscsi_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the iscsi port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ allow $1 iscsi_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the iscsi port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ dontaudit $1 iscsi_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the iscsi port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_iscsi_port',`
++ corenet_udp_send_iscsi_port($1)
++ corenet_udp_receive_iscsi_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the iscsi port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_iscsi_port',`
++ corenet_dontaudit_udp_send_iscsi_port($1)
++ corenet_dontaudit_udp_receive_iscsi_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the iscsi port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ allow $1 iscsi_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the iscsi port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ allow $1 iscsi_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the iscsi port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_iscsi_port',`
++ gen_require(`
++ type iscsi_port_t;
++ ')
++
++ allow $1 iscsi_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send iscsi_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_iscsi_client_packets',`
++ gen_require(`
++ type iscsi_client_packet_t;
++ ')
++
++ allow $1 iscsi_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send iscsi_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_iscsi_client_packets',`
++ gen_require(`
++ type iscsi_client_packet_t;
++ ')
++
++ dontaudit $1 iscsi_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive iscsi_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_iscsi_client_packets',`
++ gen_require(`
++ type iscsi_client_packet_t;
++ ')
++
++ allow $1 iscsi_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive iscsi_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_iscsi_client_packets',`
++ gen_require(`
++ type iscsi_client_packet_t;
++ ')
++
++ dontaudit $1 iscsi_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive iscsi_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_iscsi_client_packets',`
++ corenet_send_iscsi_client_packets($1)
++ corenet_receive_iscsi_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive iscsi_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_iscsi_client_packets',`
++ corenet_dontaudit_send_iscsi_client_packets($1)
++ corenet_dontaudit_receive_iscsi_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to iscsi_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_iscsi_client_packets',`
++ gen_require(`
++ type iscsi_client_packet_t;
++ ')
++
++ allow $1 iscsi_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send iscsi_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_iscsi_server_packets',`
++ gen_require(`
++ type iscsi_server_packet_t;
++ ')
++
++ allow $1 iscsi_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send iscsi_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_iscsi_server_packets',`
++ gen_require(`
++ type iscsi_server_packet_t;
++ ')
++
++ dontaudit $1 iscsi_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive iscsi_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_iscsi_server_packets',`
++ gen_require(`
++ type iscsi_server_packet_t;
++ ')
++
++ allow $1 iscsi_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive iscsi_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_iscsi_server_packets',`
++ gen_require(`
++ type iscsi_server_packet_t;
++ ')
++
++ dontaudit $1 iscsi_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive iscsi_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_iscsi_server_packets',`
++ corenet_send_iscsi_server_packets($1)
++ corenet_receive_iscsi_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive iscsi_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_iscsi_server_packets',`
++ corenet_dontaudit_send_iscsi_server_packets($1)
++ corenet_dontaudit_receive_iscsi_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to iscsi_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_iscsi_server_packets',`
++ gen_require(`
++ type iscsi_server_packet_t;
++ ')
++
++ allow $1 iscsi_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the isns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ allow $1 isns_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the isns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ allow $1 isns_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the isns port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ dontaudit $1 isns_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the isns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ allow $1 isns_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the isns port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ dontaudit $1 isns_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the isns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_isns_port',`
++ corenet_udp_send_isns_port($1)
++ corenet_udp_receive_isns_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the isns port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_isns_port',`
++ corenet_dontaudit_udp_send_isns_port($1)
++ corenet_dontaudit_udp_receive_isns_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the isns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ allow $1 isns_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the isns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ allow $1 isns_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the isns port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_isns_port',`
++ gen_require(`
++ type isns_port_t;
++ ')
++
++ allow $1 isns_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send isns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_isns_client_packets',`
++ gen_require(`
++ type isns_client_packet_t;
++ ')
++
++ allow $1 isns_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send isns_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_isns_client_packets',`
++ gen_require(`
++ type isns_client_packet_t;
++ ')
++
++ dontaudit $1 isns_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive isns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_isns_client_packets',`
++ gen_require(`
++ type isns_client_packet_t;
++ ')
++
++ allow $1 isns_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive isns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_isns_client_packets',`
++ gen_require(`
++ type isns_client_packet_t;
++ ')
++
++ dontaudit $1 isns_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive isns_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_isns_client_packets',`
++ corenet_send_isns_client_packets($1)
++ corenet_receive_isns_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive isns_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_isns_client_packets',`
++ corenet_dontaudit_send_isns_client_packets($1)
++ corenet_dontaudit_receive_isns_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to isns_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_isns_client_packets',`
++ gen_require(`
++ type isns_client_packet_t;
++ ')
++
++ allow $1 isns_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send isns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_isns_server_packets',`
++ gen_require(`
++ type isns_server_packet_t;
++ ')
++
++ allow $1 isns_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send isns_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_isns_server_packets',`
++ gen_require(`
++ type isns_server_packet_t;
++ ')
++
++ dontaudit $1 isns_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive isns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_isns_server_packets',`
++ gen_require(`
++ type isns_server_packet_t;
++ ')
++
++ allow $1 isns_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive isns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_isns_server_packets',`
++ gen_require(`
++ type isns_server_packet_t;
++ ')
++
++ dontaudit $1 isns_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive isns_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_isns_server_packets',`
++ corenet_send_isns_server_packets($1)
++ corenet_receive_isns_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive isns_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_isns_server_packets',`
++ corenet_dontaudit_send_isns_server_packets($1)
++ corenet_dontaudit_receive_isns_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to isns_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_isns_server_packets',`
++ gen_require(`
++ type isns_server_packet_t;
++ ')
++
++ allow $1 isns_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the jabber_client port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ allow $1 jabber_client_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the jabber_client port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ allow $1 jabber_client_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the jabber_client port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ dontaudit $1 jabber_client_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the jabber_client port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ allow $1 jabber_client_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the jabber_client port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ dontaudit $1 jabber_client_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the jabber_client port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_jabber_client_port',`
++ corenet_udp_send_jabber_client_port($1)
++ corenet_udp_receive_jabber_client_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the jabber_client port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_jabber_client_port',`
++ corenet_dontaudit_udp_send_jabber_client_port($1)
++ corenet_dontaudit_udp_receive_jabber_client_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the jabber_client port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ allow $1 jabber_client_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the jabber_client port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ allow $1 jabber_client_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the jabber_client port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_jabber_client_port',`
++ gen_require(`
++ type jabber_client_port_t;
++ ')
++
++ allow $1 jabber_client_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send jabber_client_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_jabber_client_client_packets',`
++ gen_require(`
++ type jabber_client_client_packet_t;
++ ')
++
++ allow $1 jabber_client_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send jabber_client_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_jabber_client_client_packets',`
++ gen_require(`
++ type jabber_client_client_packet_t;
++ ')
++
++ dontaudit $1 jabber_client_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive jabber_client_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_jabber_client_client_packets',`
++ gen_require(`
++ type jabber_client_client_packet_t;
++ ')
++
++ allow $1 jabber_client_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive jabber_client_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_jabber_client_client_packets',`
++ gen_require(`
++ type jabber_client_client_packet_t;
++ ')
++
++ dontaudit $1 jabber_client_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive jabber_client_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_jabber_client_client_packets',`
++ corenet_send_jabber_client_client_packets($1)
++ corenet_receive_jabber_client_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive jabber_client_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_jabber_client_client_packets',`
++ corenet_dontaudit_send_jabber_client_client_packets($1)
++ corenet_dontaudit_receive_jabber_client_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to jabber_client_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_jabber_client_client_packets',`
++ gen_require(`
++ type jabber_client_client_packet_t;
++ ')
++
++ allow $1 jabber_client_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send jabber_client_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_jabber_client_server_packets',`
++ gen_require(`
++ type jabber_client_server_packet_t;
++ ')
++
++ allow $1 jabber_client_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send jabber_client_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_jabber_client_server_packets',`
++ gen_require(`
++ type jabber_client_server_packet_t;
++ ')
++
++ dontaudit $1 jabber_client_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive jabber_client_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_jabber_client_server_packets',`
++ gen_require(`
++ type jabber_client_server_packet_t;
++ ')
++
++ allow $1 jabber_client_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive jabber_client_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_jabber_client_server_packets',`
++ gen_require(`
++ type jabber_client_server_packet_t;
++ ')
++
++ dontaudit $1 jabber_client_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive jabber_client_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_jabber_client_server_packets',`
++ corenet_send_jabber_client_server_packets($1)
++ corenet_receive_jabber_client_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive jabber_client_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_jabber_client_server_packets',`
++ corenet_dontaudit_send_jabber_client_server_packets($1)
++ corenet_dontaudit_receive_jabber_client_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to jabber_client_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_jabber_client_server_packets',`
++ gen_require(`
++ type jabber_client_server_packet_t;
++ ')
++
++ allow $1 jabber_client_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the jabber_interserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ allow $1 jabber_interserver_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the jabber_interserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ allow $1 jabber_interserver_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the jabber_interserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ dontaudit $1 jabber_interserver_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the jabber_interserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ allow $1 jabber_interserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the jabber_interserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ dontaudit $1 jabber_interserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the jabber_interserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_jabber_interserver_port',`
++ corenet_udp_send_jabber_interserver_port($1)
++ corenet_udp_receive_jabber_interserver_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the jabber_interserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_jabber_interserver_port',`
++ corenet_dontaudit_udp_send_jabber_interserver_port($1)
++ corenet_dontaudit_udp_receive_jabber_interserver_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the jabber_interserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ allow $1 jabber_interserver_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the jabber_interserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ allow $1 jabber_interserver_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the jabber_interserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_jabber_interserver_port',`
++ gen_require(`
++ type jabber_interserver_port_t;
++ ')
++
++ allow $1 jabber_interserver_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send jabber_interserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_jabber_interserver_client_packets',`
++ gen_require(`
++ type jabber_interserver_client_packet_t;
++ ')
++
++ allow $1 jabber_interserver_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send jabber_interserver_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_jabber_interserver_client_packets',`
++ gen_require(`
++ type jabber_interserver_client_packet_t;
++ ')
++
++ dontaudit $1 jabber_interserver_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive jabber_interserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_jabber_interserver_client_packets',`
++ gen_require(`
++ type jabber_interserver_client_packet_t;
++ ')
++
++ allow $1 jabber_interserver_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive jabber_interserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_jabber_interserver_client_packets',`
++ gen_require(`
++ type jabber_interserver_client_packet_t;
++ ')
++
++ dontaudit $1 jabber_interserver_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive jabber_interserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_jabber_interserver_client_packets',`
++ corenet_send_jabber_interserver_client_packets($1)
++ corenet_receive_jabber_interserver_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive jabber_interserver_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_jabber_interserver_client_packets',`
++ corenet_dontaudit_send_jabber_interserver_client_packets($1)
++ corenet_dontaudit_receive_jabber_interserver_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to jabber_interserver_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_jabber_interserver_client_packets',`
++ gen_require(`
++ type jabber_interserver_client_packet_t;
++ ')
++
++ allow $1 jabber_interserver_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send jabber_interserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_jabber_interserver_server_packets',`
++ gen_require(`
++ type jabber_interserver_server_packet_t;
++ ')
++
++ allow $1 jabber_interserver_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send jabber_interserver_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_jabber_interserver_server_packets',`
++ gen_require(`
++ type jabber_interserver_server_packet_t;
++ ')
++
++ dontaudit $1 jabber_interserver_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive jabber_interserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_jabber_interserver_server_packets',`
++ gen_require(`
++ type jabber_interserver_server_packet_t;
++ ')
++
++ allow $1 jabber_interserver_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive jabber_interserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_jabber_interserver_server_packets',`
++ gen_require(`
++ type jabber_interserver_server_packet_t;
++ ')
++
++ dontaudit $1 jabber_interserver_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive jabber_interserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_jabber_interserver_server_packets',`
++ corenet_send_jabber_interserver_server_packets($1)
++ corenet_receive_jabber_interserver_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive jabber_interserver_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_jabber_interserver_server_packets',`
++ corenet_dontaudit_send_jabber_interserver_server_packets($1)
++ corenet_dontaudit_receive_jabber_interserver_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to jabber_interserver_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_jabber_interserver_server_packets',`
++ gen_require(`
++ type jabber_interserver_server_packet_t;
++ ')
++
++ allow $1 jabber_interserver_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the kerberos_admin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ allow $1 kerberos_admin_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the kerberos_admin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ allow $1 kerberos_admin_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the kerberos_admin port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ dontaudit $1 kerberos_admin_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the kerberos_admin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ allow $1 kerberos_admin_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the kerberos_admin port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ dontaudit $1 kerberos_admin_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the kerberos_admin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_kerberos_admin_port',`
++ corenet_udp_send_kerberos_admin_port($1)
++ corenet_udp_receive_kerberos_admin_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the kerberos_admin port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_kerberos_admin_port',`
++ corenet_dontaudit_udp_send_kerberos_admin_port($1)
++ corenet_dontaudit_udp_receive_kerberos_admin_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the kerberos_admin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ allow $1 kerberos_admin_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the kerberos_admin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ allow $1 kerberos_admin_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the kerberos_admin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_kerberos_admin_port',`
++ gen_require(`
++ type kerberos_admin_port_t;
++ ')
++
++ allow $1 kerberos_admin_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send kerberos_admin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kerberos_admin_client_packets',`
++ gen_require(`
++ type kerberos_admin_client_packet_t;
++ ')
++
++ allow $1 kerberos_admin_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kerberos_admin_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kerberos_admin_client_packets',`
++ gen_require(`
++ type kerberos_admin_client_packet_t;
++ ')
++
++ dontaudit $1 kerberos_admin_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kerberos_admin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kerberos_admin_client_packets',`
++ gen_require(`
++ type kerberos_admin_client_packet_t;
++ ')
++
++ allow $1 kerberos_admin_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kerberos_admin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kerberos_admin_client_packets',`
++ gen_require(`
++ type kerberos_admin_client_packet_t;
++ ')
++
++ dontaudit $1 kerberos_admin_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kerberos_admin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kerberos_admin_client_packets',`
++ corenet_send_kerberos_admin_client_packets($1)
++ corenet_receive_kerberos_admin_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kerberos_admin_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_admin_client_packets',`
++ corenet_dontaudit_send_kerberos_admin_client_packets($1)
++ corenet_dontaudit_receive_kerberos_admin_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kerberos_admin_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kerberos_admin_client_packets',`
++ gen_require(`
++ type kerberos_admin_client_packet_t;
++ ')
++
++ allow $1 kerberos_admin_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send kerberos_admin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kerberos_admin_server_packets',`
++ gen_require(`
++ type kerberos_admin_server_packet_t;
++ ')
++
++ allow $1 kerberos_admin_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kerberos_admin_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kerberos_admin_server_packets',`
++ gen_require(`
++ type kerberos_admin_server_packet_t;
++ ')
++
++ dontaudit $1 kerberos_admin_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kerberos_admin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kerberos_admin_server_packets',`
++ gen_require(`
++ type kerberos_admin_server_packet_t;
++ ')
++
++ allow $1 kerberos_admin_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kerberos_admin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kerberos_admin_server_packets',`
++ gen_require(`
++ type kerberos_admin_server_packet_t;
++ ')
++
++ dontaudit $1 kerberos_admin_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kerberos_admin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kerberos_admin_server_packets',`
++ corenet_send_kerberos_admin_server_packets($1)
++ corenet_receive_kerberos_admin_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kerberos_admin_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_admin_server_packets',`
++ corenet_dontaudit_send_kerberos_admin_server_packets($1)
++ corenet_dontaudit_receive_kerberos_admin_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kerberos_admin_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kerberos_admin_server_packets',`
++ gen_require(`
++ type kerberos_admin_server_packet_t;
++ ')
++
++ allow $1 kerberos_admin_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the kerberos_master port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ allow $1 kerberos_master_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the kerberos_master port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ allow $1 kerberos_master_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the kerberos_master port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ dontaudit $1 kerberos_master_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the kerberos_master port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ allow $1 kerberos_master_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the kerberos_master port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ dontaudit $1 kerberos_master_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the kerberos_master port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_kerberos_master_port',`
++ corenet_udp_send_kerberos_master_port($1)
++ corenet_udp_receive_kerberos_master_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the kerberos_master port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_kerberos_master_port',`
++ corenet_dontaudit_udp_send_kerberos_master_port($1)
++ corenet_dontaudit_udp_receive_kerberos_master_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the kerberos_master port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ allow $1 kerberos_master_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the kerberos_master port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ allow $1 kerberos_master_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the kerberos_master port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_kerberos_master_port',`
++ gen_require(`
++ type kerberos_master_port_t;
++ ')
++
++ allow $1 kerberos_master_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send kerberos_master_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kerberos_master_client_packets',`
++ gen_require(`
++ type kerberos_master_client_packet_t;
++ ')
++
++ allow $1 kerberos_master_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kerberos_master_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kerberos_master_client_packets',`
++ gen_require(`
++ type kerberos_master_client_packet_t;
++ ')
++
++ dontaudit $1 kerberos_master_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kerberos_master_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kerberos_master_client_packets',`
++ gen_require(`
++ type kerberos_master_client_packet_t;
++ ')
++
++ allow $1 kerberos_master_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kerberos_master_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kerberos_master_client_packets',`
++ gen_require(`
++ type kerberos_master_client_packet_t;
++ ')
++
++ dontaudit $1 kerberos_master_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kerberos_master_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kerberos_master_client_packets',`
++ corenet_send_kerberos_master_client_packets($1)
++ corenet_receive_kerberos_master_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kerberos_master_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_master_client_packets',`
++ corenet_dontaudit_send_kerberos_master_client_packets($1)
++ corenet_dontaudit_receive_kerberos_master_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kerberos_master_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kerberos_master_client_packets',`
++ gen_require(`
++ type kerberos_master_client_packet_t;
++ ')
++
++ allow $1 kerberos_master_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send kerberos_master_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kerberos_master_server_packets',`
++ gen_require(`
++ type kerberos_master_server_packet_t;
++ ')
++
++ allow $1 kerberos_master_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kerberos_master_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kerberos_master_server_packets',`
++ gen_require(`
++ type kerberos_master_server_packet_t;
++ ')
++
++ dontaudit $1 kerberos_master_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kerberos_master_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kerberos_master_server_packets',`
++ gen_require(`
++ type kerberos_master_server_packet_t;
++ ')
++
++ allow $1 kerberos_master_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kerberos_master_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kerberos_master_server_packets',`
++ gen_require(`
++ type kerberos_master_server_packet_t;
++ ')
++
++ dontaudit $1 kerberos_master_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kerberos_master_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kerberos_master_server_packets',`
++ corenet_send_kerberos_master_server_packets($1)
++ corenet_receive_kerberos_master_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kerberos_master_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_master_server_packets',`
++ corenet_dontaudit_send_kerberos_master_server_packets($1)
++ corenet_dontaudit_receive_kerberos_master_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kerberos_master_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kerberos_master_server_packets',`
++ gen_require(`
++ type kerberos_master_server_packet_t;
++ ')
++
++ allow $1 kerberos_master_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the kerberos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ allow $1 kerberos_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the kerberos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ allow $1 kerberos_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the kerberos port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ dontaudit $1 kerberos_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the kerberos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ allow $1 kerberos_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the kerberos port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ dontaudit $1 kerberos_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the kerberos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_kerberos_port',`
++ corenet_udp_send_kerberos_port($1)
++ corenet_udp_receive_kerberos_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the kerberos port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_kerberos_port',`
++ corenet_dontaudit_udp_send_kerberos_port($1)
++ corenet_dontaudit_udp_receive_kerberos_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the kerberos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ allow $1 kerberos_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the kerberos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ allow $1 kerberos_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the kerberos port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_kerberos_port',`
++ gen_require(`
++ type kerberos_port_t;
++ ')
++
++ allow $1 kerberos_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send kerberos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kerberos_client_packets',`
++ gen_require(`
++ type kerberos_client_packet_t;
++ ')
++
++ allow $1 kerberos_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kerberos_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kerberos_client_packets',`
++ gen_require(`
++ type kerberos_client_packet_t;
++ ')
++
++ dontaudit $1 kerberos_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kerberos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kerberos_client_packets',`
++ gen_require(`
++ type kerberos_client_packet_t;
++ ')
++
++ allow $1 kerberos_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kerberos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kerberos_client_packets',`
++ gen_require(`
++ type kerberos_client_packet_t;
++ ')
++
++ dontaudit $1 kerberos_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kerberos_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kerberos_client_packets',`
++ corenet_send_kerberos_client_packets($1)
++ corenet_receive_kerberos_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kerberos_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_client_packets',`
++ corenet_dontaudit_send_kerberos_client_packets($1)
++ corenet_dontaudit_receive_kerberos_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kerberos_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kerberos_client_packets',`
++ gen_require(`
++ type kerberos_client_packet_t;
++ ')
++
++ allow $1 kerberos_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send kerberos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kerberos_server_packets',`
++ gen_require(`
++ type kerberos_server_packet_t;
++ ')
++
++ allow $1 kerberos_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kerberos_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kerberos_server_packets',`
++ gen_require(`
++ type kerberos_server_packet_t;
++ ')
++
++ dontaudit $1 kerberos_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kerberos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kerberos_server_packets',`
++ gen_require(`
++ type kerberos_server_packet_t;
++ ')
++
++ allow $1 kerberos_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kerberos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kerberos_server_packets',`
++ gen_require(`
++ type kerberos_server_packet_t;
++ ')
++
++ dontaudit $1 kerberos_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kerberos_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kerberos_server_packets',`
++ corenet_send_kerberos_server_packets($1)
++ corenet_receive_kerberos_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kerberos_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kerberos_server_packets',`
++ corenet_dontaudit_send_kerberos_server_packets($1)
++ corenet_dontaudit_receive_kerberos_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kerberos_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kerberos_server_packets',`
++ gen_require(`
++ type kerberos_server_packet_t;
++ ')
++
++ allow $1 kerberos_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the kismet port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ allow $1 kismet_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the kismet port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ allow $1 kismet_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the kismet port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ dontaudit $1 kismet_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the kismet port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ allow $1 kismet_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the kismet port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ dontaudit $1 kismet_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the kismet port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_kismet_port',`
++ corenet_udp_send_kismet_port($1)
++ corenet_udp_receive_kismet_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the kismet port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_kismet_port',`
++ corenet_dontaudit_udp_send_kismet_port($1)
++ corenet_dontaudit_udp_receive_kismet_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the kismet port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ allow $1 kismet_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the kismet port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ allow $1 kismet_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the kismet port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_kismet_port',`
++ gen_require(`
++ type kismet_port_t;
++ ')
++
++ allow $1 kismet_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send kismet_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kismet_client_packets',`
++ gen_require(`
++ type kismet_client_packet_t;
++ ')
++
++ allow $1 kismet_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kismet_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kismet_client_packets',`
++ gen_require(`
++ type kismet_client_packet_t;
++ ')
++
++ dontaudit $1 kismet_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kismet_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kismet_client_packets',`
++ gen_require(`
++ type kismet_client_packet_t;
++ ')
++
++ allow $1 kismet_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kismet_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kismet_client_packets',`
++ gen_require(`
++ type kismet_client_packet_t;
++ ')
++
++ dontaudit $1 kismet_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kismet_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kismet_client_packets',`
++ corenet_send_kismet_client_packets($1)
++ corenet_receive_kismet_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kismet_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kismet_client_packets',`
++ corenet_dontaudit_send_kismet_client_packets($1)
++ corenet_dontaudit_receive_kismet_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kismet_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kismet_client_packets',`
++ gen_require(`
++ type kismet_client_packet_t;
++ ')
++
++ allow $1 kismet_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send kismet_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kismet_server_packets',`
++ gen_require(`
++ type kismet_server_packet_t;
++ ')
++
++ allow $1 kismet_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kismet_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kismet_server_packets',`
++ gen_require(`
++ type kismet_server_packet_t;
++ ')
++
++ dontaudit $1 kismet_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kismet_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kismet_server_packets',`
++ gen_require(`
++ type kismet_server_packet_t;
++ ')
++
++ allow $1 kismet_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kismet_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kismet_server_packets',`
++ gen_require(`
++ type kismet_server_packet_t;
++ ')
++
++ dontaudit $1 kismet_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kismet_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kismet_server_packets',`
++ corenet_send_kismet_server_packets($1)
++ corenet_receive_kismet_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kismet_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kismet_server_packets',`
++ corenet_dontaudit_send_kismet_server_packets($1)
++ corenet_dontaudit_receive_kismet_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kismet_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kismet_server_packets',`
++ gen_require(`
++ type kismet_server_packet_t;
++ ')
++
++ allow $1 kismet_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the kprop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ allow $1 kprop_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the kprop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ allow $1 kprop_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the kprop port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ dontaudit $1 kprop_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the kprop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ allow $1 kprop_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the kprop port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ dontaudit $1 kprop_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the kprop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_kprop_port',`
++ corenet_udp_send_kprop_port($1)
++ corenet_udp_receive_kprop_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the kprop port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_kprop_port',`
++ corenet_dontaudit_udp_send_kprop_port($1)
++ corenet_dontaudit_udp_receive_kprop_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the kprop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ allow $1 kprop_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the kprop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ allow $1 kprop_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the kprop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_kprop_port',`
++ gen_require(`
++ type kprop_port_t;
++ ')
++
++ allow $1 kprop_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send kprop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kprop_client_packets',`
++ gen_require(`
++ type kprop_client_packet_t;
++ ')
++
++ allow $1 kprop_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kprop_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kprop_client_packets',`
++ gen_require(`
++ type kprop_client_packet_t;
++ ')
++
++ dontaudit $1 kprop_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kprop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kprop_client_packets',`
++ gen_require(`
++ type kprop_client_packet_t;
++ ')
++
++ allow $1 kprop_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kprop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kprop_client_packets',`
++ gen_require(`
++ type kprop_client_packet_t;
++ ')
++
++ dontaudit $1 kprop_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kprop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kprop_client_packets',`
++ corenet_send_kprop_client_packets($1)
++ corenet_receive_kprop_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kprop_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kprop_client_packets',`
++ corenet_dontaudit_send_kprop_client_packets($1)
++ corenet_dontaudit_receive_kprop_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kprop_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kprop_client_packets',`
++ gen_require(`
++ type kprop_client_packet_t;
++ ')
++
++ allow $1 kprop_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send kprop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_kprop_server_packets',`
++ gen_require(`
++ type kprop_server_packet_t;
++ ')
++
++ allow $1 kprop_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send kprop_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_kprop_server_packets',`
++ gen_require(`
++ type kprop_server_packet_t;
++ ')
++
++ dontaudit $1 kprop_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive kprop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_kprop_server_packets',`
++ gen_require(`
++ type kprop_server_packet_t;
++ ')
++
++ allow $1 kprop_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive kprop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_kprop_server_packets',`
++ gen_require(`
++ type kprop_server_packet_t;
++ ')
++
++ dontaudit $1 kprop_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive kprop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_kprop_server_packets',`
++ corenet_send_kprop_server_packets($1)
++ corenet_receive_kprop_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive kprop_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_kprop_server_packets',`
++ corenet_dontaudit_send_kprop_server_packets($1)
++ corenet_dontaudit_receive_kprop_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to kprop_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_kprop_server_packets',`
++ gen_require(`
++ type kprop_server_packet_t;
++ ')
++
++ allow $1 kprop_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ktalkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ allow $1 ktalkd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ktalkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ allow $1 ktalkd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ktalkd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ dontaudit $1 ktalkd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ktalkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ allow $1 ktalkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ktalkd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ dontaudit $1 ktalkd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ktalkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ktalkd_port',`
++ corenet_udp_send_ktalkd_port($1)
++ corenet_udp_receive_ktalkd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ktalkd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ktalkd_port',`
++ corenet_dontaudit_udp_send_ktalkd_port($1)
++ corenet_dontaudit_udp_receive_ktalkd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ktalkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ allow $1 ktalkd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the ktalkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ allow $1 ktalkd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the ktalkd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ktalkd_port',`
++ gen_require(`
++ type ktalkd_port_t;
++ ')
++
++ allow $1 ktalkd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ktalkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ktalkd_client_packets',`
++ gen_require(`
++ type ktalkd_client_packet_t;
++ ')
++
++ allow $1 ktalkd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ktalkd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ktalkd_client_packets',`
++ gen_require(`
++ type ktalkd_client_packet_t;
++ ')
++
++ dontaudit $1 ktalkd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ktalkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ktalkd_client_packets',`
++ gen_require(`
++ type ktalkd_client_packet_t;
++ ')
++
++ allow $1 ktalkd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ktalkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ktalkd_client_packets',`
++ gen_require(`
++ type ktalkd_client_packet_t;
++ ')
++
++ dontaudit $1 ktalkd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ktalkd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ktalkd_client_packets',`
++ corenet_send_ktalkd_client_packets($1)
++ corenet_receive_ktalkd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ktalkd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ktalkd_client_packets',`
++ corenet_dontaudit_send_ktalkd_client_packets($1)
++ corenet_dontaudit_receive_ktalkd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ktalkd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ktalkd_client_packets',`
++ gen_require(`
++ type ktalkd_client_packet_t;
++ ')
++
++ allow $1 ktalkd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ktalkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ktalkd_server_packets',`
++ gen_require(`
++ type ktalkd_server_packet_t;
++ ')
++
++ allow $1 ktalkd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ktalkd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ktalkd_server_packets',`
++ gen_require(`
++ type ktalkd_server_packet_t;
++ ')
++
++ dontaudit $1 ktalkd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ktalkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ktalkd_server_packets',`
++ gen_require(`
++ type ktalkd_server_packet_t;
++ ')
++
++ allow $1 ktalkd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ktalkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ktalkd_server_packets',`
++ gen_require(`
++ type ktalkd_server_packet_t;
++ ')
++
++ dontaudit $1 ktalkd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ktalkd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ktalkd_server_packets',`
++ corenet_send_ktalkd_server_packets($1)
++ corenet_receive_ktalkd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ktalkd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ktalkd_server_packets',`
++ corenet_dontaudit_send_ktalkd_server_packets($1)
++ corenet_dontaudit_receive_ktalkd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ktalkd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ktalkd_server_packets',`
++ gen_require(`
++ type ktalkd_server_packet_t;
++ ')
++
++ allow $1 ktalkd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ldap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ allow $1 ldap_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ldap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ allow $1 ldap_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ldap port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ dontaudit $1 ldap_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ldap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ allow $1 ldap_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ldap port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ dontaudit $1 ldap_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ldap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ldap_port',`
++ corenet_udp_send_ldap_port($1)
++ corenet_udp_receive_ldap_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ldap port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ldap_port',`
++ corenet_dontaudit_udp_send_ldap_port($1)
++ corenet_dontaudit_udp_receive_ldap_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ldap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ allow $1 ldap_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the ldap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ allow $1 ldap_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the ldap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ldap_port',`
++ gen_require(`
++ type ldap_port_t;
++ ')
++
++ allow $1 ldap_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ldap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ldap_client_packets',`
++ gen_require(`
++ type ldap_client_packet_t;
++ ')
++
++ allow $1 ldap_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ldap_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ldap_client_packets',`
++ gen_require(`
++ type ldap_client_packet_t;
++ ')
++
++ dontaudit $1 ldap_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ldap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ldap_client_packets',`
++ gen_require(`
++ type ldap_client_packet_t;
++ ')
++
++ allow $1 ldap_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ldap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ldap_client_packets',`
++ gen_require(`
++ type ldap_client_packet_t;
++ ')
++
++ dontaudit $1 ldap_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ldap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ldap_client_packets',`
++ corenet_send_ldap_client_packets($1)
++ corenet_receive_ldap_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ldap_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ldap_client_packets',`
++ corenet_dontaudit_send_ldap_client_packets($1)
++ corenet_dontaudit_receive_ldap_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ldap_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ldap_client_packets',`
++ gen_require(`
++ type ldap_client_packet_t;
++ ')
++
++ allow $1 ldap_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ldap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ldap_server_packets',`
++ gen_require(`
++ type ldap_server_packet_t;
++ ')
++
++ allow $1 ldap_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ldap_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ldap_server_packets',`
++ gen_require(`
++ type ldap_server_packet_t;
++ ')
++
++ dontaudit $1 ldap_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ldap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ldap_server_packets',`
++ gen_require(`
++ type ldap_server_packet_t;
++ ')
++
++ allow $1 ldap_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ldap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ldap_server_packets',`
++ gen_require(`
++ type ldap_server_packet_t;
++ ')
++
++ dontaudit $1 ldap_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ldap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ldap_server_packets',`
++ corenet_send_ldap_server_packets($1)
++ corenet_receive_ldap_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ldap_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ldap_server_packets',`
++ corenet_dontaudit_send_ldap_server_packets($1)
++ corenet_dontaudit_receive_ldap_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ldap_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ldap_server_packets',`
++ gen_require(`
++ type ldap_server_packet_t;
++ ')
++
++ allow $1 ldap_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the lmtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ allow $1 lmtp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the lmtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ allow $1 lmtp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the lmtp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ dontaudit $1 lmtp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the lmtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ allow $1 lmtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the lmtp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ dontaudit $1 lmtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the lmtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_lmtp_port',`
++ corenet_udp_send_lmtp_port($1)
++ corenet_udp_receive_lmtp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the lmtp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_lmtp_port',`
++ corenet_dontaudit_udp_send_lmtp_port($1)
++ corenet_dontaudit_udp_receive_lmtp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the lmtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ allow $1 lmtp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the lmtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ allow $1 lmtp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the lmtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_lmtp_port',`
++ gen_require(`
++ type lmtp_port_t;
++ ')
++
++ allow $1 lmtp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send lmtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_lmtp_client_packets',`
++ gen_require(`
++ type lmtp_client_packet_t;
++ ')
++
++ allow $1 lmtp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send lmtp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_lmtp_client_packets',`
++ gen_require(`
++ type lmtp_client_packet_t;
++ ')
++
++ dontaudit $1 lmtp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive lmtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_lmtp_client_packets',`
++ gen_require(`
++ type lmtp_client_packet_t;
++ ')
++
++ allow $1 lmtp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive lmtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_lmtp_client_packets',`
++ gen_require(`
++ type lmtp_client_packet_t;
++ ')
++
++ dontaudit $1 lmtp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive lmtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_lmtp_client_packets',`
++ corenet_send_lmtp_client_packets($1)
++ corenet_receive_lmtp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive lmtp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_lmtp_client_packets',`
++ corenet_dontaudit_send_lmtp_client_packets($1)
++ corenet_dontaudit_receive_lmtp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to lmtp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_lmtp_client_packets',`
++ gen_require(`
++ type lmtp_client_packet_t;
++ ')
++
++ allow $1 lmtp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send lmtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_lmtp_server_packets',`
++ gen_require(`
++ type lmtp_server_packet_t;
++ ')
++
++ allow $1 lmtp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send lmtp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_lmtp_server_packets',`
++ gen_require(`
++ type lmtp_server_packet_t;
++ ')
++
++ dontaudit $1 lmtp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive lmtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_lmtp_server_packets',`
++ gen_require(`
++ type lmtp_server_packet_t;
++ ')
++
++ allow $1 lmtp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive lmtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_lmtp_server_packets',`
++ gen_require(`
++ type lmtp_server_packet_t;
++ ')
++
++ dontaudit $1 lmtp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive lmtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_lmtp_server_packets',`
++ corenet_send_lmtp_server_packets($1)
++ corenet_receive_lmtp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive lmtp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_lmtp_server_packets',`
++ corenet_dontaudit_send_lmtp_server_packets($1)
++ corenet_dontaudit_receive_lmtp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to lmtp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_lmtp_server_packets',`
++ gen_require(`
++ type lmtp_server_packet_t;
++ ')
++
++ allow $1 lmtp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the mail port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ allow $1 mail_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the mail port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ allow $1 mail_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the mail port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ dontaudit $1 mail_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the mail port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ allow $1 mail_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the mail port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ dontaudit $1 mail_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the mail port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_mail_port',`
++ corenet_udp_send_mail_port($1)
++ corenet_udp_receive_mail_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the mail port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_mail_port',`
++ corenet_dontaudit_udp_send_mail_port($1)
++ corenet_dontaudit_udp_receive_mail_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the mail port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ allow $1 mail_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the mail port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ allow $1 mail_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the mail port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_mail_port',`
++ gen_require(`
++ type mail_port_t;
++ ')
++
++ allow $1 mail_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send mail_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mail_client_packets',`
++ gen_require(`
++ type mail_client_packet_t;
++ ')
++
++ allow $1 mail_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mail_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mail_client_packets',`
++ gen_require(`
++ type mail_client_packet_t;
++ ')
++
++ dontaudit $1 mail_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mail_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mail_client_packets',`
++ gen_require(`
++ type mail_client_packet_t;
++ ')
++
++ allow $1 mail_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mail_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mail_client_packets',`
++ gen_require(`
++ type mail_client_packet_t;
++ ')
++
++ dontaudit $1 mail_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mail_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mail_client_packets',`
++ corenet_send_mail_client_packets($1)
++ corenet_receive_mail_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mail_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mail_client_packets',`
++ corenet_dontaudit_send_mail_client_packets($1)
++ corenet_dontaudit_receive_mail_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mail_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mail_client_packets',`
++ gen_require(`
++ type mail_client_packet_t;
++ ')
++
++ allow $1 mail_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send mail_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mail_server_packets',`
++ gen_require(`
++ type mail_server_packet_t;
++ ')
++
++ allow $1 mail_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mail_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mail_server_packets',`
++ gen_require(`
++ type mail_server_packet_t;
++ ')
++
++ dontaudit $1 mail_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mail_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mail_server_packets',`
++ gen_require(`
++ type mail_server_packet_t;
++ ')
++
++ allow $1 mail_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mail_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mail_server_packets',`
++ gen_require(`
++ type mail_server_packet_t;
++ ')
++
++ dontaudit $1 mail_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mail_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mail_server_packets',`
++ corenet_send_mail_server_packets($1)
++ corenet_receive_mail_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mail_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mail_server_packets',`
++ corenet_dontaudit_send_mail_server_packets($1)
++ corenet_dontaudit_receive_mail_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mail_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mail_server_packets',`
++ gen_require(`
++ type mail_server_packet_t;
++ ')
++
++ allow $1 mail_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the mmcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ allow $1 mmcc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the mmcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ allow $1 mmcc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the mmcc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ dontaudit $1 mmcc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the mmcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ allow $1 mmcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the mmcc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ dontaudit $1 mmcc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the mmcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_mmcc_port',`
++ corenet_udp_send_mmcc_port($1)
++ corenet_udp_receive_mmcc_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the mmcc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_mmcc_port',`
++ corenet_dontaudit_udp_send_mmcc_port($1)
++ corenet_dontaudit_udp_receive_mmcc_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the mmcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ allow $1 mmcc_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the mmcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ allow $1 mmcc_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the mmcc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_mmcc_port',`
++ gen_require(`
++ type mmcc_port_t;
++ ')
++
++ allow $1 mmcc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send mmcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mmcc_client_packets',`
++ gen_require(`
++ type mmcc_client_packet_t;
++ ')
++
++ allow $1 mmcc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mmcc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mmcc_client_packets',`
++ gen_require(`
++ type mmcc_client_packet_t;
++ ')
++
++ dontaudit $1 mmcc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mmcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mmcc_client_packets',`
++ gen_require(`
++ type mmcc_client_packet_t;
++ ')
++
++ allow $1 mmcc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mmcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mmcc_client_packets',`
++ gen_require(`
++ type mmcc_client_packet_t;
++ ')
++
++ dontaudit $1 mmcc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mmcc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mmcc_client_packets',`
++ corenet_send_mmcc_client_packets($1)
++ corenet_receive_mmcc_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mmcc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mmcc_client_packets',`
++ corenet_dontaudit_send_mmcc_client_packets($1)
++ corenet_dontaudit_receive_mmcc_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mmcc_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mmcc_client_packets',`
++ gen_require(`
++ type mmcc_client_packet_t;
++ ')
++
++ allow $1 mmcc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send mmcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mmcc_server_packets',`
++ gen_require(`
++ type mmcc_server_packet_t;
++ ')
++
++ allow $1 mmcc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mmcc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mmcc_server_packets',`
++ gen_require(`
++ type mmcc_server_packet_t;
++ ')
++
++ dontaudit $1 mmcc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mmcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mmcc_server_packets',`
++ gen_require(`
++ type mmcc_server_packet_t;
++ ')
++
++ allow $1 mmcc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mmcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mmcc_server_packets',`
++ gen_require(`
++ type mmcc_server_packet_t;
++ ')
++
++ dontaudit $1 mmcc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mmcc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mmcc_server_packets',`
++ corenet_send_mmcc_server_packets($1)
++ corenet_receive_mmcc_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mmcc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mmcc_server_packets',`
++ corenet_dontaudit_send_mmcc_server_packets($1)
++ corenet_dontaudit_receive_mmcc_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mmcc_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mmcc_server_packets',`
++ gen_require(`
++ type mmcc_server_packet_t;
++ ')
++
++ allow $1 mmcc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the monopd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ allow $1 monopd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the monopd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ allow $1 monopd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the monopd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ dontaudit $1 monopd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the monopd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ allow $1 monopd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the monopd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ dontaudit $1 monopd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the monopd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_monopd_port',`
++ corenet_udp_send_monopd_port($1)
++ corenet_udp_receive_monopd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the monopd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_monopd_port',`
++ corenet_dontaudit_udp_send_monopd_port($1)
++ corenet_dontaudit_udp_receive_monopd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the monopd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ allow $1 monopd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the monopd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ allow $1 monopd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the monopd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_monopd_port',`
++ gen_require(`
++ type monopd_port_t;
++ ')
++
++ allow $1 monopd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send monopd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_monopd_client_packets',`
++ gen_require(`
++ type monopd_client_packet_t;
++ ')
++
++ allow $1 monopd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send monopd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_monopd_client_packets',`
++ gen_require(`
++ type monopd_client_packet_t;
++ ')
++
++ dontaudit $1 monopd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive monopd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_monopd_client_packets',`
++ gen_require(`
++ type monopd_client_packet_t;
++ ')
++
++ allow $1 monopd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive monopd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_monopd_client_packets',`
++ gen_require(`
++ type monopd_client_packet_t;
++ ')
++
++ dontaudit $1 monopd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive monopd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_monopd_client_packets',`
++ corenet_send_monopd_client_packets($1)
++ corenet_receive_monopd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive monopd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_monopd_client_packets',`
++ corenet_dontaudit_send_monopd_client_packets($1)
++ corenet_dontaudit_receive_monopd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to monopd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_monopd_client_packets',`
++ gen_require(`
++ type monopd_client_packet_t;
++ ')
++
++ allow $1 monopd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send monopd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_monopd_server_packets',`
++ gen_require(`
++ type monopd_server_packet_t;
++ ')
++
++ allow $1 monopd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send monopd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_monopd_server_packets',`
++ gen_require(`
++ type monopd_server_packet_t;
++ ')
++
++ dontaudit $1 monopd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive monopd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_monopd_server_packets',`
++ gen_require(`
++ type monopd_server_packet_t;
++ ')
++
++ allow $1 monopd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive monopd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_monopd_server_packets',`
++ gen_require(`
++ type monopd_server_packet_t;
++ ')
++
++ dontaudit $1 monopd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive monopd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_monopd_server_packets',`
++ corenet_send_monopd_server_packets($1)
++ corenet_receive_monopd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive monopd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_monopd_server_packets',`
++ corenet_dontaudit_send_monopd_server_packets($1)
++ corenet_dontaudit_receive_monopd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to monopd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_monopd_server_packets',`
++ gen_require(`
++ type monopd_server_packet_t;
++ ')
++
++ allow $1 monopd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the msnp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ allow $1 msnp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the msnp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ allow $1 msnp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the msnp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ dontaudit $1 msnp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the msnp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ allow $1 msnp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the msnp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ dontaudit $1 msnp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the msnp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_msnp_port',`
++ corenet_udp_send_msnp_port($1)
++ corenet_udp_receive_msnp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the msnp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_msnp_port',`
++ corenet_dontaudit_udp_send_msnp_port($1)
++ corenet_dontaudit_udp_receive_msnp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the msnp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ allow $1 msnp_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the msnp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ allow $1 msnp_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the msnp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_msnp_port',`
++ gen_require(`
++ type msnp_port_t;
++ ')
++
++ allow $1 msnp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send msnp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_msnp_client_packets',`
++ gen_require(`
++ type msnp_client_packet_t;
++ ')
++
++ allow $1 msnp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send msnp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_msnp_client_packets',`
++ gen_require(`
++ type msnp_client_packet_t;
++ ')
++
++ dontaudit $1 msnp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive msnp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_msnp_client_packets',`
++ gen_require(`
++ type msnp_client_packet_t;
++ ')
++
++ allow $1 msnp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive msnp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_msnp_client_packets',`
++ gen_require(`
++ type msnp_client_packet_t;
++ ')
++
++ dontaudit $1 msnp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive msnp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_msnp_client_packets',`
++ corenet_send_msnp_client_packets($1)
++ corenet_receive_msnp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive msnp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_msnp_client_packets',`
++ corenet_dontaudit_send_msnp_client_packets($1)
++ corenet_dontaudit_receive_msnp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to msnp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_msnp_client_packets',`
++ gen_require(`
++ type msnp_client_packet_t;
++ ')
++
++ allow $1 msnp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send msnp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_msnp_server_packets',`
++ gen_require(`
++ type msnp_server_packet_t;
++ ')
++
++ allow $1 msnp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send msnp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_msnp_server_packets',`
++ gen_require(`
++ type msnp_server_packet_t;
++ ')
++
++ dontaudit $1 msnp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive msnp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_msnp_server_packets',`
++ gen_require(`
++ type msnp_server_packet_t;
++ ')
++
++ allow $1 msnp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive msnp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_msnp_server_packets',`
++ gen_require(`
++ type msnp_server_packet_t;
++ ')
++
++ dontaudit $1 msnp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive msnp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_msnp_server_packets',`
++ corenet_send_msnp_server_packets($1)
++ corenet_receive_msnp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive msnp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_msnp_server_packets',`
++ corenet_dontaudit_send_msnp_server_packets($1)
++ corenet_dontaudit_receive_msnp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to msnp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_msnp_server_packets',`
++ gen_require(`
++ type msnp_server_packet_t;
++ ')
++
++ allow $1 msnp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the munin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ allow $1 munin_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the munin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ allow $1 munin_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the munin port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ dontaudit $1 munin_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the munin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ allow $1 munin_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the munin port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ dontaudit $1 munin_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the munin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_munin_port',`
++ corenet_udp_send_munin_port($1)
++ corenet_udp_receive_munin_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the munin port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_munin_port',`
++ corenet_dontaudit_udp_send_munin_port($1)
++ corenet_dontaudit_udp_receive_munin_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the munin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ allow $1 munin_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the munin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ allow $1 munin_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the munin port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_munin_port',`
++ gen_require(`
++ type munin_port_t;
++ ')
++
++ allow $1 munin_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send munin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_munin_client_packets',`
++ gen_require(`
++ type munin_client_packet_t;
++ ')
++
++ allow $1 munin_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send munin_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_munin_client_packets',`
++ gen_require(`
++ type munin_client_packet_t;
++ ')
++
++ dontaudit $1 munin_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive munin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_munin_client_packets',`
++ gen_require(`
++ type munin_client_packet_t;
++ ')
++
++ allow $1 munin_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive munin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_munin_client_packets',`
++ gen_require(`
++ type munin_client_packet_t;
++ ')
++
++ dontaudit $1 munin_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive munin_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_munin_client_packets',`
++ corenet_send_munin_client_packets($1)
++ corenet_receive_munin_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive munin_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_munin_client_packets',`
++ corenet_dontaudit_send_munin_client_packets($1)
++ corenet_dontaudit_receive_munin_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to munin_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_munin_client_packets',`
++ gen_require(`
++ type munin_client_packet_t;
++ ')
++
++ allow $1 munin_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send munin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_munin_server_packets',`
++ gen_require(`
++ type munin_server_packet_t;
++ ')
++
++ allow $1 munin_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send munin_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_munin_server_packets',`
++ gen_require(`
++ type munin_server_packet_t;
++ ')
++
++ dontaudit $1 munin_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive munin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_munin_server_packets',`
++ gen_require(`
++ type munin_server_packet_t;
++ ')
++
++ allow $1 munin_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive munin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_munin_server_packets',`
++ gen_require(`
++ type munin_server_packet_t;
++ ')
++
++ dontaudit $1 munin_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive munin_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_munin_server_packets',`
++ corenet_send_munin_server_packets($1)
++ corenet_receive_munin_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive munin_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_munin_server_packets',`
++ corenet_dontaudit_send_munin_server_packets($1)
++ corenet_dontaudit_receive_munin_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to munin_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_munin_server_packets',`
++ gen_require(`
++ type munin_server_packet_t;
++ ')
++
++ allow $1 munin_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the mythtv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ allow $1 mythtv_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the mythtv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ allow $1 mythtv_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the mythtv port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ dontaudit $1 mythtv_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the mythtv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ allow $1 mythtv_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the mythtv port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ dontaudit $1 mythtv_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the mythtv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_mythtv_port',`
++ corenet_udp_send_mythtv_port($1)
++ corenet_udp_receive_mythtv_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the mythtv port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_mythtv_port',`
++ corenet_dontaudit_udp_send_mythtv_port($1)
++ corenet_dontaudit_udp_receive_mythtv_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the mythtv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ allow $1 mythtv_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the mythtv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ allow $1 mythtv_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the mythtv port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_mythtv_port',`
++ gen_require(`
++ type mythtv_port_t;
++ ')
++
++ allow $1 mythtv_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send mythtv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mythtv_client_packets',`
++ gen_require(`
++ type mythtv_client_packet_t;
++ ')
++
++ allow $1 mythtv_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mythtv_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mythtv_client_packets',`
++ gen_require(`
++ type mythtv_client_packet_t;
++ ')
++
++ dontaudit $1 mythtv_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mythtv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mythtv_client_packets',`
++ gen_require(`
++ type mythtv_client_packet_t;
++ ')
++
++ allow $1 mythtv_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mythtv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mythtv_client_packets',`
++ gen_require(`
++ type mythtv_client_packet_t;
++ ')
++
++ dontaudit $1 mythtv_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mythtv_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mythtv_client_packets',`
++ corenet_send_mythtv_client_packets($1)
++ corenet_receive_mythtv_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mythtv_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mythtv_client_packets',`
++ corenet_dontaudit_send_mythtv_client_packets($1)
++ corenet_dontaudit_receive_mythtv_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mythtv_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mythtv_client_packets',`
++ gen_require(`
++ type mythtv_client_packet_t;
++ ')
++
++ allow $1 mythtv_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send mythtv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mythtv_server_packets',`
++ gen_require(`
++ type mythtv_server_packet_t;
++ ')
++
++ allow $1 mythtv_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mythtv_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mythtv_server_packets',`
++ gen_require(`
++ type mythtv_server_packet_t;
++ ')
++
++ dontaudit $1 mythtv_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mythtv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mythtv_server_packets',`
++ gen_require(`
++ type mythtv_server_packet_t;
++ ')
++
++ allow $1 mythtv_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mythtv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mythtv_server_packets',`
++ gen_require(`
++ type mythtv_server_packet_t;
++ ')
++
++ dontaudit $1 mythtv_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mythtv_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mythtv_server_packets',`
++ corenet_send_mythtv_server_packets($1)
++ corenet_receive_mythtv_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mythtv_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mythtv_server_packets',`
++ corenet_dontaudit_send_mythtv_server_packets($1)
++ corenet_dontaudit_receive_mythtv_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mythtv_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mythtv_server_packets',`
++ gen_require(`
++ type mythtv_server_packet_t;
++ ')
++
++ allow $1 mythtv_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the mysqld port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ allow $1 mysqld_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the mysqld port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ allow $1 mysqld_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the mysqld port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ dontaudit $1 mysqld_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the mysqld port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ allow $1 mysqld_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the mysqld port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ dontaudit $1 mysqld_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the mysqld port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_mysqld_port',`
++ corenet_udp_send_mysqld_port($1)
++ corenet_udp_receive_mysqld_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the mysqld port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_mysqld_port',`
++ corenet_dontaudit_udp_send_mysqld_port($1)
++ corenet_dontaudit_udp_receive_mysqld_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the mysqld port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ allow $1 mysqld_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the mysqld port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ allow $1 mysqld_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the mysqld port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_mysqld_port',`
++ gen_require(`
++ type mysqld_port_t;
++ ')
++
++ allow $1 mysqld_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send mysqld_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mysqld_client_packets',`
++ gen_require(`
++ type mysqld_client_packet_t;
++ ')
++
++ allow $1 mysqld_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mysqld_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mysqld_client_packets',`
++ gen_require(`
++ type mysqld_client_packet_t;
++ ')
++
++ dontaudit $1 mysqld_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mysqld_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mysqld_client_packets',`
++ gen_require(`
++ type mysqld_client_packet_t;
++ ')
++
++ allow $1 mysqld_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mysqld_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mysqld_client_packets',`
++ gen_require(`
++ type mysqld_client_packet_t;
++ ')
++
++ dontaudit $1 mysqld_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mysqld_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mysqld_client_packets',`
++ corenet_send_mysqld_client_packets($1)
++ corenet_receive_mysqld_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mysqld_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mysqld_client_packets',`
++ corenet_dontaudit_send_mysqld_client_packets($1)
++ corenet_dontaudit_receive_mysqld_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mysqld_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mysqld_client_packets',`
++ gen_require(`
++ type mysqld_client_packet_t;
++ ')
++
++ allow $1 mysqld_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send mysqld_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_mysqld_server_packets',`
++ gen_require(`
++ type mysqld_server_packet_t;
++ ')
++
++ allow $1 mysqld_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send mysqld_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_mysqld_server_packets',`
++ gen_require(`
++ type mysqld_server_packet_t;
++ ')
++
++ dontaudit $1 mysqld_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive mysqld_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_mysqld_server_packets',`
++ gen_require(`
++ type mysqld_server_packet_t;
++ ')
++
++ allow $1 mysqld_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive mysqld_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_mysqld_server_packets',`
++ gen_require(`
++ type mysqld_server_packet_t;
++ ')
++
++ dontaudit $1 mysqld_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive mysqld_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_mysqld_server_packets',`
++ corenet_send_mysqld_server_packets($1)
++ corenet_receive_mysqld_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive mysqld_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_mysqld_server_packets',`
++ corenet_dontaudit_send_mysqld_server_packets($1)
++ corenet_dontaudit_receive_mysqld_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to mysqld_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_mysqld_server_packets',`
++ gen_require(`
++ type mysqld_server_packet_t;
++ ')
++
++ allow $1 mysqld_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the nessus port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ allow $1 nessus_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the nessus port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ allow $1 nessus_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the nessus port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ dontaudit $1 nessus_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the nessus port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ allow $1 nessus_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the nessus port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ dontaudit $1 nessus_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the nessus port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_nessus_port',`
++ corenet_udp_send_nessus_port($1)
++ corenet_udp_receive_nessus_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the nessus port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_nessus_port',`
++ corenet_dontaudit_udp_send_nessus_port($1)
++ corenet_dontaudit_udp_receive_nessus_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the nessus port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ allow $1 nessus_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the nessus port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ allow $1 nessus_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the nessus port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_nessus_port',`
++ gen_require(`
++ type nessus_port_t;
++ ')
++
++ allow $1 nessus_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send nessus_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_nessus_client_packets',`
++ gen_require(`
++ type nessus_client_packet_t;
++ ')
++
++ allow $1 nessus_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send nessus_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_nessus_client_packets',`
++ gen_require(`
++ type nessus_client_packet_t;
++ ')
++
++ dontaudit $1 nessus_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive nessus_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_nessus_client_packets',`
++ gen_require(`
++ type nessus_client_packet_t;
++ ')
++
++ allow $1 nessus_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive nessus_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_nessus_client_packets',`
++ gen_require(`
++ type nessus_client_packet_t;
++ ')
++
++ dontaudit $1 nessus_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive nessus_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_nessus_client_packets',`
++ corenet_send_nessus_client_packets($1)
++ corenet_receive_nessus_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive nessus_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_nessus_client_packets',`
++ corenet_dontaudit_send_nessus_client_packets($1)
++ corenet_dontaudit_receive_nessus_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to nessus_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_nessus_client_packets',`
++ gen_require(`
++ type nessus_client_packet_t;
++ ')
++
++ allow $1 nessus_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send nessus_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_nessus_server_packets',`
++ gen_require(`
++ type nessus_server_packet_t;
++ ')
++
++ allow $1 nessus_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send nessus_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_nessus_server_packets',`
++ gen_require(`
++ type nessus_server_packet_t;
++ ')
++
++ dontaudit $1 nessus_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive nessus_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_nessus_server_packets',`
++ gen_require(`
++ type nessus_server_packet_t;
++ ')
++
++ allow $1 nessus_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive nessus_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_nessus_server_packets',`
++ gen_require(`
++ type nessus_server_packet_t;
++ ')
++
++ dontaudit $1 nessus_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive nessus_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_nessus_server_packets',`
++ corenet_send_nessus_server_packets($1)
++ corenet_receive_nessus_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive nessus_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_nessus_server_packets',`
++ corenet_dontaudit_send_nessus_server_packets($1)
++ corenet_dontaudit_receive_nessus_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to nessus_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_nessus_server_packets',`
++ gen_require(`
++ type nessus_server_packet_t;
++ ')
++
++ allow $1 nessus_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the netsupport port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ allow $1 netsupport_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the netsupport port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ allow $1 netsupport_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the netsupport port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ dontaudit $1 netsupport_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the netsupport port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ allow $1 netsupport_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the netsupport port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ dontaudit $1 netsupport_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the netsupport port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_netsupport_port',`
++ corenet_udp_send_netsupport_port($1)
++ corenet_udp_receive_netsupport_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the netsupport port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_netsupport_port',`
++ corenet_dontaudit_udp_send_netsupport_port($1)
++ corenet_dontaudit_udp_receive_netsupport_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the netsupport port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ allow $1 netsupport_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the netsupport port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ allow $1 netsupport_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the netsupport port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_netsupport_port',`
++ gen_require(`
++ type netsupport_port_t;
++ ')
++
++ allow $1 netsupport_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send netsupport_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_netsupport_client_packets',`
++ gen_require(`
++ type netsupport_client_packet_t;
++ ')
++
++ allow $1 netsupport_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send netsupport_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_netsupport_client_packets',`
++ gen_require(`
++ type netsupport_client_packet_t;
++ ')
++
++ dontaudit $1 netsupport_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive netsupport_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_netsupport_client_packets',`
++ gen_require(`
++ type netsupport_client_packet_t;
++ ')
++
++ allow $1 netsupport_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive netsupport_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_netsupport_client_packets',`
++ gen_require(`
++ type netsupport_client_packet_t;
++ ')
++
++ dontaudit $1 netsupport_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive netsupport_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_netsupport_client_packets',`
++ corenet_send_netsupport_client_packets($1)
++ corenet_receive_netsupport_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive netsupport_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_netsupport_client_packets',`
++ corenet_dontaudit_send_netsupport_client_packets($1)
++ corenet_dontaudit_receive_netsupport_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to netsupport_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_netsupport_client_packets',`
++ gen_require(`
++ type netsupport_client_packet_t;
++ ')
++
++ allow $1 netsupport_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send netsupport_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_netsupport_server_packets',`
++ gen_require(`
++ type netsupport_server_packet_t;
++ ')
++
++ allow $1 netsupport_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send netsupport_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_netsupport_server_packets',`
++ gen_require(`
++ type netsupport_server_packet_t;
++ ')
++
++ dontaudit $1 netsupport_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive netsupport_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_netsupport_server_packets',`
++ gen_require(`
++ type netsupport_server_packet_t;
++ ')
++
++ allow $1 netsupport_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive netsupport_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_netsupport_server_packets',`
++ gen_require(`
++ type netsupport_server_packet_t;
++ ')
++
++ dontaudit $1 netsupport_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive netsupport_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_netsupport_server_packets',`
++ corenet_send_netsupport_server_packets($1)
++ corenet_receive_netsupport_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive netsupport_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_netsupport_server_packets',`
++ corenet_dontaudit_send_netsupport_server_packets($1)
++ corenet_dontaudit_receive_netsupport_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to netsupport_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_netsupport_server_packets',`
++ gen_require(`
++ type netsupport_server_packet_t;
++ ')
++
++ allow $1 netsupport_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the nmbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ allow $1 nmbd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the nmbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ allow $1 nmbd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the nmbd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ dontaudit $1 nmbd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the nmbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ allow $1 nmbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the nmbd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ dontaudit $1 nmbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the nmbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_nmbd_port',`
++ corenet_udp_send_nmbd_port($1)
++ corenet_udp_receive_nmbd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the nmbd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_nmbd_port',`
++ corenet_dontaudit_udp_send_nmbd_port($1)
++ corenet_dontaudit_udp_receive_nmbd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the nmbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ allow $1 nmbd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the nmbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ allow $1 nmbd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the nmbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_nmbd_port',`
++ gen_require(`
++ type nmbd_port_t;
++ ')
++
++ allow $1 nmbd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send nmbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_nmbd_client_packets',`
++ gen_require(`
++ type nmbd_client_packet_t;
++ ')
++
++ allow $1 nmbd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send nmbd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_nmbd_client_packets',`
++ gen_require(`
++ type nmbd_client_packet_t;
++ ')
++
++ dontaudit $1 nmbd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive nmbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_nmbd_client_packets',`
++ gen_require(`
++ type nmbd_client_packet_t;
++ ')
++
++ allow $1 nmbd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive nmbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_nmbd_client_packets',`
++ gen_require(`
++ type nmbd_client_packet_t;
++ ')
++
++ dontaudit $1 nmbd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive nmbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_nmbd_client_packets',`
++ corenet_send_nmbd_client_packets($1)
++ corenet_receive_nmbd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive nmbd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_nmbd_client_packets',`
++ corenet_dontaudit_send_nmbd_client_packets($1)
++ corenet_dontaudit_receive_nmbd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to nmbd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_nmbd_client_packets',`
++ gen_require(`
++ type nmbd_client_packet_t;
++ ')
++
++ allow $1 nmbd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send nmbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_nmbd_server_packets',`
++ gen_require(`
++ type nmbd_server_packet_t;
++ ')
++
++ allow $1 nmbd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send nmbd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_nmbd_server_packets',`
++ gen_require(`
++ type nmbd_server_packet_t;
++ ')
++
++ dontaudit $1 nmbd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive nmbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_nmbd_server_packets',`
++ gen_require(`
++ type nmbd_server_packet_t;
++ ')
++
++ allow $1 nmbd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive nmbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_nmbd_server_packets',`
++ gen_require(`
++ type nmbd_server_packet_t;
++ ')
++
++ dontaudit $1 nmbd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive nmbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_nmbd_server_packets',`
++ corenet_send_nmbd_server_packets($1)
++ corenet_receive_nmbd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive nmbd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_nmbd_server_packets',`
++ corenet_dontaudit_send_nmbd_server_packets($1)
++ corenet_dontaudit_receive_nmbd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to nmbd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_nmbd_server_packets',`
++ gen_require(`
++ type nmbd_server_packet_t;
++ ')
++
++ allow $1 nmbd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ntp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ allow $1 ntp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ntp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ allow $1 ntp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ntp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ dontaudit $1 ntp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ntp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ allow $1 ntp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ntp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ dontaudit $1 ntp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ntp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ntp_port',`
++ corenet_udp_send_ntp_port($1)
++ corenet_udp_receive_ntp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ntp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ntp_port',`
++ corenet_dontaudit_udp_send_ntp_port($1)
++ corenet_dontaudit_udp_receive_ntp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ntp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ allow $1 ntp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the ntp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ allow $1 ntp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the ntp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ntp_port',`
++ gen_require(`
++ type ntp_port_t;
++ ')
++
++ allow $1 ntp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ntp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ntp_client_packets',`
++ gen_require(`
++ type ntp_client_packet_t;
++ ')
++
++ allow $1 ntp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ntp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ntp_client_packets',`
++ gen_require(`
++ type ntp_client_packet_t;
++ ')
++
++ dontaudit $1 ntp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ntp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ntp_client_packets',`
++ gen_require(`
++ type ntp_client_packet_t;
++ ')
++
++ allow $1 ntp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ntp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ntp_client_packets',`
++ gen_require(`
++ type ntp_client_packet_t;
++ ')
++
++ dontaudit $1 ntp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ntp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ntp_client_packets',`
++ corenet_send_ntp_client_packets($1)
++ corenet_receive_ntp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ntp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ntp_client_packets',`
++ corenet_dontaudit_send_ntp_client_packets($1)
++ corenet_dontaudit_receive_ntp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ntp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ntp_client_packets',`
++ gen_require(`
++ type ntp_client_packet_t;
++ ')
++
++ allow $1 ntp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ntp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ntp_server_packets',`
++ gen_require(`
++ type ntp_server_packet_t;
++ ')
++
++ allow $1 ntp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ntp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ntp_server_packets',`
++ gen_require(`
++ type ntp_server_packet_t;
++ ')
++
++ dontaudit $1 ntp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ntp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ntp_server_packets',`
++ gen_require(`
++ type ntp_server_packet_t;
++ ')
++
++ allow $1 ntp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ntp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ntp_server_packets',`
++ gen_require(`
++ type ntp_server_packet_t;
++ ')
++
++ dontaudit $1 ntp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ntp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ntp_server_packets',`
++ corenet_send_ntp_server_packets($1)
++ corenet_receive_ntp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ntp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ntp_server_packets',`
++ corenet_dontaudit_send_ntp_server_packets($1)
++ corenet_dontaudit_receive_ntp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ntp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ntp_server_packets',`
++ gen_require(`
++ type ntp_server_packet_t;
++ ')
++
++ allow $1 ntp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ allow $1 ocsp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ allow $1 ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ocsp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ dontaudit $1 ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ allow $1 ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ocsp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ dontaudit $1 ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ocsp_port',`
++ corenet_udp_send_ocsp_port($1)
++ corenet_udp_receive_ocsp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ocsp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ocsp_port',`
++ corenet_dontaudit_udp_send_ocsp_port($1)
++ corenet_dontaudit_udp_receive_ocsp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ allow $1 ocsp_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ allow $1 ocsp_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ocsp_port',`
++ gen_require(`
++ type ocsp_port_t;
++ ')
++
++ allow $1 ocsp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ocsp_client_packets',`
++ gen_require(`
++ type ocsp_client_packet_t;
++ ')
++
++ allow $1 ocsp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ocsp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ocsp_client_packets',`
++ gen_require(`
++ type ocsp_client_packet_t;
++ ')
++
++ dontaudit $1 ocsp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ocsp_client_packets',`
++ gen_require(`
++ type ocsp_client_packet_t;
++ ')
++
++ allow $1 ocsp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ocsp_client_packets',`
++ gen_require(`
++ type ocsp_client_packet_t;
++ ')
++
++ dontaudit $1 ocsp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ocsp_client_packets',`
++ corenet_send_ocsp_client_packets($1)
++ corenet_receive_ocsp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ocsp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ocsp_client_packets',`
++ corenet_dontaudit_send_ocsp_client_packets($1)
++ corenet_dontaudit_receive_ocsp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ocsp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ocsp_client_packets',`
++ gen_require(`
++ type ocsp_client_packet_t;
++ ')
++
++ allow $1 ocsp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ocsp_server_packets',`
++ gen_require(`
++ type ocsp_server_packet_t;
++ ')
++
++ allow $1 ocsp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ocsp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ocsp_server_packets',`
++ gen_require(`
++ type ocsp_server_packet_t;
++ ')
++
++ dontaudit $1 ocsp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ocsp_server_packets',`
++ gen_require(`
++ type ocsp_server_packet_t;
++ ')
++
++ allow $1 ocsp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ocsp_server_packets',`
++ gen_require(`
++ type ocsp_server_packet_t;
++ ')
++
++ dontaudit $1 ocsp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ocsp_server_packets',`
++ corenet_send_ocsp_server_packets($1)
++ corenet_receive_ocsp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ocsp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ocsp_server_packets',`
++ corenet_dontaudit_send_ocsp_server_packets($1)
++ corenet_dontaudit_receive_ocsp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ocsp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ocsp_server_packets',`
++ gen_require(`
++ type ocsp_server_packet_t;
++ ')
++
++ allow $1 ocsp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the openvpn port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ allow $1 openvpn_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the openvpn port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ allow $1 openvpn_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the openvpn port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ dontaudit $1 openvpn_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the openvpn port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ allow $1 openvpn_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the openvpn port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ dontaudit $1 openvpn_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the openvpn port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_openvpn_port',`
++ corenet_udp_send_openvpn_port($1)
++ corenet_udp_receive_openvpn_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the openvpn port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_openvpn_port',`
++ corenet_dontaudit_udp_send_openvpn_port($1)
++ corenet_dontaudit_udp_receive_openvpn_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the openvpn port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ allow $1 openvpn_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the openvpn port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ allow $1 openvpn_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the openvpn port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_openvpn_port',`
++ gen_require(`
++ type openvpn_port_t;
++ ')
++
++ allow $1 openvpn_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send openvpn_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_openvpn_client_packets',`
++ gen_require(`
++ type openvpn_client_packet_t;
++ ')
++
++ allow $1 openvpn_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send openvpn_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_openvpn_client_packets',`
++ gen_require(`
++ type openvpn_client_packet_t;
++ ')
++
++ dontaudit $1 openvpn_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive openvpn_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_openvpn_client_packets',`
++ gen_require(`
++ type openvpn_client_packet_t;
++ ')
++
++ allow $1 openvpn_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive openvpn_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_openvpn_client_packets',`
++ gen_require(`
++ type openvpn_client_packet_t;
++ ')
++
++ dontaudit $1 openvpn_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive openvpn_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_openvpn_client_packets',`
++ corenet_send_openvpn_client_packets($1)
++ corenet_receive_openvpn_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive openvpn_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_openvpn_client_packets',`
++ corenet_dontaudit_send_openvpn_client_packets($1)
++ corenet_dontaudit_receive_openvpn_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to openvpn_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_openvpn_client_packets',`
++ gen_require(`
++ type openvpn_client_packet_t;
++ ')
++
++ allow $1 openvpn_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send openvpn_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_openvpn_server_packets',`
++ gen_require(`
++ type openvpn_server_packet_t;
++ ')
++
++ allow $1 openvpn_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send openvpn_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_openvpn_server_packets',`
++ gen_require(`
++ type openvpn_server_packet_t;
++ ')
++
++ dontaudit $1 openvpn_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive openvpn_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_openvpn_server_packets',`
++ gen_require(`
++ type openvpn_server_packet_t;
++ ')
++
++ allow $1 openvpn_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive openvpn_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_openvpn_server_packets',`
++ gen_require(`
++ type openvpn_server_packet_t;
++ ')
++
++ dontaudit $1 openvpn_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive openvpn_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_openvpn_server_packets',`
++ corenet_send_openvpn_server_packets($1)
++ corenet_receive_openvpn_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive openvpn_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_openvpn_server_packets',`
++ corenet_dontaudit_send_openvpn_server_packets($1)
++ corenet_dontaudit_receive_openvpn_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to openvpn_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_openvpn_server_packets',`
++ gen_require(`
++ type openvpn_server_packet_t;
++ ')
++
++ allow $1 openvpn_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pegasus_http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ allow $1 pegasus_http_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pegasus_http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ allow $1 pegasus_http_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pegasus_http port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ dontaudit $1 pegasus_http_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pegasus_http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ allow $1 pegasus_http_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pegasus_http port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ dontaudit $1 pegasus_http_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pegasus_http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pegasus_http_port',`
++ corenet_udp_send_pegasus_http_port($1)
++ corenet_udp_receive_pegasus_http_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pegasus_http port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pegasus_http_port',`
++ corenet_dontaudit_udp_send_pegasus_http_port($1)
++ corenet_dontaudit_udp_receive_pegasus_http_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pegasus_http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ allow $1 pegasus_http_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pegasus_http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ allow $1 pegasus_http_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pegasus_http port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pegasus_http_port',`
++ gen_require(`
++ type pegasus_http_port_t;
++ ')
++
++ allow $1 pegasus_http_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pegasus_http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pegasus_http_client_packets',`
++ gen_require(`
++ type pegasus_http_client_packet_t;
++ ')
++
++ allow $1 pegasus_http_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pegasus_http_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pegasus_http_client_packets',`
++ gen_require(`
++ type pegasus_http_client_packet_t;
++ ')
++
++ dontaudit $1 pegasus_http_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pegasus_http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pegasus_http_client_packets',`
++ gen_require(`
++ type pegasus_http_client_packet_t;
++ ')
++
++ allow $1 pegasus_http_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pegasus_http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pegasus_http_client_packets',`
++ gen_require(`
++ type pegasus_http_client_packet_t;
++ ')
++
++ dontaudit $1 pegasus_http_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pegasus_http_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pegasus_http_client_packets',`
++ corenet_send_pegasus_http_client_packets($1)
++ corenet_receive_pegasus_http_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pegasus_http_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_http_client_packets',`
++ corenet_dontaudit_send_pegasus_http_client_packets($1)
++ corenet_dontaudit_receive_pegasus_http_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pegasus_http_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pegasus_http_client_packets',`
++ gen_require(`
++ type pegasus_http_client_packet_t;
++ ')
++
++ allow $1 pegasus_http_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pegasus_http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pegasus_http_server_packets',`
++ gen_require(`
++ type pegasus_http_server_packet_t;
++ ')
++
++ allow $1 pegasus_http_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pegasus_http_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pegasus_http_server_packets',`
++ gen_require(`
++ type pegasus_http_server_packet_t;
++ ')
++
++ dontaudit $1 pegasus_http_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pegasus_http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pegasus_http_server_packets',`
++ gen_require(`
++ type pegasus_http_server_packet_t;
++ ')
++
++ allow $1 pegasus_http_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pegasus_http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pegasus_http_server_packets',`
++ gen_require(`
++ type pegasus_http_server_packet_t;
++ ')
++
++ dontaudit $1 pegasus_http_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pegasus_http_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pegasus_http_server_packets',`
++ corenet_send_pegasus_http_server_packets($1)
++ corenet_receive_pegasus_http_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pegasus_http_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_http_server_packets',`
++ corenet_dontaudit_send_pegasus_http_server_packets($1)
++ corenet_dontaudit_receive_pegasus_http_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pegasus_http_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pegasus_http_server_packets',`
++ gen_require(`
++ type pegasus_http_server_packet_t;
++ ')
++
++ allow $1 pegasus_http_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pegasus_https port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ allow $1 pegasus_https_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pegasus_https port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ allow $1 pegasus_https_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pegasus_https port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ dontaudit $1 pegasus_https_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pegasus_https port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ allow $1 pegasus_https_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pegasus_https port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ dontaudit $1 pegasus_https_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pegasus_https port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pegasus_https_port',`
++ corenet_udp_send_pegasus_https_port($1)
++ corenet_udp_receive_pegasus_https_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pegasus_https port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pegasus_https_port',`
++ corenet_dontaudit_udp_send_pegasus_https_port($1)
++ corenet_dontaudit_udp_receive_pegasus_https_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pegasus_https port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ allow $1 pegasus_https_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pegasus_https port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ allow $1 pegasus_https_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pegasus_https port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pegasus_https_port',`
++ gen_require(`
++ type pegasus_https_port_t;
++ ')
++
++ allow $1 pegasus_https_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pegasus_https_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pegasus_https_client_packets',`
++ gen_require(`
++ type pegasus_https_client_packet_t;
++ ')
++
++ allow $1 pegasus_https_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pegasus_https_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pegasus_https_client_packets',`
++ gen_require(`
++ type pegasus_https_client_packet_t;
++ ')
++
++ dontaudit $1 pegasus_https_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pegasus_https_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pegasus_https_client_packets',`
++ gen_require(`
++ type pegasus_https_client_packet_t;
++ ')
++
++ allow $1 pegasus_https_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pegasus_https_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pegasus_https_client_packets',`
++ gen_require(`
++ type pegasus_https_client_packet_t;
++ ')
++
++ dontaudit $1 pegasus_https_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pegasus_https_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pegasus_https_client_packets',`
++ corenet_send_pegasus_https_client_packets($1)
++ corenet_receive_pegasus_https_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pegasus_https_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_https_client_packets',`
++ corenet_dontaudit_send_pegasus_https_client_packets($1)
++ corenet_dontaudit_receive_pegasus_https_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pegasus_https_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pegasus_https_client_packets',`
++ gen_require(`
++ type pegasus_https_client_packet_t;
++ ')
++
++ allow $1 pegasus_https_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pegasus_https_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pegasus_https_server_packets',`
++ gen_require(`
++ type pegasus_https_server_packet_t;
++ ')
++
++ allow $1 pegasus_https_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pegasus_https_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pegasus_https_server_packets',`
++ gen_require(`
++ type pegasus_https_server_packet_t;
++ ')
++
++ dontaudit $1 pegasus_https_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pegasus_https_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pegasus_https_server_packets',`
++ gen_require(`
++ type pegasus_https_server_packet_t;
++ ')
++
++ allow $1 pegasus_https_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pegasus_https_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pegasus_https_server_packets',`
++ gen_require(`
++ type pegasus_https_server_packet_t;
++ ')
++
++ dontaudit $1 pegasus_https_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pegasus_https_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pegasus_https_server_packets',`
++ corenet_send_pegasus_https_server_packets($1)
++ corenet_receive_pegasus_https_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pegasus_https_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pegasus_https_server_packets',`
++ corenet_dontaudit_send_pegasus_https_server_packets($1)
++ corenet_dontaudit_receive_pegasus_https_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pegasus_https_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pegasus_https_server_packets',`
++ gen_require(`
++ type pegasus_https_server_packet_t;
++ ')
++
++ allow $1 pegasus_https_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pki_ca port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ allow $1 pki_ca_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pki_ca port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ allow $1 pki_ca_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pki_ca port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ dontaudit $1 pki_ca_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pki_ca port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ allow $1 pki_ca_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pki_ca port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ dontaudit $1 pki_ca_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pki_ca port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pki_ca_port',`
++ corenet_udp_send_pki_ca_port($1)
++ corenet_udp_receive_pki_ca_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pki_ca port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_ca_port',`
++ corenet_dontaudit_udp_send_pki_ca_port($1)
++ corenet_dontaudit_udp_receive_pki_ca_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pki_ca port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ allow $1 pki_ca_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pki_ca port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ allow $1 pki_ca_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pki_ca port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pki_ca_port',`
++ gen_require(`
++ type pki_ca_port_t;
++ ')
++
++ allow $1 pki_ca_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pki_ca_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_ca_client_packets',`
++ gen_require(`
++ type pki_ca_client_packet_t;
++ ')
++
++ allow $1 pki_ca_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_ca_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_ca_client_packets',`
++ gen_require(`
++ type pki_ca_client_packet_t;
++ ')
++
++ dontaudit $1 pki_ca_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_ca_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_ca_client_packets',`
++ gen_require(`
++ type pki_ca_client_packet_t;
++ ')
++
++ allow $1 pki_ca_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_ca_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_ca_client_packets',`
++ gen_require(`
++ type pki_ca_client_packet_t;
++ ')
++
++ dontaudit $1 pki_ca_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_ca_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_ca_client_packets',`
++ corenet_send_pki_ca_client_packets($1)
++ corenet_receive_pki_ca_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_ca_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_ca_client_packets',`
++ corenet_dontaudit_send_pki_ca_client_packets($1)
++ corenet_dontaudit_receive_pki_ca_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_ca_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_ca_client_packets',`
++ gen_require(`
++ type pki_ca_client_packet_t;
++ ')
++
++ allow $1 pki_ca_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pki_ca_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_ca_server_packets',`
++ gen_require(`
++ type pki_ca_server_packet_t;
++ ')
++
++ allow $1 pki_ca_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_ca_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_ca_server_packets',`
++ gen_require(`
++ type pki_ca_server_packet_t;
++ ')
++
++ dontaudit $1 pki_ca_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_ca_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_ca_server_packets',`
++ gen_require(`
++ type pki_ca_server_packet_t;
++ ')
++
++ allow $1 pki_ca_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_ca_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_ca_server_packets',`
++ gen_require(`
++ type pki_ca_server_packet_t;
++ ')
++
++ dontaudit $1 pki_ca_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_ca_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_ca_server_packets',`
++ corenet_send_pki_ca_server_packets($1)
++ corenet_receive_pki_ca_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_ca_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_ca_server_packets',`
++ corenet_dontaudit_send_pki_ca_server_packets($1)
++ corenet_dontaudit_receive_pki_ca_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_ca_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_ca_server_packets',`
++ gen_require(`
++ type pki_ca_server_packet_t;
++ ')
++
++ allow $1 pki_ca_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pki_kra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ allow $1 pki_kra_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pki_kra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ allow $1 pki_kra_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pki_kra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ dontaudit $1 pki_kra_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pki_kra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ allow $1 pki_kra_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pki_kra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ dontaudit $1 pki_kra_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pki_kra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pki_kra_port',`
++ corenet_udp_send_pki_kra_port($1)
++ corenet_udp_receive_pki_kra_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pki_kra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_kra_port',`
++ corenet_dontaudit_udp_send_pki_kra_port($1)
++ corenet_dontaudit_udp_receive_pki_kra_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pki_kra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ allow $1 pki_kra_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pki_kra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ allow $1 pki_kra_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pki_kra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pki_kra_port',`
++ gen_require(`
++ type pki_kra_port_t;
++ ')
++
++ allow $1 pki_kra_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pki_kra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_kra_client_packets',`
++ gen_require(`
++ type pki_kra_client_packet_t;
++ ')
++
++ allow $1 pki_kra_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_kra_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_kra_client_packets',`
++ gen_require(`
++ type pki_kra_client_packet_t;
++ ')
++
++ dontaudit $1 pki_kra_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_kra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_kra_client_packets',`
++ gen_require(`
++ type pki_kra_client_packet_t;
++ ')
++
++ allow $1 pki_kra_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_kra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_kra_client_packets',`
++ gen_require(`
++ type pki_kra_client_packet_t;
++ ')
++
++ dontaudit $1 pki_kra_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_kra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_kra_client_packets',`
++ corenet_send_pki_kra_client_packets($1)
++ corenet_receive_pki_kra_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_kra_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_kra_client_packets',`
++ corenet_dontaudit_send_pki_kra_client_packets($1)
++ corenet_dontaudit_receive_pki_kra_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_kra_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_kra_client_packets',`
++ gen_require(`
++ type pki_kra_client_packet_t;
++ ')
++
++ allow $1 pki_kra_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pki_kra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_kra_server_packets',`
++ gen_require(`
++ type pki_kra_server_packet_t;
++ ')
++
++ allow $1 pki_kra_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_kra_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_kra_server_packets',`
++ gen_require(`
++ type pki_kra_server_packet_t;
++ ')
++
++ dontaudit $1 pki_kra_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_kra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_kra_server_packets',`
++ gen_require(`
++ type pki_kra_server_packet_t;
++ ')
++
++ allow $1 pki_kra_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_kra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_kra_server_packets',`
++ gen_require(`
++ type pki_kra_server_packet_t;
++ ')
++
++ dontaudit $1 pki_kra_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_kra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_kra_server_packets',`
++ corenet_send_pki_kra_server_packets($1)
++ corenet_receive_pki_kra_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_kra_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_kra_server_packets',`
++ corenet_dontaudit_send_pki_kra_server_packets($1)
++ corenet_dontaudit_receive_pki_kra_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_kra_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_kra_server_packets',`
++ gen_require(`
++ type pki_kra_server_packet_t;
++ ')
++
++ allow $1 pki_kra_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pki_ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ allow $1 pki_ocsp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pki_ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ allow $1 pki_ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pki_ocsp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ dontaudit $1 pki_ocsp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pki_ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ allow $1 pki_ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pki_ocsp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ dontaudit $1 pki_ocsp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pki_ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pki_ocsp_port',`
++ corenet_udp_send_pki_ocsp_port($1)
++ corenet_udp_receive_pki_ocsp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pki_ocsp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_ocsp_port',`
++ corenet_dontaudit_udp_send_pki_ocsp_port($1)
++ corenet_dontaudit_udp_receive_pki_ocsp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pki_ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ allow $1 pki_ocsp_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pki_ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ allow $1 pki_ocsp_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pki_ocsp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pki_ocsp_port',`
++ gen_require(`
++ type pki_ocsp_port_t;
++ ')
++
++ allow $1 pki_ocsp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pki_ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_ocsp_client_packets',`
++ gen_require(`
++ type pki_ocsp_client_packet_t;
++ ')
++
++ allow $1 pki_ocsp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_ocsp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_ocsp_client_packets',`
++ gen_require(`
++ type pki_ocsp_client_packet_t;
++ ')
++
++ dontaudit $1 pki_ocsp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_ocsp_client_packets',`
++ gen_require(`
++ type pki_ocsp_client_packet_t;
++ ')
++
++ allow $1 pki_ocsp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_ocsp_client_packets',`
++ gen_require(`
++ type pki_ocsp_client_packet_t;
++ ')
++
++ dontaudit $1 pki_ocsp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_ocsp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_ocsp_client_packets',`
++ corenet_send_pki_ocsp_client_packets($1)
++ corenet_receive_pki_ocsp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_ocsp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_ocsp_client_packets',`
++ corenet_dontaudit_send_pki_ocsp_client_packets($1)
++ corenet_dontaudit_receive_pki_ocsp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_ocsp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_ocsp_client_packets',`
++ gen_require(`
++ type pki_ocsp_client_packet_t;
++ ')
++
++ allow $1 pki_ocsp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pki_ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_ocsp_server_packets',`
++ gen_require(`
++ type pki_ocsp_server_packet_t;
++ ')
++
++ allow $1 pki_ocsp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_ocsp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_ocsp_server_packets',`
++ gen_require(`
++ type pki_ocsp_server_packet_t;
++ ')
++
++ dontaudit $1 pki_ocsp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_ocsp_server_packets',`
++ gen_require(`
++ type pki_ocsp_server_packet_t;
++ ')
++
++ allow $1 pki_ocsp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_ocsp_server_packets',`
++ gen_require(`
++ type pki_ocsp_server_packet_t;
++ ')
++
++ dontaudit $1 pki_ocsp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_ocsp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_ocsp_server_packets',`
++ corenet_send_pki_ocsp_server_packets($1)
++ corenet_receive_pki_ocsp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_ocsp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_ocsp_server_packets',`
++ corenet_dontaudit_send_pki_ocsp_server_packets($1)
++ corenet_dontaudit_receive_pki_ocsp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_ocsp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_ocsp_server_packets',`
++ gen_require(`
++ type pki_ocsp_server_packet_t;
++ ')
++
++ allow $1 pki_ocsp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pki_tks port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ allow $1 pki_tks_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pki_tks port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ allow $1 pki_tks_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pki_tks port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ dontaudit $1 pki_tks_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pki_tks port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ allow $1 pki_tks_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pki_tks port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ dontaudit $1 pki_tks_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pki_tks port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pki_tks_port',`
++ corenet_udp_send_pki_tks_port($1)
++ corenet_udp_receive_pki_tks_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pki_tks port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_tks_port',`
++ corenet_dontaudit_udp_send_pki_tks_port($1)
++ corenet_dontaudit_udp_receive_pki_tks_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pki_tks port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ allow $1 pki_tks_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pki_tks port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ allow $1 pki_tks_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pki_tks port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pki_tks_port',`
++ gen_require(`
++ type pki_tks_port_t;
++ ')
++
++ allow $1 pki_tks_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pki_tks_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_tks_client_packets',`
++ gen_require(`
++ type pki_tks_client_packet_t;
++ ')
++
++ allow $1 pki_tks_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_tks_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_tks_client_packets',`
++ gen_require(`
++ type pki_tks_client_packet_t;
++ ')
++
++ dontaudit $1 pki_tks_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_tks_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_tks_client_packets',`
++ gen_require(`
++ type pki_tks_client_packet_t;
++ ')
++
++ allow $1 pki_tks_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_tks_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_tks_client_packets',`
++ gen_require(`
++ type pki_tks_client_packet_t;
++ ')
++
++ dontaudit $1 pki_tks_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_tks_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_tks_client_packets',`
++ corenet_send_pki_tks_client_packets($1)
++ corenet_receive_pki_tks_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_tks_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_tks_client_packets',`
++ corenet_dontaudit_send_pki_tks_client_packets($1)
++ corenet_dontaudit_receive_pki_tks_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_tks_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_tks_client_packets',`
++ gen_require(`
++ type pki_tks_client_packet_t;
++ ')
++
++ allow $1 pki_tks_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pki_tks_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_tks_server_packets',`
++ gen_require(`
++ type pki_tks_server_packet_t;
++ ')
++
++ allow $1 pki_tks_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_tks_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_tks_server_packets',`
++ gen_require(`
++ type pki_tks_server_packet_t;
++ ')
++
++ dontaudit $1 pki_tks_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_tks_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_tks_server_packets',`
++ gen_require(`
++ type pki_tks_server_packet_t;
++ ')
++
++ allow $1 pki_tks_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_tks_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_tks_server_packets',`
++ gen_require(`
++ type pki_tks_server_packet_t;
++ ')
++
++ dontaudit $1 pki_tks_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_tks_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_tks_server_packets',`
++ corenet_send_pki_tks_server_packets($1)
++ corenet_receive_pki_tks_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_tks_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_tks_server_packets',`
++ corenet_dontaudit_send_pki_tks_server_packets($1)
++ corenet_dontaudit_receive_pki_tks_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_tks_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_tks_server_packets',`
++ gen_require(`
++ type pki_tks_server_packet_t;
++ ')
++
++ allow $1 pki_tks_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pki_ra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ allow $1 pki_ra_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pki_ra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ allow $1 pki_ra_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pki_ra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ dontaudit $1 pki_ra_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pki_ra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ allow $1 pki_ra_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pki_ra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ dontaudit $1 pki_ra_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pki_ra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pki_ra_port',`
++ corenet_udp_send_pki_ra_port($1)
++ corenet_udp_receive_pki_ra_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pki_ra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_ra_port',`
++ corenet_dontaudit_udp_send_pki_ra_port($1)
++ corenet_dontaudit_udp_receive_pki_ra_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pki_ra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ allow $1 pki_ra_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pki_ra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ allow $1 pki_ra_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pki_ra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pki_ra_port',`
++ gen_require(`
++ type pki_ra_port_t;
++ ')
++
++ allow $1 pki_ra_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pki_ra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_ra_client_packets',`
++ gen_require(`
++ type pki_ra_client_packet_t;
++ ')
++
++ allow $1 pki_ra_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_ra_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_ra_client_packets',`
++ gen_require(`
++ type pki_ra_client_packet_t;
++ ')
++
++ dontaudit $1 pki_ra_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_ra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_ra_client_packets',`
++ gen_require(`
++ type pki_ra_client_packet_t;
++ ')
++
++ allow $1 pki_ra_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_ra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_ra_client_packets',`
++ gen_require(`
++ type pki_ra_client_packet_t;
++ ')
++
++ dontaudit $1 pki_ra_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_ra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_ra_client_packets',`
++ corenet_send_pki_ra_client_packets($1)
++ corenet_receive_pki_ra_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_ra_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_ra_client_packets',`
++ corenet_dontaudit_send_pki_ra_client_packets($1)
++ corenet_dontaudit_receive_pki_ra_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_ra_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_ra_client_packets',`
++ gen_require(`
++ type pki_ra_client_packet_t;
++ ')
++
++ allow $1 pki_ra_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pki_ra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_ra_server_packets',`
++ gen_require(`
++ type pki_ra_server_packet_t;
++ ')
++
++ allow $1 pki_ra_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_ra_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_ra_server_packets',`
++ gen_require(`
++ type pki_ra_server_packet_t;
++ ')
++
++ dontaudit $1 pki_ra_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_ra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_ra_server_packets',`
++ gen_require(`
++ type pki_ra_server_packet_t;
++ ')
++
++ allow $1 pki_ra_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_ra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_ra_server_packets',`
++ gen_require(`
++ type pki_ra_server_packet_t;
++ ')
++
++ dontaudit $1 pki_ra_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_ra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_ra_server_packets',`
++ corenet_send_pki_ra_server_packets($1)
++ corenet_receive_pki_ra_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_ra_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_ra_server_packets',`
++ corenet_dontaudit_send_pki_ra_server_packets($1)
++ corenet_dontaudit_receive_pki_ra_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_ra_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_ra_server_packets',`
++ gen_require(`
++ type pki_ra_server_packet_t;
++ ')
++
++ allow $1 pki_ra_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pki_tps port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ allow $1 pki_tps_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pki_tps port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ allow $1 pki_tps_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pki_tps port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ dontaudit $1 pki_tps_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pki_tps port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ allow $1 pki_tps_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pki_tps port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ dontaudit $1 pki_tps_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pki_tps port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pki_tps_port',`
++ corenet_udp_send_pki_tps_port($1)
++ corenet_udp_receive_pki_tps_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pki_tps port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pki_tps_port',`
++ corenet_dontaudit_udp_send_pki_tps_port($1)
++ corenet_dontaudit_udp_receive_pki_tps_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pki_tps port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ allow $1 pki_tps_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pki_tps port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ allow $1 pki_tps_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pki_tps port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pki_tps_port',`
++ gen_require(`
++ type pki_tps_port_t;
++ ')
++
++ allow $1 pki_tps_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pki_tps_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_tps_client_packets',`
++ gen_require(`
++ type pki_tps_client_packet_t;
++ ')
++
++ allow $1 pki_tps_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_tps_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_tps_client_packets',`
++ gen_require(`
++ type pki_tps_client_packet_t;
++ ')
++
++ dontaudit $1 pki_tps_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_tps_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_tps_client_packets',`
++ gen_require(`
++ type pki_tps_client_packet_t;
++ ')
++
++ allow $1 pki_tps_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_tps_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_tps_client_packets',`
++ gen_require(`
++ type pki_tps_client_packet_t;
++ ')
++
++ dontaudit $1 pki_tps_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_tps_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_tps_client_packets',`
++ corenet_send_pki_tps_client_packets($1)
++ corenet_receive_pki_tps_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_tps_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_tps_client_packets',`
++ corenet_dontaudit_send_pki_tps_client_packets($1)
++ corenet_dontaudit_receive_pki_tps_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_tps_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_tps_client_packets',`
++ gen_require(`
++ type pki_tps_client_packet_t;
++ ')
++
++ allow $1 pki_tps_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pki_tps_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pki_tps_server_packets',`
++ gen_require(`
++ type pki_tps_server_packet_t;
++ ')
++
++ allow $1 pki_tps_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pki_tps_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pki_tps_server_packets',`
++ gen_require(`
++ type pki_tps_server_packet_t;
++ ')
++
++ dontaudit $1 pki_tps_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pki_tps_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pki_tps_server_packets',`
++ gen_require(`
++ type pki_tps_server_packet_t;
++ ')
++
++ allow $1 pki_tps_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pki_tps_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pki_tps_server_packets',`
++ gen_require(`
++ type pki_tps_server_packet_t;
++ ')
++
++ dontaudit $1 pki_tps_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pki_tps_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pki_tps_server_packets',`
++ corenet_send_pki_tps_server_packets($1)
++ corenet_receive_pki_tps_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pki_tps_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pki_tps_server_packets',`
++ corenet_dontaudit_send_pki_tps_server_packets($1)
++ corenet_dontaudit_receive_pki_tps_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pki_tps_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pki_tps_server_packets',`
++ gen_require(`
++ type pki_tps_server_packet_t;
++ ')
++
++ allow $1 pki_tps_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the postfix_policyd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ allow $1 postfix_policyd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the postfix_policyd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ allow $1 postfix_policyd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the postfix_policyd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ dontaudit $1 postfix_policyd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the postfix_policyd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ allow $1 postfix_policyd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the postfix_policyd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ dontaudit $1 postfix_policyd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the postfix_policyd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_postfix_policyd_port',`
++ corenet_udp_send_postfix_policyd_port($1)
++ corenet_udp_receive_postfix_policyd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the postfix_policyd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_postfix_policyd_port',`
++ corenet_dontaudit_udp_send_postfix_policyd_port($1)
++ corenet_dontaudit_udp_receive_postfix_policyd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the postfix_policyd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ allow $1 postfix_policyd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the postfix_policyd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ allow $1 postfix_policyd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the postfix_policyd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_postfix_policyd_port',`
++ gen_require(`
++ type postfix_policyd_port_t;
++ ')
++
++ allow $1 postfix_policyd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send postfix_policyd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_postfix_policyd_client_packets',`
++ gen_require(`
++ type postfix_policyd_client_packet_t;
++ ')
++
++ allow $1 postfix_policyd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send postfix_policyd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_postfix_policyd_client_packets',`
++ gen_require(`
++ type postfix_policyd_client_packet_t;
++ ')
++
++ dontaudit $1 postfix_policyd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive postfix_policyd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_postfix_policyd_client_packets',`
++ gen_require(`
++ type postfix_policyd_client_packet_t;
++ ')
++
++ allow $1 postfix_policyd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive postfix_policyd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_postfix_policyd_client_packets',`
++ gen_require(`
++ type postfix_policyd_client_packet_t;
++ ')
++
++ dontaudit $1 postfix_policyd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive postfix_policyd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_postfix_policyd_client_packets',`
++ corenet_send_postfix_policyd_client_packets($1)
++ corenet_receive_postfix_policyd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive postfix_policyd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_postfix_policyd_client_packets',`
++ corenet_dontaudit_send_postfix_policyd_client_packets($1)
++ corenet_dontaudit_receive_postfix_policyd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to postfix_policyd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_postfix_policyd_client_packets',`
++ gen_require(`
++ type postfix_policyd_client_packet_t;
++ ')
++
++ allow $1 postfix_policyd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send postfix_policyd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_postfix_policyd_server_packets',`
++ gen_require(`
++ type postfix_policyd_server_packet_t;
++ ')
++
++ allow $1 postfix_policyd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send postfix_policyd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_postfix_policyd_server_packets',`
++ gen_require(`
++ type postfix_policyd_server_packet_t;
++ ')
++
++ dontaudit $1 postfix_policyd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive postfix_policyd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_postfix_policyd_server_packets',`
++ gen_require(`
++ type postfix_policyd_server_packet_t;
++ ')
++
++ allow $1 postfix_policyd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive postfix_policyd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_postfix_policyd_server_packets',`
++ gen_require(`
++ type postfix_policyd_server_packet_t;
++ ')
++
++ dontaudit $1 postfix_policyd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive postfix_policyd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_postfix_policyd_server_packets',`
++ corenet_send_postfix_policyd_server_packets($1)
++ corenet_receive_postfix_policyd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive postfix_policyd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_postfix_policyd_server_packets',`
++ corenet_dontaudit_send_postfix_policyd_server_packets($1)
++ corenet_dontaudit_receive_postfix_policyd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to postfix_policyd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_postfix_policyd_server_packets',`
++ gen_require(`
++ type postfix_policyd_server_packet_t;
++ ')
++
++ allow $1 postfix_policyd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pulseaudio port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ allow $1 pulseaudio_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pulseaudio port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ allow $1 pulseaudio_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pulseaudio port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ dontaudit $1 pulseaudio_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pulseaudio port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ allow $1 pulseaudio_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pulseaudio port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ dontaudit $1 pulseaudio_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pulseaudio port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pulseaudio_port',`
++ corenet_udp_send_pulseaudio_port($1)
++ corenet_udp_receive_pulseaudio_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pulseaudio port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pulseaudio_port',`
++ corenet_dontaudit_udp_send_pulseaudio_port($1)
++ corenet_dontaudit_udp_receive_pulseaudio_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pulseaudio port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ allow $1 pulseaudio_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pulseaudio port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ allow $1 pulseaudio_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pulseaudio port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pulseaudio_port',`
++ gen_require(`
++ type pulseaudio_port_t;
++ ')
++
++ allow $1 pulseaudio_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pulseaudio_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pulseaudio_client_packets',`
++ gen_require(`
++ type pulseaudio_client_packet_t;
++ ')
++
++ allow $1 pulseaudio_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pulseaudio_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pulseaudio_client_packets',`
++ gen_require(`
++ type pulseaudio_client_packet_t;
++ ')
++
++ dontaudit $1 pulseaudio_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pulseaudio_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pulseaudio_client_packets',`
++ gen_require(`
++ type pulseaudio_client_packet_t;
++ ')
++
++ allow $1 pulseaudio_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pulseaudio_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pulseaudio_client_packets',`
++ gen_require(`
++ type pulseaudio_client_packet_t;
++ ')
++
++ dontaudit $1 pulseaudio_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pulseaudio_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pulseaudio_client_packets',`
++ corenet_send_pulseaudio_client_packets($1)
++ corenet_receive_pulseaudio_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pulseaudio_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pulseaudio_client_packets',`
++ corenet_dontaudit_send_pulseaudio_client_packets($1)
++ corenet_dontaudit_receive_pulseaudio_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pulseaudio_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pulseaudio_client_packets',`
++ gen_require(`
++ type pulseaudio_client_packet_t;
++ ')
++
++ allow $1 pulseaudio_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pulseaudio_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pulseaudio_server_packets',`
++ gen_require(`
++ type pulseaudio_server_packet_t;
++ ')
++
++ allow $1 pulseaudio_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pulseaudio_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pulseaudio_server_packets',`
++ gen_require(`
++ type pulseaudio_server_packet_t;
++ ')
++
++ dontaudit $1 pulseaudio_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pulseaudio_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pulseaudio_server_packets',`
++ gen_require(`
++ type pulseaudio_server_packet_t;
++ ')
++
++ allow $1 pulseaudio_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pulseaudio_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pulseaudio_server_packets',`
++ gen_require(`
++ type pulseaudio_server_packet_t;
++ ')
++
++ dontaudit $1 pulseaudio_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pulseaudio_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pulseaudio_server_packets',`
++ corenet_send_pulseaudio_server_packets($1)
++ corenet_receive_pulseaudio_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pulseaudio_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pulseaudio_server_packets',`
++ corenet_dontaudit_send_pulseaudio_server_packets($1)
++ corenet_dontaudit_receive_pulseaudio_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pulseaudio_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pulseaudio_server_packets',`
++ gen_require(`
++ type pulseaudio_server_packet_t;
++ ')
++
++ allow $1 pulseaudio_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pgpkeyserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ allow $1 pgpkeyserver_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pgpkeyserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ allow $1 pgpkeyserver_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pgpkeyserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ dontaudit $1 pgpkeyserver_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pgpkeyserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ allow $1 pgpkeyserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pgpkeyserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ dontaudit $1 pgpkeyserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pgpkeyserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pgpkeyserver_port',`
++ corenet_udp_send_pgpkeyserver_port($1)
++ corenet_udp_receive_pgpkeyserver_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pgpkeyserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pgpkeyserver_port',`
++ corenet_dontaudit_udp_send_pgpkeyserver_port($1)
++ corenet_dontaudit_udp_receive_pgpkeyserver_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pgpkeyserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ allow $1 pgpkeyserver_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pgpkeyserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ allow $1 pgpkeyserver_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pgpkeyserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pgpkeyserver_port',`
++ gen_require(`
++ type pgpkeyserver_port_t;
++ ')
++
++ allow $1 pgpkeyserver_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pgpkeyserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pgpkeyserver_client_packets',`
++ gen_require(`
++ type pgpkeyserver_client_packet_t;
++ ')
++
++ allow $1 pgpkeyserver_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pgpkeyserver_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pgpkeyserver_client_packets',`
++ gen_require(`
++ type pgpkeyserver_client_packet_t;
++ ')
++
++ dontaudit $1 pgpkeyserver_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pgpkeyserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pgpkeyserver_client_packets',`
++ gen_require(`
++ type pgpkeyserver_client_packet_t;
++ ')
++
++ allow $1 pgpkeyserver_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pgpkeyserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pgpkeyserver_client_packets',`
++ gen_require(`
++ type pgpkeyserver_client_packet_t;
++ ')
++
++ dontaudit $1 pgpkeyserver_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pgpkeyserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pgpkeyserver_client_packets',`
++ corenet_send_pgpkeyserver_client_packets($1)
++ corenet_receive_pgpkeyserver_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pgpkeyserver_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pgpkeyserver_client_packets',`
++ corenet_dontaudit_send_pgpkeyserver_client_packets($1)
++ corenet_dontaudit_receive_pgpkeyserver_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pgpkeyserver_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pgpkeyserver_client_packets',`
++ gen_require(`
++ type pgpkeyserver_client_packet_t;
++ ')
++
++ allow $1 pgpkeyserver_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pgpkeyserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pgpkeyserver_server_packets',`
++ gen_require(`
++ type pgpkeyserver_server_packet_t;
++ ')
++
++ allow $1 pgpkeyserver_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pgpkeyserver_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pgpkeyserver_server_packets',`
++ gen_require(`
++ type pgpkeyserver_server_packet_t;
++ ')
++
++ dontaudit $1 pgpkeyserver_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pgpkeyserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pgpkeyserver_server_packets',`
++ gen_require(`
++ type pgpkeyserver_server_packet_t;
++ ')
++
++ allow $1 pgpkeyserver_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pgpkeyserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pgpkeyserver_server_packets',`
++ gen_require(`
++ type pgpkeyserver_server_packet_t;
++ ')
++
++ dontaudit $1 pgpkeyserver_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pgpkeyserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pgpkeyserver_server_packets',`
++ corenet_send_pgpkeyserver_server_packets($1)
++ corenet_receive_pgpkeyserver_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pgpkeyserver_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pgpkeyserver_server_packets',`
++ corenet_dontaudit_send_pgpkeyserver_server_packets($1)
++ corenet_dontaudit_receive_pgpkeyserver_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pgpkeyserver_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pgpkeyserver_server_packets',`
++ gen_require(`
++ type pgpkeyserver_server_packet_t;
++ ')
++
++ allow $1 pgpkeyserver_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ allow $1 pop_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ allow $1 pop_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pop port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ dontaudit $1 pop_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ allow $1 pop_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pop port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ dontaudit $1 pop_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pop_port',`
++ corenet_udp_send_pop_port($1)
++ corenet_udp_receive_pop_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pop port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pop_port',`
++ corenet_dontaudit_udp_send_pop_port($1)
++ corenet_dontaudit_udp_receive_pop_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ allow $1 pop_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the pop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ allow $1 pop_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the pop port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pop_port',`
++ gen_require(`
++ type pop_port_t;
++ ')
++
++ allow $1 pop_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pop_client_packets',`
++ gen_require(`
++ type pop_client_packet_t;
++ ')
++
++ allow $1 pop_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pop_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pop_client_packets',`
++ gen_require(`
++ type pop_client_packet_t;
++ ')
++
++ dontaudit $1 pop_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pop_client_packets',`
++ gen_require(`
++ type pop_client_packet_t;
++ ')
++
++ allow $1 pop_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pop_client_packets',`
++ gen_require(`
++ type pop_client_packet_t;
++ ')
++
++ dontaudit $1 pop_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pop_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pop_client_packets',`
++ corenet_send_pop_client_packets($1)
++ corenet_receive_pop_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pop_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pop_client_packets',`
++ corenet_dontaudit_send_pop_client_packets($1)
++ corenet_dontaudit_receive_pop_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pop_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pop_client_packets',`
++ gen_require(`
++ type pop_client_packet_t;
++ ')
++
++ allow $1 pop_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pop_server_packets',`
++ gen_require(`
++ type pop_server_packet_t;
++ ')
++
++ allow $1 pop_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pop_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pop_server_packets',`
++ gen_require(`
++ type pop_server_packet_t;
++ ')
++
++ dontaudit $1 pop_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pop_server_packets',`
++ gen_require(`
++ type pop_server_packet_t;
++ ')
++
++ allow $1 pop_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pop_server_packets',`
++ gen_require(`
++ type pop_server_packet_t;
++ ')
++
++ dontaudit $1 pop_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pop_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pop_server_packets',`
++ corenet_send_pop_server_packets($1)
++ corenet_receive_pop_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pop_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pop_server_packets',`
++ corenet_dontaudit_send_pop_server_packets($1)
++ corenet_dontaudit_receive_pop_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pop_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pop_server_packets',`
++ gen_require(`
++ type pop_server_packet_t;
++ ')
++
++ allow $1 pop_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the portmap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ allow $1 portmap_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the portmap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ allow $1 portmap_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the portmap port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ dontaudit $1 portmap_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the portmap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ allow $1 portmap_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the portmap port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ dontaudit $1 portmap_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the portmap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_portmap_port',`
++ corenet_udp_send_portmap_port($1)
++ corenet_udp_receive_portmap_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the portmap port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_portmap_port',`
++ corenet_dontaudit_udp_send_portmap_port($1)
++ corenet_dontaudit_udp_receive_portmap_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the portmap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ allow $1 portmap_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the portmap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ allow $1 portmap_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the portmap port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_portmap_port',`
++ gen_require(`
++ type portmap_port_t;
++ ')
++
++ allow $1 portmap_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send portmap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_portmap_client_packets',`
++ gen_require(`
++ type portmap_client_packet_t;
++ ')
++
++ allow $1 portmap_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send portmap_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_portmap_client_packets',`
++ gen_require(`
++ type portmap_client_packet_t;
++ ')
++
++ dontaudit $1 portmap_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive portmap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_portmap_client_packets',`
++ gen_require(`
++ type portmap_client_packet_t;
++ ')
++
++ allow $1 portmap_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive portmap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_portmap_client_packets',`
++ gen_require(`
++ type portmap_client_packet_t;
++ ')
++
++ dontaudit $1 portmap_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive portmap_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_portmap_client_packets',`
++ corenet_send_portmap_client_packets($1)
++ corenet_receive_portmap_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive portmap_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_portmap_client_packets',`
++ corenet_dontaudit_send_portmap_client_packets($1)
++ corenet_dontaudit_receive_portmap_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to portmap_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_portmap_client_packets',`
++ gen_require(`
++ type portmap_client_packet_t;
++ ')
++
++ allow $1 portmap_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send portmap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_portmap_server_packets',`
++ gen_require(`
++ type portmap_server_packet_t;
++ ')
++
++ allow $1 portmap_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send portmap_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_portmap_server_packets',`
++ gen_require(`
++ type portmap_server_packet_t;
++ ')
++
++ dontaudit $1 portmap_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive portmap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_portmap_server_packets',`
++ gen_require(`
++ type portmap_server_packet_t;
++ ')
++
++ allow $1 portmap_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive portmap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_portmap_server_packets',`
++ gen_require(`
++ type portmap_server_packet_t;
++ ')
++
++ dontaudit $1 portmap_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive portmap_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_portmap_server_packets',`
++ corenet_send_portmap_server_packets($1)
++ corenet_receive_portmap_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive portmap_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_portmap_server_packets',`
++ corenet_dontaudit_send_portmap_server_packets($1)
++ corenet_dontaudit_receive_portmap_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to portmap_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_portmap_server_packets',`
++ gen_require(`
++ type portmap_server_packet_t;
++ ')
++
++ allow $1 portmap_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the postgresql port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ allow $1 postgresql_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the postgresql port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ allow $1 postgresql_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the postgresql port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ dontaudit $1 postgresql_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the postgresql port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ allow $1 postgresql_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the postgresql port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ dontaudit $1 postgresql_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the postgresql port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_postgresql_port',`
++ corenet_udp_send_postgresql_port($1)
++ corenet_udp_receive_postgresql_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the postgresql port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_postgresql_port',`
++ corenet_dontaudit_udp_send_postgresql_port($1)
++ corenet_dontaudit_udp_receive_postgresql_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the postgresql port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ allow $1 postgresql_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the postgresql port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ allow $1 postgresql_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the postgresql port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_postgresql_port',`
++ gen_require(`
++ type postgresql_port_t;
++ ')
++
++ allow $1 postgresql_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send postgresql_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_postgresql_client_packets',`
++ gen_require(`
++ type postgresql_client_packet_t;
++ ')
++
++ allow $1 postgresql_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send postgresql_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_postgresql_client_packets',`
++ gen_require(`
++ type postgresql_client_packet_t;
++ ')
++
++ dontaudit $1 postgresql_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive postgresql_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_postgresql_client_packets',`
++ gen_require(`
++ type postgresql_client_packet_t;
++ ')
++
++ allow $1 postgresql_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive postgresql_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_postgresql_client_packets',`
++ gen_require(`
++ type postgresql_client_packet_t;
++ ')
++
++ dontaudit $1 postgresql_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive postgresql_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_postgresql_client_packets',`
++ corenet_send_postgresql_client_packets($1)
++ corenet_receive_postgresql_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive postgresql_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_postgresql_client_packets',`
++ corenet_dontaudit_send_postgresql_client_packets($1)
++ corenet_dontaudit_receive_postgresql_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to postgresql_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_postgresql_client_packets',`
++ gen_require(`
++ type postgresql_client_packet_t;
++ ')
++
++ allow $1 postgresql_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send postgresql_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_postgresql_server_packets',`
++ gen_require(`
++ type postgresql_server_packet_t;
++ ')
++
++ allow $1 postgresql_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send postgresql_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_postgresql_server_packets',`
++ gen_require(`
++ type postgresql_server_packet_t;
++ ')
++
++ dontaudit $1 postgresql_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive postgresql_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_postgresql_server_packets',`
++ gen_require(`
++ type postgresql_server_packet_t;
++ ')
++
++ allow $1 postgresql_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive postgresql_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_postgresql_server_packets',`
++ gen_require(`
++ type postgresql_server_packet_t;
++ ')
++
++ dontaudit $1 postgresql_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive postgresql_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_postgresql_server_packets',`
++ corenet_send_postgresql_server_packets($1)
++ corenet_receive_postgresql_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive postgresql_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_postgresql_server_packets',`
++ corenet_dontaudit_send_postgresql_server_packets($1)
++ corenet_dontaudit_receive_postgresql_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to postgresql_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_postgresql_server_packets',`
++ gen_require(`
++ type postgresql_server_packet_t;
++ ')
++
++ allow $1 postgresql_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the postgrey port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ allow $1 postgrey_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the postgrey port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ allow $1 postgrey_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the postgrey port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ dontaudit $1 postgrey_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the postgrey port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ allow $1 postgrey_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the postgrey port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ dontaudit $1 postgrey_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the postgrey port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_postgrey_port',`
++ corenet_udp_send_postgrey_port($1)
++ corenet_udp_receive_postgrey_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the postgrey port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_postgrey_port',`
++ corenet_dontaudit_udp_send_postgrey_port($1)
++ corenet_dontaudit_udp_receive_postgrey_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the postgrey port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ allow $1 postgrey_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the postgrey port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ allow $1 postgrey_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the postgrey port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_postgrey_port',`
++ gen_require(`
++ type postgrey_port_t;
++ ')
++
++ allow $1 postgrey_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send postgrey_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_postgrey_client_packets',`
++ gen_require(`
++ type postgrey_client_packet_t;
++ ')
++
++ allow $1 postgrey_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send postgrey_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_postgrey_client_packets',`
++ gen_require(`
++ type postgrey_client_packet_t;
++ ')
++
++ dontaudit $1 postgrey_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive postgrey_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_postgrey_client_packets',`
++ gen_require(`
++ type postgrey_client_packet_t;
++ ')
++
++ allow $1 postgrey_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive postgrey_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_postgrey_client_packets',`
++ gen_require(`
++ type postgrey_client_packet_t;
++ ')
++
++ dontaudit $1 postgrey_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive postgrey_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_postgrey_client_packets',`
++ corenet_send_postgrey_client_packets($1)
++ corenet_receive_postgrey_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive postgrey_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_postgrey_client_packets',`
++ corenet_dontaudit_send_postgrey_client_packets($1)
++ corenet_dontaudit_receive_postgrey_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to postgrey_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_postgrey_client_packets',`
++ gen_require(`
++ type postgrey_client_packet_t;
++ ')
++
++ allow $1 postgrey_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send postgrey_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_postgrey_server_packets',`
++ gen_require(`
++ type postgrey_server_packet_t;
++ ')
++
++ allow $1 postgrey_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send postgrey_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_postgrey_server_packets',`
++ gen_require(`
++ type postgrey_server_packet_t;
++ ')
++
++ dontaudit $1 postgrey_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive postgrey_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_postgrey_server_packets',`
++ gen_require(`
++ type postgrey_server_packet_t;
++ ')
++
++ allow $1 postgrey_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive postgrey_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_postgrey_server_packets',`
++ gen_require(`
++ type postgrey_server_packet_t;
++ ')
++
++ dontaudit $1 postgrey_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive postgrey_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_postgrey_server_packets',`
++ corenet_send_postgrey_server_packets($1)
++ corenet_receive_postgrey_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive postgrey_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_postgrey_server_packets',`
++ corenet_dontaudit_send_postgrey_server_packets($1)
++ corenet_dontaudit_receive_postgrey_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to postgrey_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_postgrey_server_packets',`
++ gen_require(`
++ type postgrey_server_packet_t;
++ ')
++
++ allow $1 postgrey_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the prelude port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ allow $1 prelude_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the prelude port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ allow $1 prelude_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the prelude port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ dontaudit $1 prelude_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the prelude port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ allow $1 prelude_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the prelude port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ dontaudit $1 prelude_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the prelude port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_prelude_port',`
++ corenet_udp_send_prelude_port($1)
++ corenet_udp_receive_prelude_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the prelude port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_prelude_port',`
++ corenet_dontaudit_udp_send_prelude_port($1)
++ corenet_dontaudit_udp_receive_prelude_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the prelude port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ allow $1 prelude_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the prelude port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ allow $1 prelude_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the prelude port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_prelude_port',`
++ gen_require(`
++ type prelude_port_t;
++ ')
++
++ allow $1 prelude_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send prelude_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_prelude_client_packets',`
++ gen_require(`
++ type prelude_client_packet_t;
++ ')
++
++ allow $1 prelude_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send prelude_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_prelude_client_packets',`
++ gen_require(`
++ type prelude_client_packet_t;
++ ')
++
++ dontaudit $1 prelude_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive prelude_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_prelude_client_packets',`
++ gen_require(`
++ type prelude_client_packet_t;
++ ')
++
++ allow $1 prelude_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive prelude_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_prelude_client_packets',`
++ gen_require(`
++ type prelude_client_packet_t;
++ ')
++
++ dontaudit $1 prelude_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive prelude_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_prelude_client_packets',`
++ corenet_send_prelude_client_packets($1)
++ corenet_receive_prelude_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive prelude_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_prelude_client_packets',`
++ corenet_dontaudit_send_prelude_client_packets($1)
++ corenet_dontaudit_receive_prelude_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to prelude_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_prelude_client_packets',`
++ gen_require(`
++ type prelude_client_packet_t;
++ ')
++
++ allow $1 prelude_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send prelude_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_prelude_server_packets',`
++ gen_require(`
++ type prelude_server_packet_t;
++ ')
++
++ allow $1 prelude_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send prelude_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_prelude_server_packets',`
++ gen_require(`
++ type prelude_server_packet_t;
++ ')
++
++ dontaudit $1 prelude_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive prelude_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_prelude_server_packets',`
++ gen_require(`
++ type prelude_server_packet_t;
++ ')
++
++ allow $1 prelude_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive prelude_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_prelude_server_packets',`
++ gen_require(`
++ type prelude_server_packet_t;
++ ')
++
++ dontaudit $1 prelude_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive prelude_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_prelude_server_packets',`
++ corenet_send_prelude_server_packets($1)
++ corenet_receive_prelude_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive prelude_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_prelude_server_packets',`
++ corenet_dontaudit_send_prelude_server_packets($1)
++ corenet_dontaudit_receive_prelude_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to prelude_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_prelude_server_packets',`
++ gen_require(`
++ type prelude_server_packet_t;
++ ')
++
++ allow $1 prelude_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the printer port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ allow $1 printer_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the printer port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ allow $1 printer_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the printer port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ dontaudit $1 printer_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the printer port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ allow $1 printer_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the printer port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ dontaudit $1 printer_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the printer port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_printer_port',`
++ corenet_udp_send_printer_port($1)
++ corenet_udp_receive_printer_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the printer port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_printer_port',`
++ corenet_dontaudit_udp_send_printer_port($1)
++ corenet_dontaudit_udp_receive_printer_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the printer port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ allow $1 printer_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the printer port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ allow $1 printer_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the printer port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_printer_port',`
++ gen_require(`
++ type printer_port_t;
++ ')
++
++ allow $1 printer_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send printer_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_printer_client_packets',`
++ gen_require(`
++ type printer_client_packet_t;
++ ')
++
++ allow $1 printer_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send printer_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_printer_client_packets',`
++ gen_require(`
++ type printer_client_packet_t;
++ ')
++
++ dontaudit $1 printer_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive printer_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_printer_client_packets',`
++ gen_require(`
++ type printer_client_packet_t;
++ ')
++
++ allow $1 printer_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive printer_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_printer_client_packets',`
++ gen_require(`
++ type printer_client_packet_t;
++ ')
++
++ dontaudit $1 printer_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive printer_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_printer_client_packets',`
++ corenet_send_printer_client_packets($1)
++ corenet_receive_printer_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive printer_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_printer_client_packets',`
++ corenet_dontaudit_send_printer_client_packets($1)
++ corenet_dontaudit_receive_printer_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to printer_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_printer_client_packets',`
++ gen_require(`
++ type printer_client_packet_t;
++ ')
++
++ allow $1 printer_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send printer_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_printer_server_packets',`
++ gen_require(`
++ type printer_server_packet_t;
++ ')
++
++ allow $1 printer_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send printer_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_printer_server_packets',`
++ gen_require(`
++ type printer_server_packet_t;
++ ')
++
++ dontaudit $1 printer_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive printer_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_printer_server_packets',`
++ gen_require(`
++ type printer_server_packet_t;
++ ')
++
++ allow $1 printer_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive printer_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_printer_server_packets',`
++ gen_require(`
++ type printer_server_packet_t;
++ ')
++
++ dontaudit $1 printer_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive printer_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_printer_server_packets',`
++ corenet_send_printer_server_packets($1)
++ corenet_receive_printer_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive printer_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_printer_server_packets',`
++ corenet_dontaudit_send_printer_server_packets($1)
++ corenet_dontaudit_receive_printer_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to printer_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_printer_server_packets',`
++ gen_require(`
++ type printer_server_packet_t;
++ ')
++
++ allow $1 printer_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ptal port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ allow $1 ptal_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ptal port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ allow $1 ptal_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ptal port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ dontaudit $1 ptal_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ptal port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ allow $1 ptal_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ptal port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ dontaudit $1 ptal_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ptal port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ptal_port',`
++ corenet_udp_send_ptal_port($1)
++ corenet_udp_receive_ptal_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ptal port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ptal_port',`
++ corenet_dontaudit_udp_send_ptal_port($1)
++ corenet_dontaudit_udp_receive_ptal_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ptal port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ allow $1 ptal_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the ptal port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ allow $1 ptal_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the ptal port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ptal_port',`
++ gen_require(`
++ type ptal_port_t;
++ ')
++
++ allow $1 ptal_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ptal_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ptal_client_packets',`
++ gen_require(`
++ type ptal_client_packet_t;
++ ')
++
++ allow $1 ptal_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ptal_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ptal_client_packets',`
++ gen_require(`
++ type ptal_client_packet_t;
++ ')
++
++ dontaudit $1 ptal_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ptal_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ptal_client_packets',`
++ gen_require(`
++ type ptal_client_packet_t;
++ ')
++
++ allow $1 ptal_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ptal_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ptal_client_packets',`
++ gen_require(`
++ type ptal_client_packet_t;
++ ')
++
++ dontaudit $1 ptal_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ptal_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ptal_client_packets',`
++ corenet_send_ptal_client_packets($1)
++ corenet_receive_ptal_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ptal_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ptal_client_packets',`
++ corenet_dontaudit_send_ptal_client_packets($1)
++ corenet_dontaudit_receive_ptal_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ptal_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ptal_client_packets',`
++ gen_require(`
++ type ptal_client_packet_t;
++ ')
++
++ allow $1 ptal_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ptal_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ptal_server_packets',`
++ gen_require(`
++ type ptal_server_packet_t;
++ ')
++
++ allow $1 ptal_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ptal_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ptal_server_packets',`
++ gen_require(`
++ type ptal_server_packet_t;
++ ')
++
++ dontaudit $1 ptal_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ptal_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ptal_server_packets',`
++ gen_require(`
++ type ptal_server_packet_t;
++ ')
++
++ allow $1 ptal_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ptal_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ptal_server_packets',`
++ gen_require(`
++ type ptal_server_packet_t;
++ ')
++
++ dontaudit $1 ptal_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ptal_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ptal_server_packets',`
++ corenet_send_ptal_server_packets($1)
++ corenet_receive_ptal_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ptal_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ptal_server_packets',`
++ corenet_dontaudit_send_ptal_server_packets($1)
++ corenet_dontaudit_receive_ptal_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ptal_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ptal_server_packets',`
++ gen_require(`
++ type ptal_server_packet_t;
++ ')
++
++ allow $1 ptal_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pxe port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ allow $1 pxe_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pxe port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ allow $1 pxe_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pxe port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ dontaudit $1 pxe_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pxe port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ allow $1 pxe_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pxe port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ dontaudit $1 pxe_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pxe port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pxe_port',`
++ corenet_udp_send_pxe_port($1)
++ corenet_udp_receive_pxe_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pxe port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pxe_port',`
++ corenet_dontaudit_udp_send_pxe_port($1)
++ corenet_dontaudit_udp_receive_pxe_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pxe port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ allow $1 pxe_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pxe port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ allow $1 pxe_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pxe port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pxe_port',`
++ gen_require(`
++ type pxe_port_t;
++ ')
++
++ allow $1 pxe_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pxe_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pxe_client_packets',`
++ gen_require(`
++ type pxe_client_packet_t;
++ ')
++
++ allow $1 pxe_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pxe_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pxe_client_packets',`
++ gen_require(`
++ type pxe_client_packet_t;
++ ')
++
++ dontaudit $1 pxe_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pxe_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pxe_client_packets',`
++ gen_require(`
++ type pxe_client_packet_t;
++ ')
++
++ allow $1 pxe_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pxe_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pxe_client_packets',`
++ gen_require(`
++ type pxe_client_packet_t;
++ ')
++
++ dontaudit $1 pxe_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pxe_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pxe_client_packets',`
++ corenet_send_pxe_client_packets($1)
++ corenet_receive_pxe_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pxe_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pxe_client_packets',`
++ corenet_dontaudit_send_pxe_client_packets($1)
++ corenet_dontaudit_receive_pxe_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pxe_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pxe_client_packets',`
++ gen_require(`
++ type pxe_client_packet_t;
++ ')
++
++ allow $1 pxe_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pxe_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pxe_server_packets',`
++ gen_require(`
++ type pxe_server_packet_t;
++ ')
++
++ allow $1 pxe_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pxe_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pxe_server_packets',`
++ gen_require(`
++ type pxe_server_packet_t;
++ ')
++
++ dontaudit $1 pxe_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pxe_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pxe_server_packets',`
++ gen_require(`
++ type pxe_server_packet_t;
++ ')
++
++ allow $1 pxe_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pxe_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pxe_server_packets',`
++ gen_require(`
++ type pxe_server_packet_t;
++ ')
++
++ dontaudit $1 pxe_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pxe_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pxe_server_packets',`
++ corenet_send_pxe_server_packets($1)
++ corenet_receive_pxe_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pxe_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pxe_server_packets',`
++ corenet_dontaudit_send_pxe_server_packets($1)
++ corenet_dontaudit_receive_pxe_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pxe_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pxe_server_packets',`
++ gen_require(`
++ type pxe_server_packet_t;
++ ')
++
++ allow $1 pxe_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the pyzor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ allow $1 pyzor_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the pyzor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ allow $1 pyzor_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the pyzor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ dontaudit $1 pyzor_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the pyzor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ allow $1 pyzor_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the pyzor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ dontaudit $1 pyzor_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the pyzor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_pyzor_port',`
++ corenet_udp_send_pyzor_port($1)
++ corenet_udp_receive_pyzor_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the pyzor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_pyzor_port',`
++ corenet_dontaudit_udp_send_pyzor_port($1)
++ corenet_dontaudit_udp_receive_pyzor_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the pyzor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ allow $1 pyzor_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the pyzor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ allow $1 pyzor_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the pyzor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_pyzor_port',`
++ gen_require(`
++ type pyzor_port_t;
++ ')
++
++ allow $1 pyzor_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send pyzor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pyzor_client_packets',`
++ gen_require(`
++ type pyzor_client_packet_t;
++ ')
++
++ allow $1 pyzor_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pyzor_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pyzor_client_packets',`
++ gen_require(`
++ type pyzor_client_packet_t;
++ ')
++
++ dontaudit $1 pyzor_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pyzor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pyzor_client_packets',`
++ gen_require(`
++ type pyzor_client_packet_t;
++ ')
++
++ allow $1 pyzor_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pyzor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pyzor_client_packets',`
++ gen_require(`
++ type pyzor_client_packet_t;
++ ')
++
++ dontaudit $1 pyzor_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pyzor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pyzor_client_packets',`
++ corenet_send_pyzor_client_packets($1)
++ corenet_receive_pyzor_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pyzor_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pyzor_client_packets',`
++ corenet_dontaudit_send_pyzor_client_packets($1)
++ corenet_dontaudit_receive_pyzor_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pyzor_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pyzor_client_packets',`
++ gen_require(`
++ type pyzor_client_packet_t;
++ ')
++
++ allow $1 pyzor_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send pyzor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_pyzor_server_packets',`
++ gen_require(`
++ type pyzor_server_packet_t;
++ ')
++
++ allow $1 pyzor_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send pyzor_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_pyzor_server_packets',`
++ gen_require(`
++ type pyzor_server_packet_t;
++ ')
++
++ dontaudit $1 pyzor_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive pyzor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_pyzor_server_packets',`
++ gen_require(`
++ type pyzor_server_packet_t;
++ ')
++
++ allow $1 pyzor_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive pyzor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_pyzor_server_packets',`
++ gen_require(`
++ type pyzor_server_packet_t;
++ ')
++
++ dontaudit $1 pyzor_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive pyzor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_pyzor_server_packets',`
++ corenet_send_pyzor_server_packets($1)
++ corenet_receive_pyzor_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive pyzor_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_pyzor_server_packets',`
++ corenet_dontaudit_send_pyzor_server_packets($1)
++ corenet_dontaudit_receive_pyzor_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to pyzor_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_pyzor_server_packets',`
++ gen_require(`
++ type pyzor_server_packet_t;
++ ')
++
++ allow $1 pyzor_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the radacct port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ allow $1 radacct_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the radacct port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ allow $1 radacct_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the radacct port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ dontaudit $1 radacct_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the radacct port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ allow $1 radacct_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the radacct port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ dontaudit $1 radacct_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the radacct port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_radacct_port',`
++ corenet_udp_send_radacct_port($1)
++ corenet_udp_receive_radacct_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the radacct port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_radacct_port',`
++ corenet_dontaudit_udp_send_radacct_port($1)
++ corenet_dontaudit_udp_receive_radacct_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the radacct port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ allow $1 radacct_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the radacct port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ allow $1 radacct_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the radacct port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_radacct_port',`
++ gen_require(`
++ type radacct_port_t;
++ ')
++
++ allow $1 radacct_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send radacct_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_radacct_client_packets',`
++ gen_require(`
++ type radacct_client_packet_t;
++ ')
++
++ allow $1 radacct_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send radacct_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_radacct_client_packets',`
++ gen_require(`
++ type radacct_client_packet_t;
++ ')
++
++ dontaudit $1 radacct_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive radacct_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_radacct_client_packets',`
++ gen_require(`
++ type radacct_client_packet_t;
++ ')
++
++ allow $1 radacct_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive radacct_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_radacct_client_packets',`
++ gen_require(`
++ type radacct_client_packet_t;
++ ')
++
++ dontaudit $1 radacct_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive radacct_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_radacct_client_packets',`
++ corenet_send_radacct_client_packets($1)
++ corenet_receive_radacct_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive radacct_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_radacct_client_packets',`
++ corenet_dontaudit_send_radacct_client_packets($1)
++ corenet_dontaudit_receive_radacct_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to radacct_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_radacct_client_packets',`
++ gen_require(`
++ type radacct_client_packet_t;
++ ')
++
++ allow $1 radacct_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send radacct_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_radacct_server_packets',`
++ gen_require(`
++ type radacct_server_packet_t;
++ ')
++
++ allow $1 radacct_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send radacct_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_radacct_server_packets',`
++ gen_require(`
++ type radacct_server_packet_t;
++ ')
++
++ dontaudit $1 radacct_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive radacct_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_radacct_server_packets',`
++ gen_require(`
++ type radacct_server_packet_t;
++ ')
++
++ allow $1 radacct_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive radacct_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_radacct_server_packets',`
++ gen_require(`
++ type radacct_server_packet_t;
++ ')
++
++ dontaudit $1 radacct_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive radacct_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_radacct_server_packets',`
++ corenet_send_radacct_server_packets($1)
++ corenet_receive_radacct_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive radacct_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_radacct_server_packets',`
++ corenet_dontaudit_send_radacct_server_packets($1)
++ corenet_dontaudit_receive_radacct_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to radacct_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_radacct_server_packets',`
++ gen_require(`
++ type radacct_server_packet_t;
++ ')
++
++ allow $1 radacct_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the radius port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ allow $1 radius_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the radius port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ allow $1 radius_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the radius port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ dontaudit $1 radius_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the radius port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ allow $1 radius_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the radius port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ dontaudit $1 radius_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the radius port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_radius_port',`
++ corenet_udp_send_radius_port($1)
++ corenet_udp_receive_radius_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the radius port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_radius_port',`
++ corenet_dontaudit_udp_send_radius_port($1)
++ corenet_dontaudit_udp_receive_radius_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the radius port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ allow $1 radius_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the radius port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ allow $1 radius_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the radius port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_radius_port',`
++ gen_require(`
++ type radius_port_t;
++ ')
++
++ allow $1 radius_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send radius_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_radius_client_packets',`
++ gen_require(`
++ type radius_client_packet_t;
++ ')
++
++ allow $1 radius_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send radius_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_radius_client_packets',`
++ gen_require(`
++ type radius_client_packet_t;
++ ')
++
++ dontaudit $1 radius_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive radius_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_radius_client_packets',`
++ gen_require(`
++ type radius_client_packet_t;
++ ')
++
++ allow $1 radius_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive radius_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_radius_client_packets',`
++ gen_require(`
++ type radius_client_packet_t;
++ ')
++
++ dontaudit $1 radius_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive radius_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_radius_client_packets',`
++ corenet_send_radius_client_packets($1)
++ corenet_receive_radius_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive radius_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_radius_client_packets',`
++ corenet_dontaudit_send_radius_client_packets($1)
++ corenet_dontaudit_receive_radius_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to radius_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_radius_client_packets',`
++ gen_require(`
++ type radius_client_packet_t;
++ ')
++
++ allow $1 radius_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send radius_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_radius_server_packets',`
++ gen_require(`
++ type radius_server_packet_t;
++ ')
++
++ allow $1 radius_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send radius_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_radius_server_packets',`
++ gen_require(`
++ type radius_server_packet_t;
++ ')
++
++ dontaudit $1 radius_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive radius_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_radius_server_packets',`
++ gen_require(`
++ type radius_server_packet_t;
++ ')
++
++ allow $1 radius_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive radius_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_radius_server_packets',`
++ gen_require(`
++ type radius_server_packet_t;
++ ')
++
++ dontaudit $1 radius_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive radius_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_radius_server_packets',`
++ corenet_send_radius_server_packets($1)
++ corenet_receive_radius_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive radius_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_radius_server_packets',`
++ corenet_dontaudit_send_radius_server_packets($1)
++ corenet_dontaudit_receive_radius_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to radius_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_radius_server_packets',`
++ gen_require(`
++ type radius_server_packet_t;
++ ')
++
++ allow $1 radius_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the razor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ allow $1 razor_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the razor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ allow $1 razor_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the razor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ dontaudit $1 razor_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the razor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ allow $1 razor_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the razor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ dontaudit $1 razor_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the razor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_razor_port',`
++ corenet_udp_send_razor_port($1)
++ corenet_udp_receive_razor_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the razor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_razor_port',`
++ corenet_dontaudit_udp_send_razor_port($1)
++ corenet_dontaudit_udp_receive_razor_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the razor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ allow $1 razor_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the razor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ allow $1 razor_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the razor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_razor_port',`
++ gen_require(`
++ type razor_port_t;
++ ')
++
++ allow $1 razor_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send razor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_razor_client_packets',`
++ gen_require(`
++ type razor_client_packet_t;
++ ')
++
++ allow $1 razor_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send razor_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_razor_client_packets',`
++ gen_require(`
++ type razor_client_packet_t;
++ ')
++
++ dontaudit $1 razor_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive razor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_razor_client_packets',`
++ gen_require(`
++ type razor_client_packet_t;
++ ')
++
++ allow $1 razor_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive razor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_razor_client_packets',`
++ gen_require(`
++ type razor_client_packet_t;
++ ')
++
++ dontaudit $1 razor_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive razor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_razor_client_packets',`
++ corenet_send_razor_client_packets($1)
++ corenet_receive_razor_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive razor_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_razor_client_packets',`
++ corenet_dontaudit_send_razor_client_packets($1)
++ corenet_dontaudit_receive_razor_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to razor_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_razor_client_packets',`
++ gen_require(`
++ type razor_client_packet_t;
++ ')
++
++ allow $1 razor_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send razor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_razor_server_packets',`
++ gen_require(`
++ type razor_server_packet_t;
++ ')
++
++ allow $1 razor_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send razor_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_razor_server_packets',`
++ gen_require(`
++ type razor_server_packet_t;
++ ')
++
++ dontaudit $1 razor_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive razor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_razor_server_packets',`
++ gen_require(`
++ type razor_server_packet_t;
++ ')
++
++ allow $1 razor_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive razor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_razor_server_packets',`
++ gen_require(`
++ type razor_server_packet_t;
++ ')
++
++ dontaudit $1 razor_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive razor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_razor_server_packets',`
++ corenet_send_razor_server_packets($1)
++ corenet_receive_razor_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive razor_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_razor_server_packets',`
++ corenet_dontaudit_send_razor_server_packets($1)
++ corenet_dontaudit_receive_razor_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to razor_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_razor_server_packets',`
++ gen_require(`
++ type razor_server_packet_t;
++ ')
++
++ allow $1 razor_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ricci port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ allow $1 ricci_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ricci port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ allow $1 ricci_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ricci port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ dontaudit $1 ricci_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ricci port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ allow $1 ricci_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ricci port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ dontaudit $1 ricci_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ricci port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ricci_port',`
++ corenet_udp_send_ricci_port($1)
++ corenet_udp_receive_ricci_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ricci port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ricci_port',`
++ corenet_dontaudit_udp_send_ricci_port($1)
++ corenet_dontaudit_udp_receive_ricci_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ricci port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ allow $1 ricci_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the ricci port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ allow $1 ricci_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the ricci port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ricci_port',`
++ gen_require(`
++ type ricci_port_t;
++ ')
++
++ allow $1 ricci_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ricci_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ricci_client_packets',`
++ gen_require(`
++ type ricci_client_packet_t;
++ ')
++
++ allow $1 ricci_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ricci_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ricci_client_packets',`
++ gen_require(`
++ type ricci_client_packet_t;
++ ')
++
++ dontaudit $1 ricci_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ricci_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ricci_client_packets',`
++ gen_require(`
++ type ricci_client_packet_t;
++ ')
++
++ allow $1 ricci_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ricci_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ricci_client_packets',`
++ gen_require(`
++ type ricci_client_packet_t;
++ ')
++
++ dontaudit $1 ricci_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ricci_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ricci_client_packets',`
++ corenet_send_ricci_client_packets($1)
++ corenet_receive_ricci_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ricci_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ricci_client_packets',`
++ corenet_dontaudit_send_ricci_client_packets($1)
++ corenet_dontaudit_receive_ricci_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ricci_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ricci_client_packets',`
++ gen_require(`
++ type ricci_client_packet_t;
++ ')
++
++ allow $1 ricci_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ricci_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ricci_server_packets',`
++ gen_require(`
++ type ricci_server_packet_t;
++ ')
++
++ allow $1 ricci_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ricci_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ricci_server_packets',`
++ gen_require(`
++ type ricci_server_packet_t;
++ ')
++
++ dontaudit $1 ricci_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ricci_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ricci_server_packets',`
++ gen_require(`
++ type ricci_server_packet_t;
++ ')
++
++ allow $1 ricci_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ricci_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ricci_server_packets',`
++ gen_require(`
++ type ricci_server_packet_t;
++ ')
++
++ dontaudit $1 ricci_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ricci_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ricci_server_packets',`
++ corenet_send_ricci_server_packets($1)
++ corenet_receive_ricci_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ricci_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ricci_server_packets',`
++ corenet_dontaudit_send_ricci_server_packets($1)
++ corenet_dontaudit_receive_ricci_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ricci_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ricci_server_packets',`
++ gen_require(`
++ type ricci_server_packet_t;
++ ')
++
++ allow $1 ricci_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ricci_modcluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ allow $1 ricci_modcluster_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ricci_modcluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ allow $1 ricci_modcluster_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ricci_modcluster port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ dontaudit $1 ricci_modcluster_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ricci_modcluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ allow $1 ricci_modcluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ricci_modcluster port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ dontaudit $1 ricci_modcluster_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ricci_modcluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ricci_modcluster_port',`
++ corenet_udp_send_ricci_modcluster_port($1)
++ corenet_udp_receive_ricci_modcluster_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ricci_modcluster port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ricci_modcluster_port',`
++ corenet_dontaudit_udp_send_ricci_modcluster_port($1)
++ corenet_dontaudit_udp_receive_ricci_modcluster_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ricci_modcluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ allow $1 ricci_modcluster_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the ricci_modcluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ allow $1 ricci_modcluster_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the ricci_modcluster port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ricci_modcluster_port',`
++ gen_require(`
++ type ricci_modcluster_port_t;
++ ')
++
++ allow $1 ricci_modcluster_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ricci_modcluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ricci_modcluster_client_packets',`
++ gen_require(`
++ type ricci_modcluster_client_packet_t;
++ ')
++
++ allow $1 ricci_modcluster_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ricci_modcluster_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ricci_modcluster_client_packets',`
++ gen_require(`
++ type ricci_modcluster_client_packet_t;
++ ')
++
++ dontaudit $1 ricci_modcluster_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ricci_modcluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ricci_modcluster_client_packets',`
++ gen_require(`
++ type ricci_modcluster_client_packet_t;
++ ')
++
++ allow $1 ricci_modcluster_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ricci_modcluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ricci_modcluster_client_packets',`
++ gen_require(`
++ type ricci_modcluster_client_packet_t;
++ ')
++
++ dontaudit $1 ricci_modcluster_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ricci_modcluster_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ricci_modcluster_client_packets',`
++ corenet_send_ricci_modcluster_client_packets($1)
++ corenet_receive_ricci_modcluster_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ricci_modcluster_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ricci_modcluster_client_packets',`
++ corenet_dontaudit_send_ricci_modcluster_client_packets($1)
++ corenet_dontaudit_receive_ricci_modcluster_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ricci_modcluster_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ricci_modcluster_client_packets',`
++ gen_require(`
++ type ricci_modcluster_client_packet_t;
++ ')
++
++ allow $1 ricci_modcluster_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ricci_modcluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ricci_modcluster_server_packets',`
++ gen_require(`
++ type ricci_modcluster_server_packet_t;
++ ')
++
++ allow $1 ricci_modcluster_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ricci_modcluster_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ricci_modcluster_server_packets',`
++ gen_require(`
++ type ricci_modcluster_server_packet_t;
++ ')
++
++ dontaudit $1 ricci_modcluster_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ricci_modcluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ricci_modcluster_server_packets',`
++ gen_require(`
++ type ricci_modcluster_server_packet_t;
++ ')
++
++ allow $1 ricci_modcluster_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ricci_modcluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ricci_modcluster_server_packets',`
++ gen_require(`
++ type ricci_modcluster_server_packet_t;
++ ')
++
++ dontaudit $1 ricci_modcluster_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ricci_modcluster_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ricci_modcluster_server_packets',`
++ corenet_send_ricci_modcluster_server_packets($1)
++ corenet_receive_ricci_modcluster_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ricci_modcluster_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ricci_modcluster_server_packets',`
++ corenet_dontaudit_send_ricci_modcluster_server_packets($1)
++ corenet_dontaudit_receive_ricci_modcluster_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ricci_modcluster_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ricci_modcluster_server_packets',`
++ gen_require(`
++ type ricci_modcluster_server_packet_t;
++ ')
++
++ allow $1 ricci_modcluster_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the rlogind port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ allow $1 rlogind_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the rlogind port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ allow $1 rlogind_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the rlogind port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ dontaudit $1 rlogind_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the rlogind port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ allow $1 rlogind_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the rlogind port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ dontaudit $1 rlogind_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the rlogind port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_rlogind_port',`
++ corenet_udp_send_rlogind_port($1)
++ corenet_udp_receive_rlogind_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the rlogind port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_rlogind_port',`
++ corenet_dontaudit_udp_send_rlogind_port($1)
++ corenet_dontaudit_udp_receive_rlogind_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the rlogind port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ allow $1 rlogind_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the rlogind port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ allow $1 rlogind_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the rlogind port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_rlogind_port',`
++ gen_require(`
++ type rlogind_port_t;
++ ')
++
++ allow $1 rlogind_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send rlogind_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rlogind_client_packets',`
++ gen_require(`
++ type rlogind_client_packet_t;
++ ')
++
++ allow $1 rlogind_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rlogind_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rlogind_client_packets',`
++ gen_require(`
++ type rlogind_client_packet_t;
++ ')
++
++ dontaudit $1 rlogind_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rlogind_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rlogind_client_packets',`
++ gen_require(`
++ type rlogind_client_packet_t;
++ ')
++
++ allow $1 rlogind_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rlogind_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rlogind_client_packets',`
++ gen_require(`
++ type rlogind_client_packet_t;
++ ')
++
++ dontaudit $1 rlogind_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rlogind_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rlogind_client_packets',`
++ corenet_send_rlogind_client_packets($1)
++ corenet_receive_rlogind_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rlogind_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rlogind_client_packets',`
++ corenet_dontaudit_send_rlogind_client_packets($1)
++ corenet_dontaudit_receive_rlogind_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rlogind_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rlogind_client_packets',`
++ gen_require(`
++ type rlogind_client_packet_t;
++ ')
++
++ allow $1 rlogind_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send rlogind_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rlogind_server_packets',`
++ gen_require(`
++ type rlogind_server_packet_t;
++ ')
++
++ allow $1 rlogind_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rlogind_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rlogind_server_packets',`
++ gen_require(`
++ type rlogind_server_packet_t;
++ ')
++
++ dontaudit $1 rlogind_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rlogind_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rlogind_server_packets',`
++ gen_require(`
++ type rlogind_server_packet_t;
++ ')
++
++ allow $1 rlogind_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rlogind_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rlogind_server_packets',`
++ gen_require(`
++ type rlogind_server_packet_t;
++ ')
++
++ dontaudit $1 rlogind_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rlogind_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rlogind_server_packets',`
++ corenet_send_rlogind_server_packets($1)
++ corenet_receive_rlogind_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rlogind_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rlogind_server_packets',`
++ corenet_dontaudit_send_rlogind_server_packets($1)
++ corenet_dontaudit_receive_rlogind_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rlogind_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rlogind_server_packets',`
++ gen_require(`
++ type rlogind_server_packet_t;
++ ')
++
++ allow $1 rlogind_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the rndc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ allow $1 rndc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the rndc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ allow $1 rndc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the rndc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ dontaudit $1 rndc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the rndc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ allow $1 rndc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the rndc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ dontaudit $1 rndc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the rndc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_rndc_port',`
++ corenet_udp_send_rndc_port($1)
++ corenet_udp_receive_rndc_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the rndc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_rndc_port',`
++ corenet_dontaudit_udp_send_rndc_port($1)
++ corenet_dontaudit_udp_receive_rndc_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the rndc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ allow $1 rndc_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the rndc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ allow $1 rndc_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the rndc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_rndc_port',`
++ gen_require(`
++ type rndc_port_t;
++ ')
++
++ allow $1 rndc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send rndc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rndc_client_packets',`
++ gen_require(`
++ type rndc_client_packet_t;
++ ')
++
++ allow $1 rndc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rndc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rndc_client_packets',`
++ gen_require(`
++ type rndc_client_packet_t;
++ ')
++
++ dontaudit $1 rndc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rndc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rndc_client_packets',`
++ gen_require(`
++ type rndc_client_packet_t;
++ ')
++
++ allow $1 rndc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rndc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rndc_client_packets',`
++ gen_require(`
++ type rndc_client_packet_t;
++ ')
++
++ dontaudit $1 rndc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rndc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rndc_client_packets',`
++ corenet_send_rndc_client_packets($1)
++ corenet_receive_rndc_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rndc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rndc_client_packets',`
++ corenet_dontaudit_send_rndc_client_packets($1)
++ corenet_dontaudit_receive_rndc_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rndc_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rndc_client_packets',`
++ gen_require(`
++ type rndc_client_packet_t;
++ ')
++
++ allow $1 rndc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send rndc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rndc_server_packets',`
++ gen_require(`
++ type rndc_server_packet_t;
++ ')
++
++ allow $1 rndc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rndc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rndc_server_packets',`
++ gen_require(`
++ type rndc_server_packet_t;
++ ')
++
++ dontaudit $1 rndc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rndc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rndc_server_packets',`
++ gen_require(`
++ type rndc_server_packet_t;
++ ')
++
++ allow $1 rndc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rndc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rndc_server_packets',`
++ gen_require(`
++ type rndc_server_packet_t;
++ ')
++
++ dontaudit $1 rndc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rndc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rndc_server_packets',`
++ corenet_send_rndc_server_packets($1)
++ corenet_receive_rndc_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rndc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rndc_server_packets',`
++ corenet_dontaudit_send_rndc_server_packets($1)
++ corenet_dontaudit_receive_rndc_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rndc_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rndc_server_packets',`
++ gen_require(`
++ type rndc_server_packet_t;
++ ')
++
++ allow $1 rndc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the router port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ allow $1 router_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the router port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ allow $1 router_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the router port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ dontaudit $1 router_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the router port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ allow $1 router_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the router port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ dontaudit $1 router_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the router port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_router_port',`
++ corenet_udp_send_router_port($1)
++ corenet_udp_receive_router_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the router port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_router_port',`
++ corenet_dontaudit_udp_send_router_port($1)
++ corenet_dontaudit_udp_receive_router_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the router port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ allow $1 router_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the router port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ allow $1 router_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the router port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_router_port',`
++ gen_require(`
++ type router_port_t;
++ ')
++
++ allow $1 router_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send router_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_router_client_packets',`
++ gen_require(`
++ type router_client_packet_t;
++ ')
++
++ allow $1 router_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send router_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_router_client_packets',`
++ gen_require(`
++ type router_client_packet_t;
++ ')
++
++ dontaudit $1 router_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive router_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_router_client_packets',`
++ gen_require(`
++ type router_client_packet_t;
++ ')
++
++ allow $1 router_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive router_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_router_client_packets',`
++ gen_require(`
++ type router_client_packet_t;
++ ')
++
++ dontaudit $1 router_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive router_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_router_client_packets',`
++ corenet_send_router_client_packets($1)
++ corenet_receive_router_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive router_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_router_client_packets',`
++ corenet_dontaudit_send_router_client_packets($1)
++ corenet_dontaudit_receive_router_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to router_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_router_client_packets',`
++ gen_require(`
++ type router_client_packet_t;
++ ')
++
++ allow $1 router_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send router_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_router_server_packets',`
++ gen_require(`
++ type router_server_packet_t;
++ ')
++
++ allow $1 router_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send router_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_router_server_packets',`
++ gen_require(`
++ type router_server_packet_t;
++ ')
++
++ dontaudit $1 router_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive router_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_router_server_packets',`
++ gen_require(`
++ type router_server_packet_t;
++ ')
++
++ allow $1 router_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive router_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_router_server_packets',`
++ gen_require(`
++ type router_server_packet_t;
++ ')
++
++ dontaudit $1 router_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive router_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_router_server_packets',`
++ corenet_send_router_server_packets($1)
++ corenet_receive_router_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive router_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_router_server_packets',`
++ corenet_dontaudit_send_router_server_packets($1)
++ corenet_dontaudit_receive_router_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to router_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_router_server_packets',`
++ gen_require(`
++ type router_server_packet_t;
++ ')
++
++ allow $1 router_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the rsh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ allow $1 rsh_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the rsh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ allow $1 rsh_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the rsh port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ dontaudit $1 rsh_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the rsh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ allow $1 rsh_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the rsh port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ dontaudit $1 rsh_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the rsh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_rsh_port',`
++ corenet_udp_send_rsh_port($1)
++ corenet_udp_receive_rsh_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the rsh port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_rsh_port',`
++ corenet_dontaudit_udp_send_rsh_port($1)
++ corenet_dontaudit_udp_receive_rsh_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the rsh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ allow $1 rsh_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the rsh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ allow $1 rsh_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the rsh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_rsh_port',`
++ gen_require(`
++ type rsh_port_t;
++ ')
++
++ allow $1 rsh_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send rsh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rsh_client_packets',`
++ gen_require(`
++ type rsh_client_packet_t;
++ ')
++
++ allow $1 rsh_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rsh_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rsh_client_packets',`
++ gen_require(`
++ type rsh_client_packet_t;
++ ')
++
++ dontaudit $1 rsh_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rsh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rsh_client_packets',`
++ gen_require(`
++ type rsh_client_packet_t;
++ ')
++
++ allow $1 rsh_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rsh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rsh_client_packets',`
++ gen_require(`
++ type rsh_client_packet_t;
++ ')
++
++ dontaudit $1 rsh_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rsh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rsh_client_packets',`
++ corenet_send_rsh_client_packets($1)
++ corenet_receive_rsh_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rsh_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rsh_client_packets',`
++ corenet_dontaudit_send_rsh_client_packets($1)
++ corenet_dontaudit_receive_rsh_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rsh_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rsh_client_packets',`
++ gen_require(`
++ type rsh_client_packet_t;
++ ')
++
++ allow $1 rsh_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send rsh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rsh_server_packets',`
++ gen_require(`
++ type rsh_server_packet_t;
++ ')
++
++ allow $1 rsh_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rsh_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rsh_server_packets',`
++ gen_require(`
++ type rsh_server_packet_t;
++ ')
++
++ dontaudit $1 rsh_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rsh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rsh_server_packets',`
++ gen_require(`
++ type rsh_server_packet_t;
++ ')
++
++ allow $1 rsh_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rsh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rsh_server_packets',`
++ gen_require(`
++ type rsh_server_packet_t;
++ ')
++
++ dontaudit $1 rsh_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rsh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rsh_server_packets',`
++ corenet_send_rsh_server_packets($1)
++ corenet_receive_rsh_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rsh_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rsh_server_packets',`
++ corenet_dontaudit_send_rsh_server_packets($1)
++ corenet_dontaudit_receive_rsh_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rsh_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rsh_server_packets',`
++ gen_require(`
++ type rsh_server_packet_t;
++ ')
++
++ allow $1 rsh_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the rsync port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ allow $1 rsync_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the rsync port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ allow $1 rsync_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the rsync port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ dontaudit $1 rsync_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the rsync port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ allow $1 rsync_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the rsync port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ dontaudit $1 rsync_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the rsync port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_rsync_port',`
++ corenet_udp_send_rsync_port($1)
++ corenet_udp_receive_rsync_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the rsync port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_rsync_port',`
++ corenet_dontaudit_udp_send_rsync_port($1)
++ corenet_dontaudit_udp_receive_rsync_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the rsync port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ allow $1 rsync_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the rsync port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ allow $1 rsync_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the rsync port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_rsync_port',`
++ gen_require(`
++ type rsync_port_t;
++ ')
++
++ allow $1 rsync_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send rsync_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rsync_client_packets',`
++ gen_require(`
++ type rsync_client_packet_t;
++ ')
++
++ allow $1 rsync_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rsync_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rsync_client_packets',`
++ gen_require(`
++ type rsync_client_packet_t;
++ ')
++
++ dontaudit $1 rsync_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rsync_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rsync_client_packets',`
++ gen_require(`
++ type rsync_client_packet_t;
++ ')
++
++ allow $1 rsync_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rsync_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rsync_client_packets',`
++ gen_require(`
++ type rsync_client_packet_t;
++ ')
++
++ dontaudit $1 rsync_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rsync_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rsync_client_packets',`
++ corenet_send_rsync_client_packets($1)
++ corenet_receive_rsync_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rsync_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rsync_client_packets',`
++ corenet_dontaudit_send_rsync_client_packets($1)
++ corenet_dontaudit_receive_rsync_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rsync_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rsync_client_packets',`
++ gen_require(`
++ type rsync_client_packet_t;
++ ')
++
++ allow $1 rsync_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send rsync_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rsync_server_packets',`
++ gen_require(`
++ type rsync_server_packet_t;
++ ')
++
++ allow $1 rsync_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rsync_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rsync_server_packets',`
++ gen_require(`
++ type rsync_server_packet_t;
++ ')
++
++ dontaudit $1 rsync_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rsync_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rsync_server_packets',`
++ gen_require(`
++ type rsync_server_packet_t;
++ ')
++
++ allow $1 rsync_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rsync_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rsync_server_packets',`
++ gen_require(`
++ type rsync_server_packet_t;
++ ')
++
++ dontaudit $1 rsync_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rsync_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rsync_server_packets',`
++ corenet_send_rsync_server_packets($1)
++ corenet_receive_rsync_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rsync_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rsync_server_packets',`
++ corenet_dontaudit_send_rsync_server_packets($1)
++ corenet_dontaudit_receive_rsync_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rsync_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rsync_server_packets',`
++ gen_require(`
++ type rsync_server_packet_t;
++ ')
++
++ allow $1 rsync_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the rwho port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ allow $1 rwho_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the rwho port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ allow $1 rwho_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the rwho port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ dontaudit $1 rwho_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the rwho port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ allow $1 rwho_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the rwho port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ dontaudit $1 rwho_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the rwho port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_rwho_port',`
++ corenet_udp_send_rwho_port($1)
++ corenet_udp_receive_rwho_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the rwho port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_rwho_port',`
++ corenet_dontaudit_udp_send_rwho_port($1)
++ corenet_dontaudit_udp_receive_rwho_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the rwho port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ allow $1 rwho_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the rwho port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ allow $1 rwho_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the rwho port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_rwho_port',`
++ gen_require(`
++ type rwho_port_t;
++ ')
++
++ allow $1 rwho_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send rwho_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rwho_client_packets',`
++ gen_require(`
++ type rwho_client_packet_t;
++ ')
++
++ allow $1 rwho_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rwho_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rwho_client_packets',`
++ gen_require(`
++ type rwho_client_packet_t;
++ ')
++
++ dontaudit $1 rwho_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rwho_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rwho_client_packets',`
++ gen_require(`
++ type rwho_client_packet_t;
++ ')
++
++ allow $1 rwho_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rwho_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rwho_client_packets',`
++ gen_require(`
++ type rwho_client_packet_t;
++ ')
++
++ dontaudit $1 rwho_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rwho_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rwho_client_packets',`
++ corenet_send_rwho_client_packets($1)
++ corenet_receive_rwho_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rwho_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rwho_client_packets',`
++ corenet_dontaudit_send_rwho_client_packets($1)
++ corenet_dontaudit_receive_rwho_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rwho_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rwho_client_packets',`
++ gen_require(`
++ type rwho_client_packet_t;
++ ')
++
++ allow $1 rwho_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send rwho_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_rwho_server_packets',`
++ gen_require(`
++ type rwho_server_packet_t;
++ ')
++
++ allow $1 rwho_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send rwho_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_rwho_server_packets',`
++ gen_require(`
++ type rwho_server_packet_t;
++ ')
++
++ dontaudit $1 rwho_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive rwho_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_rwho_server_packets',`
++ gen_require(`
++ type rwho_server_packet_t;
++ ')
++
++ allow $1 rwho_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive rwho_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_rwho_server_packets',`
++ gen_require(`
++ type rwho_server_packet_t;
++ ')
++
++ dontaudit $1 rwho_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive rwho_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_rwho_server_packets',`
++ corenet_send_rwho_server_packets($1)
++ corenet_receive_rwho_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive rwho_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_rwho_server_packets',`
++ corenet_dontaudit_send_rwho_server_packets($1)
++ corenet_dontaudit_receive_rwho_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to rwho_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_rwho_server_packets',`
++ gen_require(`
++ type rwho_server_packet_t;
++ ')
++
++ allow $1 rwho_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the smbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ allow $1 smbd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the smbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ allow $1 smbd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the smbd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ dontaudit $1 smbd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the smbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ allow $1 smbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the smbd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ dontaudit $1 smbd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the smbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_smbd_port',`
++ corenet_udp_send_smbd_port($1)
++ corenet_udp_receive_smbd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the smbd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_smbd_port',`
++ corenet_dontaudit_udp_send_smbd_port($1)
++ corenet_dontaudit_udp_receive_smbd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the smbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ allow $1 smbd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the smbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ allow $1 smbd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the smbd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_smbd_port',`
++ gen_require(`
++ type smbd_port_t;
++ ')
++
++ allow $1 smbd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send smbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_smbd_client_packets',`
++ gen_require(`
++ type smbd_client_packet_t;
++ ')
++
++ allow $1 smbd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send smbd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_smbd_client_packets',`
++ gen_require(`
++ type smbd_client_packet_t;
++ ')
++
++ dontaudit $1 smbd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive smbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_smbd_client_packets',`
++ gen_require(`
++ type smbd_client_packet_t;
++ ')
++
++ allow $1 smbd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive smbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_smbd_client_packets',`
++ gen_require(`
++ type smbd_client_packet_t;
++ ')
++
++ dontaudit $1 smbd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive smbd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_smbd_client_packets',`
++ corenet_send_smbd_client_packets($1)
++ corenet_receive_smbd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive smbd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_smbd_client_packets',`
++ corenet_dontaudit_send_smbd_client_packets($1)
++ corenet_dontaudit_receive_smbd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to smbd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_smbd_client_packets',`
++ gen_require(`
++ type smbd_client_packet_t;
++ ')
++
++ allow $1 smbd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send smbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_smbd_server_packets',`
++ gen_require(`
++ type smbd_server_packet_t;
++ ')
++
++ allow $1 smbd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send smbd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_smbd_server_packets',`
++ gen_require(`
++ type smbd_server_packet_t;
++ ')
++
++ dontaudit $1 smbd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive smbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_smbd_server_packets',`
++ gen_require(`
++ type smbd_server_packet_t;
++ ')
++
++ allow $1 smbd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive smbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_smbd_server_packets',`
++ gen_require(`
++ type smbd_server_packet_t;
++ ')
++
++ dontaudit $1 smbd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive smbd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_smbd_server_packets',`
++ corenet_send_smbd_server_packets($1)
++ corenet_receive_smbd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive smbd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_smbd_server_packets',`
++ corenet_dontaudit_send_smbd_server_packets($1)
++ corenet_dontaudit_receive_smbd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to smbd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_smbd_server_packets',`
++ gen_require(`
++ type smbd_server_packet_t;
++ ')
++
++ allow $1 smbd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the smtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ allow $1 smtp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the smtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ allow $1 smtp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the smtp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ dontaudit $1 smtp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the smtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ allow $1 smtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the smtp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ dontaudit $1 smtp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the smtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_smtp_port',`
++ corenet_udp_send_smtp_port($1)
++ corenet_udp_receive_smtp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the smtp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_smtp_port',`
++ corenet_dontaudit_udp_send_smtp_port($1)
++ corenet_dontaudit_udp_receive_smtp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the smtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ allow $1 smtp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the smtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ allow $1 smtp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the smtp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_smtp_port',`
++ gen_require(`
++ type smtp_port_t;
++ ')
++
++ allow $1 smtp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send smtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_smtp_client_packets',`
++ gen_require(`
++ type smtp_client_packet_t;
++ ')
++
++ allow $1 smtp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send smtp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_smtp_client_packets',`
++ gen_require(`
++ type smtp_client_packet_t;
++ ')
++
++ dontaudit $1 smtp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive smtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_smtp_client_packets',`
++ gen_require(`
++ type smtp_client_packet_t;
++ ')
++
++ allow $1 smtp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive smtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_smtp_client_packets',`
++ gen_require(`
++ type smtp_client_packet_t;
++ ')
++
++ dontaudit $1 smtp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive smtp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_smtp_client_packets',`
++ corenet_send_smtp_client_packets($1)
++ corenet_receive_smtp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive smtp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_smtp_client_packets',`
++ corenet_dontaudit_send_smtp_client_packets($1)
++ corenet_dontaudit_receive_smtp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to smtp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_smtp_client_packets',`
++ gen_require(`
++ type smtp_client_packet_t;
++ ')
++
++ allow $1 smtp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send smtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_smtp_server_packets',`
++ gen_require(`
++ type smtp_server_packet_t;
++ ')
++
++ allow $1 smtp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send smtp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_smtp_server_packets',`
++ gen_require(`
++ type smtp_server_packet_t;
++ ')
++
++ dontaudit $1 smtp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive smtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_smtp_server_packets',`
++ gen_require(`
++ type smtp_server_packet_t;
++ ')
++
++ allow $1 smtp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive smtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_smtp_server_packets',`
++ gen_require(`
++ type smtp_server_packet_t;
++ ')
++
++ dontaudit $1 smtp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive smtp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_smtp_server_packets',`
++ corenet_send_smtp_server_packets($1)
++ corenet_receive_smtp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive smtp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_smtp_server_packets',`
++ corenet_dontaudit_send_smtp_server_packets($1)
++ corenet_dontaudit_receive_smtp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to smtp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_smtp_server_packets',`
++ gen_require(`
++ type smtp_server_packet_t;
++ ')
++
++ allow $1 smtp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the snmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ allow $1 snmp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the snmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ allow $1 snmp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the snmp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ dontaudit $1 snmp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the snmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ allow $1 snmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the snmp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ dontaudit $1 snmp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the snmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_snmp_port',`
++ corenet_udp_send_snmp_port($1)
++ corenet_udp_receive_snmp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the snmp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_snmp_port',`
++ corenet_dontaudit_udp_send_snmp_port($1)
++ corenet_dontaudit_udp_receive_snmp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the snmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ allow $1 snmp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the snmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ allow $1 snmp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the snmp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_snmp_port',`
++ gen_require(`
++ type snmp_port_t;
++ ')
++
++ allow $1 snmp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send snmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_snmp_client_packets',`
++ gen_require(`
++ type snmp_client_packet_t;
++ ')
++
++ allow $1 snmp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send snmp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_snmp_client_packets',`
++ gen_require(`
++ type snmp_client_packet_t;
++ ')
++
++ dontaudit $1 snmp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive snmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_snmp_client_packets',`
++ gen_require(`
++ type snmp_client_packet_t;
++ ')
++
++ allow $1 snmp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive snmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_snmp_client_packets',`
++ gen_require(`
++ type snmp_client_packet_t;
++ ')
++
++ dontaudit $1 snmp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive snmp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_snmp_client_packets',`
++ corenet_send_snmp_client_packets($1)
++ corenet_receive_snmp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive snmp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_snmp_client_packets',`
++ corenet_dontaudit_send_snmp_client_packets($1)
++ corenet_dontaudit_receive_snmp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to snmp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_snmp_client_packets',`
++ gen_require(`
++ type snmp_client_packet_t;
++ ')
++
++ allow $1 snmp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send snmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_snmp_server_packets',`
++ gen_require(`
++ type snmp_server_packet_t;
++ ')
++
++ allow $1 snmp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send snmp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_snmp_server_packets',`
++ gen_require(`
++ type snmp_server_packet_t;
++ ')
++
++ dontaudit $1 snmp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive snmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_snmp_server_packets',`
++ gen_require(`
++ type snmp_server_packet_t;
++ ')
++
++ allow $1 snmp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive snmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_snmp_server_packets',`
++ gen_require(`
++ type snmp_server_packet_t;
++ ')
++
++ dontaudit $1 snmp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive snmp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_snmp_server_packets',`
++ corenet_send_snmp_server_packets($1)
++ corenet_receive_snmp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive snmp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_snmp_server_packets',`
++ corenet_dontaudit_send_snmp_server_packets($1)
++ corenet_dontaudit_receive_snmp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to snmp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_snmp_server_packets',`
++ gen_require(`
++ type snmp_server_packet_t;
++ ')
++
++ allow $1 snmp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the spamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ allow $1 spamd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the spamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ allow $1 spamd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the spamd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ dontaudit $1 spamd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the spamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ allow $1 spamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the spamd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ dontaudit $1 spamd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the spamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_spamd_port',`
++ corenet_udp_send_spamd_port($1)
++ corenet_udp_receive_spamd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the spamd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_spamd_port',`
++ corenet_dontaudit_udp_send_spamd_port($1)
++ corenet_dontaudit_udp_receive_spamd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the spamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ allow $1 spamd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the spamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ allow $1 spamd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the spamd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_spamd_port',`
++ gen_require(`
++ type spamd_port_t;
++ ')
++
++ allow $1 spamd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send spamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_spamd_client_packets',`
++ gen_require(`
++ type spamd_client_packet_t;
++ ')
++
++ allow $1 spamd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send spamd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_spamd_client_packets',`
++ gen_require(`
++ type spamd_client_packet_t;
++ ')
++
++ dontaudit $1 spamd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive spamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_spamd_client_packets',`
++ gen_require(`
++ type spamd_client_packet_t;
++ ')
++
++ allow $1 spamd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive spamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_spamd_client_packets',`
++ gen_require(`
++ type spamd_client_packet_t;
++ ')
++
++ dontaudit $1 spamd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive spamd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_spamd_client_packets',`
++ corenet_send_spamd_client_packets($1)
++ corenet_receive_spamd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive spamd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_spamd_client_packets',`
++ corenet_dontaudit_send_spamd_client_packets($1)
++ corenet_dontaudit_receive_spamd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to spamd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_spamd_client_packets',`
++ gen_require(`
++ type spamd_client_packet_t;
++ ')
++
++ allow $1 spamd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send spamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_spamd_server_packets',`
++ gen_require(`
++ type spamd_server_packet_t;
++ ')
++
++ allow $1 spamd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send spamd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_spamd_server_packets',`
++ gen_require(`
++ type spamd_server_packet_t;
++ ')
++
++ dontaudit $1 spamd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive spamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_spamd_server_packets',`
++ gen_require(`
++ type spamd_server_packet_t;
++ ')
++
++ allow $1 spamd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive spamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_spamd_server_packets',`
++ gen_require(`
++ type spamd_server_packet_t;
++ ')
++
++ dontaudit $1 spamd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive spamd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_spamd_server_packets',`
++ corenet_send_spamd_server_packets($1)
++ corenet_receive_spamd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive spamd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_spamd_server_packets',`
++ corenet_dontaudit_send_spamd_server_packets($1)
++ corenet_dontaudit_receive_spamd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to spamd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_spamd_server_packets',`
++ gen_require(`
++ type spamd_server_packet_t;
++ ')
++
++ allow $1 spamd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the ssh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ allow $1 ssh_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the ssh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ allow $1 ssh_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the ssh port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ dontaudit $1 ssh_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the ssh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ allow $1 ssh_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the ssh port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ dontaudit $1 ssh_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the ssh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_ssh_port',`
++ corenet_udp_send_ssh_port($1)
++ corenet_udp_receive_ssh_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the ssh port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_ssh_port',`
++ corenet_dontaudit_udp_send_ssh_port($1)
++ corenet_dontaudit_udp_receive_ssh_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the ssh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ allow $1 ssh_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the ssh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ allow $1 ssh_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the ssh port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_ssh_port',`
++ gen_require(`
++ type ssh_port_t;
++ ')
++
++ allow $1 ssh_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send ssh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ssh_client_packets',`
++ gen_require(`
++ type ssh_client_packet_t;
++ ')
++
++ allow $1 ssh_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ssh_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ssh_client_packets',`
++ gen_require(`
++ type ssh_client_packet_t;
++ ')
++
++ dontaudit $1 ssh_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ssh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ssh_client_packets',`
++ gen_require(`
++ type ssh_client_packet_t;
++ ')
++
++ allow $1 ssh_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ssh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ssh_client_packets',`
++ gen_require(`
++ type ssh_client_packet_t;
++ ')
++
++ dontaudit $1 ssh_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ssh_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ssh_client_packets',`
++ corenet_send_ssh_client_packets($1)
++ corenet_receive_ssh_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ssh_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ssh_client_packets',`
++ corenet_dontaudit_send_ssh_client_packets($1)
++ corenet_dontaudit_receive_ssh_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ssh_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ssh_client_packets',`
++ gen_require(`
++ type ssh_client_packet_t;
++ ')
++
++ allow $1 ssh_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send ssh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_ssh_server_packets',`
++ gen_require(`
++ type ssh_server_packet_t;
++ ')
++
++ allow $1 ssh_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send ssh_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_ssh_server_packets',`
++ gen_require(`
++ type ssh_server_packet_t;
++ ')
++
++ dontaudit $1 ssh_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive ssh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_ssh_server_packets',`
++ gen_require(`
++ type ssh_server_packet_t;
++ ')
++
++ allow $1 ssh_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive ssh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_ssh_server_packets',`
++ gen_require(`
++ type ssh_server_packet_t;
++ ')
++
++ dontaudit $1 ssh_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive ssh_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_ssh_server_packets',`
++ corenet_send_ssh_server_packets($1)
++ corenet_receive_ssh_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive ssh_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_ssh_server_packets',`
++ corenet_dontaudit_send_ssh_server_packets($1)
++ corenet_dontaudit_receive_ssh_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to ssh_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_ssh_server_packets',`
++ gen_require(`
++ type ssh_server_packet_t;
++ ')
++
++ allow $1 ssh_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the soundd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ allow $1 soundd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the soundd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ allow $1 soundd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the soundd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ dontaudit $1 soundd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the soundd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ allow $1 soundd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the soundd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ dontaudit $1 soundd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the soundd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_soundd_port',`
++ corenet_udp_send_soundd_port($1)
++ corenet_udp_receive_soundd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the soundd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_soundd_port',`
++ corenet_dontaudit_udp_send_soundd_port($1)
++ corenet_dontaudit_udp_receive_soundd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the soundd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ allow $1 soundd_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the soundd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ allow $1 soundd_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the soundd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_soundd_port',`
++ gen_require(`
++ type soundd_port_t;
++ ')
++
++ allow $1 soundd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send soundd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_soundd_client_packets',`
++ gen_require(`
++ type soundd_client_packet_t;
++ ')
++
++ allow $1 soundd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send soundd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_soundd_client_packets',`
++ gen_require(`
++ type soundd_client_packet_t;
++ ')
++
++ dontaudit $1 soundd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive soundd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_soundd_client_packets',`
++ gen_require(`
++ type soundd_client_packet_t;
++ ')
++
++ allow $1 soundd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive soundd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_soundd_client_packets',`
++ gen_require(`
++ type soundd_client_packet_t;
++ ')
++
++ dontaudit $1 soundd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive soundd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_soundd_client_packets',`
++ corenet_send_soundd_client_packets($1)
++ corenet_receive_soundd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive soundd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_soundd_client_packets',`
++ corenet_dontaudit_send_soundd_client_packets($1)
++ corenet_dontaudit_receive_soundd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to soundd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_soundd_client_packets',`
++ gen_require(`
++ type soundd_client_packet_t;
++ ')
++
++ allow $1 soundd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send soundd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_soundd_server_packets',`
++ gen_require(`
++ type soundd_server_packet_t;
++ ')
++
++ allow $1 soundd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send soundd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_soundd_server_packets',`
++ gen_require(`
++ type soundd_server_packet_t;
++ ')
++
++ dontaudit $1 soundd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive soundd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_soundd_server_packets',`
++ gen_require(`
++ type soundd_server_packet_t;
++ ')
++
++ allow $1 soundd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive soundd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_soundd_server_packets',`
++ gen_require(`
++ type soundd_server_packet_t;
++ ')
++
++ dontaudit $1 soundd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive soundd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_soundd_server_packets',`
++ corenet_send_soundd_server_packets($1)
++ corenet_receive_soundd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive soundd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_soundd_server_packets',`
++ corenet_dontaudit_send_soundd_server_packets($1)
++ corenet_dontaudit_receive_soundd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to soundd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_soundd_server_packets',`
++ gen_require(`
++ type soundd_server_packet_t;
++ ')
++
++ allow $1 soundd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the squid port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ allow $1 squid_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the squid port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ allow $1 squid_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the squid port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ dontaudit $1 squid_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the squid port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ allow $1 squid_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the squid port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ dontaudit $1 squid_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the squid port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_squid_port',`
++ corenet_udp_send_squid_port($1)
++ corenet_udp_receive_squid_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the squid port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_squid_port',`
++ corenet_dontaudit_udp_send_squid_port($1)
++ corenet_dontaudit_udp_receive_squid_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the squid port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ allow $1 squid_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the squid port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ allow $1 squid_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the squid port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_squid_port',`
++ gen_require(`
++ type squid_port_t;
++ ')
++
++ allow $1 squid_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send squid_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_squid_client_packets',`
++ gen_require(`
++ type squid_client_packet_t;
++ ')
++
++ allow $1 squid_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send squid_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_squid_client_packets',`
++ gen_require(`
++ type squid_client_packet_t;
++ ')
++
++ dontaudit $1 squid_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive squid_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_squid_client_packets',`
++ gen_require(`
++ type squid_client_packet_t;
++ ')
++
++ allow $1 squid_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive squid_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_squid_client_packets',`
++ gen_require(`
++ type squid_client_packet_t;
++ ')
++
++ dontaudit $1 squid_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive squid_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_squid_client_packets',`
++ corenet_send_squid_client_packets($1)
++ corenet_receive_squid_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive squid_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_squid_client_packets',`
++ corenet_dontaudit_send_squid_client_packets($1)
++ corenet_dontaudit_receive_squid_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to squid_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_squid_client_packets',`
++ gen_require(`
++ type squid_client_packet_t;
++ ')
++
++ allow $1 squid_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send squid_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_squid_server_packets',`
++ gen_require(`
++ type squid_server_packet_t;
++ ')
++
++ allow $1 squid_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send squid_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_squid_server_packets',`
++ gen_require(`
++ type squid_server_packet_t;
++ ')
++
++ dontaudit $1 squid_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive squid_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_squid_server_packets',`
++ gen_require(`
++ type squid_server_packet_t;
++ ')
++
++ allow $1 squid_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive squid_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_squid_server_packets',`
++ gen_require(`
++ type squid_server_packet_t;
++ ')
++
++ dontaudit $1 squid_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive squid_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_squid_server_packets',`
++ corenet_send_squid_server_packets($1)
++ corenet_receive_squid_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive squid_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_squid_server_packets',`
++ corenet_dontaudit_send_squid_server_packets($1)
++ corenet_dontaudit_receive_squid_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to squid_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_squid_server_packets',`
++ gen_require(`
++ type squid_server_packet_t;
++ ')
++
++ allow $1 squid_server_packet_t:packet relabelto;
++')
++
++ # snmp and htcp
++
++
++########################################
++##
++## Send and receive TCP traffic on the swat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ allow $1 swat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the swat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ allow $1 swat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the swat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ dontaudit $1 swat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the swat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ allow $1 swat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the swat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ dontaudit $1 swat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the swat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_swat_port',`
++ corenet_udp_send_swat_port($1)
++ corenet_udp_receive_swat_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the swat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_swat_port',`
++ corenet_dontaudit_udp_send_swat_port($1)
++ corenet_dontaudit_udp_receive_swat_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the swat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ allow $1 swat_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the swat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ allow $1 swat_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the swat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_swat_port',`
++ gen_require(`
++ type swat_port_t;
++ ')
++
++ allow $1 swat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send swat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_swat_client_packets',`
++ gen_require(`
++ type swat_client_packet_t;
++ ')
++
++ allow $1 swat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send swat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_swat_client_packets',`
++ gen_require(`
++ type swat_client_packet_t;
++ ')
++
++ dontaudit $1 swat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive swat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_swat_client_packets',`
++ gen_require(`
++ type swat_client_packet_t;
++ ')
++
++ allow $1 swat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive swat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_swat_client_packets',`
++ gen_require(`
++ type swat_client_packet_t;
++ ')
++
++ dontaudit $1 swat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive swat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_swat_client_packets',`
++ corenet_send_swat_client_packets($1)
++ corenet_receive_swat_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive swat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_swat_client_packets',`
++ corenet_dontaudit_send_swat_client_packets($1)
++ corenet_dontaudit_receive_swat_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to swat_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_swat_client_packets',`
++ gen_require(`
++ type swat_client_packet_t;
++ ')
++
++ allow $1 swat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send swat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_swat_server_packets',`
++ gen_require(`
++ type swat_server_packet_t;
++ ')
++
++ allow $1 swat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send swat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_swat_server_packets',`
++ gen_require(`
++ type swat_server_packet_t;
++ ')
++
++ dontaudit $1 swat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive swat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_swat_server_packets',`
++ gen_require(`
++ type swat_server_packet_t;
++ ')
++
++ allow $1 swat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive swat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_swat_server_packets',`
++ gen_require(`
++ type swat_server_packet_t;
++ ')
++
++ dontaudit $1 swat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive swat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_swat_server_packets',`
++ corenet_send_swat_server_packets($1)
++ corenet_receive_swat_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive swat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_swat_server_packets',`
++ corenet_dontaudit_send_swat_server_packets($1)
++ corenet_dontaudit_receive_swat_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to swat_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_swat_server_packets',`
++ gen_require(`
++ type swat_server_packet_t;
++ ')
++
++ allow $1 swat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the syslogd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ allow $1 syslogd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the syslogd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ allow $1 syslogd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the syslogd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ dontaudit $1 syslogd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the syslogd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ allow $1 syslogd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the syslogd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ dontaudit $1 syslogd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the syslogd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_syslogd_port',`
++ corenet_udp_send_syslogd_port($1)
++ corenet_udp_receive_syslogd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the syslogd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_syslogd_port',`
++ corenet_dontaudit_udp_send_syslogd_port($1)
++ corenet_dontaudit_udp_receive_syslogd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the syslogd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ allow $1 syslogd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the syslogd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ allow $1 syslogd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the syslogd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_syslogd_port',`
++ gen_require(`
++ type syslogd_port_t;
++ ')
++
++ allow $1 syslogd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send syslogd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_syslogd_client_packets',`
++ gen_require(`
++ type syslogd_client_packet_t;
++ ')
++
++ allow $1 syslogd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send syslogd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_syslogd_client_packets',`
++ gen_require(`
++ type syslogd_client_packet_t;
++ ')
++
++ dontaudit $1 syslogd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive syslogd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_syslogd_client_packets',`
++ gen_require(`
++ type syslogd_client_packet_t;
++ ')
++
++ allow $1 syslogd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive syslogd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_syslogd_client_packets',`
++ gen_require(`
++ type syslogd_client_packet_t;
++ ')
++
++ dontaudit $1 syslogd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive syslogd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_syslogd_client_packets',`
++ corenet_send_syslogd_client_packets($1)
++ corenet_receive_syslogd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive syslogd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_syslogd_client_packets',`
++ corenet_dontaudit_send_syslogd_client_packets($1)
++ corenet_dontaudit_receive_syslogd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to syslogd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_syslogd_client_packets',`
++ gen_require(`
++ type syslogd_client_packet_t;
++ ')
++
++ allow $1 syslogd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send syslogd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_syslogd_server_packets',`
++ gen_require(`
++ type syslogd_server_packet_t;
++ ')
++
++ allow $1 syslogd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send syslogd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_syslogd_server_packets',`
++ gen_require(`
++ type syslogd_server_packet_t;
++ ')
++
++ dontaudit $1 syslogd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive syslogd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_syslogd_server_packets',`
++ gen_require(`
++ type syslogd_server_packet_t;
++ ')
++
++ allow $1 syslogd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive syslogd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_syslogd_server_packets',`
++ gen_require(`
++ type syslogd_server_packet_t;
++ ')
++
++ dontaudit $1 syslogd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive syslogd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_syslogd_server_packets',`
++ corenet_send_syslogd_server_packets($1)
++ corenet_receive_syslogd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive syslogd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_syslogd_server_packets',`
++ corenet_dontaudit_send_syslogd_server_packets($1)
++ corenet_dontaudit_receive_syslogd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to syslogd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_syslogd_server_packets',`
++ gen_require(`
++ type syslogd_server_packet_t;
++ ')
++
++ allow $1 syslogd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the telnetd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ allow $1 telnetd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the telnetd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ allow $1 telnetd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the telnetd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ dontaudit $1 telnetd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the telnetd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ allow $1 telnetd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the telnetd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ dontaudit $1 telnetd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the telnetd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_telnetd_port',`
++ corenet_udp_send_telnetd_port($1)
++ corenet_udp_receive_telnetd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the telnetd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_telnetd_port',`
++ corenet_dontaudit_udp_send_telnetd_port($1)
++ corenet_dontaudit_udp_receive_telnetd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the telnetd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ allow $1 telnetd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the telnetd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ allow $1 telnetd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the telnetd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_telnetd_port',`
++ gen_require(`
++ type telnetd_port_t;
++ ')
++
++ allow $1 telnetd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send telnetd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_telnetd_client_packets',`
++ gen_require(`
++ type telnetd_client_packet_t;
++ ')
++
++ allow $1 telnetd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send telnetd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_telnetd_client_packets',`
++ gen_require(`
++ type telnetd_client_packet_t;
++ ')
++
++ dontaudit $1 telnetd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive telnetd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_telnetd_client_packets',`
++ gen_require(`
++ type telnetd_client_packet_t;
++ ')
++
++ allow $1 telnetd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive telnetd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_telnetd_client_packets',`
++ gen_require(`
++ type telnetd_client_packet_t;
++ ')
++
++ dontaudit $1 telnetd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive telnetd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_telnetd_client_packets',`
++ corenet_send_telnetd_client_packets($1)
++ corenet_receive_telnetd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive telnetd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_telnetd_client_packets',`
++ corenet_dontaudit_send_telnetd_client_packets($1)
++ corenet_dontaudit_receive_telnetd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to telnetd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_telnetd_client_packets',`
++ gen_require(`
++ type telnetd_client_packet_t;
++ ')
++
++ allow $1 telnetd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send telnetd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_telnetd_server_packets',`
++ gen_require(`
++ type telnetd_server_packet_t;
++ ')
++
++ allow $1 telnetd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send telnetd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_telnetd_server_packets',`
++ gen_require(`
++ type telnetd_server_packet_t;
++ ')
++
++ dontaudit $1 telnetd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive telnetd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_telnetd_server_packets',`
++ gen_require(`
++ type telnetd_server_packet_t;
++ ')
++
++ allow $1 telnetd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive telnetd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_telnetd_server_packets',`
++ gen_require(`
++ type telnetd_server_packet_t;
++ ')
++
++ dontaudit $1 telnetd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive telnetd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_telnetd_server_packets',`
++ corenet_send_telnetd_server_packets($1)
++ corenet_receive_telnetd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive telnetd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_telnetd_server_packets',`
++ corenet_dontaudit_send_telnetd_server_packets($1)
++ corenet_dontaudit_receive_telnetd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to telnetd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_telnetd_server_packets',`
++ gen_require(`
++ type telnetd_server_packet_t;
++ ')
++
++ allow $1 telnetd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the tftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ allow $1 tftp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the tftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ allow $1 tftp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the tftp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ dontaudit $1 tftp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the tftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ allow $1 tftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the tftp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ dontaudit $1 tftp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the tftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_tftp_port',`
++ corenet_udp_send_tftp_port($1)
++ corenet_udp_receive_tftp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the tftp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_tftp_port',`
++ corenet_dontaudit_udp_send_tftp_port($1)
++ corenet_dontaudit_udp_receive_tftp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the tftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ allow $1 tftp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the tftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ allow $1 tftp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the tftp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_tftp_port',`
++ gen_require(`
++ type tftp_port_t;
++ ')
++
++ allow $1 tftp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send tftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_tftp_client_packets',`
++ gen_require(`
++ type tftp_client_packet_t;
++ ')
++
++ allow $1 tftp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send tftp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_tftp_client_packets',`
++ gen_require(`
++ type tftp_client_packet_t;
++ ')
++
++ dontaudit $1 tftp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive tftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_tftp_client_packets',`
++ gen_require(`
++ type tftp_client_packet_t;
++ ')
++
++ allow $1 tftp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive tftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_tftp_client_packets',`
++ gen_require(`
++ type tftp_client_packet_t;
++ ')
++
++ dontaudit $1 tftp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive tftp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_tftp_client_packets',`
++ corenet_send_tftp_client_packets($1)
++ corenet_receive_tftp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive tftp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_tftp_client_packets',`
++ corenet_dontaudit_send_tftp_client_packets($1)
++ corenet_dontaudit_receive_tftp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to tftp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_tftp_client_packets',`
++ gen_require(`
++ type tftp_client_packet_t;
++ ')
++
++ allow $1 tftp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send tftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_tftp_server_packets',`
++ gen_require(`
++ type tftp_server_packet_t;
++ ')
++
++ allow $1 tftp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send tftp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_tftp_server_packets',`
++ gen_require(`
++ type tftp_server_packet_t;
++ ')
++
++ dontaudit $1 tftp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive tftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_tftp_server_packets',`
++ gen_require(`
++ type tftp_server_packet_t;
++ ')
++
++ allow $1 tftp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive tftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_tftp_server_packets',`
++ gen_require(`
++ type tftp_server_packet_t;
++ ')
++
++ dontaudit $1 tftp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive tftp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_tftp_server_packets',`
++ corenet_send_tftp_server_packets($1)
++ corenet_receive_tftp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive tftp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_tftp_server_packets',`
++ corenet_dontaudit_send_tftp_server_packets($1)
++ corenet_dontaudit_receive_tftp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to tftp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_tftp_server_packets',`
++ gen_require(`
++ type tftp_server_packet_t;
++ ')
++
++ allow $1 tftp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the tomcat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ allow $1 tomcat_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the tomcat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ allow $1 tomcat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the tomcat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ dontaudit $1 tomcat_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the tomcat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ allow $1 tomcat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the tomcat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ dontaudit $1 tomcat_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the tomcat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_tomcat_port',`
++ corenet_udp_send_tomcat_port($1)
++ corenet_udp_receive_tomcat_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the tomcat port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_tomcat_port',`
++ corenet_dontaudit_udp_send_tomcat_port($1)
++ corenet_dontaudit_udp_receive_tomcat_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the tomcat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ allow $1 tomcat_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the tomcat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ allow $1 tomcat_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the tomcat port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_tomcat_port',`
++ gen_require(`
++ type tomcat_port_t;
++ ')
++
++ allow $1 tomcat_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send tomcat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_tomcat_client_packets',`
++ gen_require(`
++ type tomcat_client_packet_t;
++ ')
++
++ allow $1 tomcat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send tomcat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_tomcat_client_packets',`
++ gen_require(`
++ type tomcat_client_packet_t;
++ ')
++
++ dontaudit $1 tomcat_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive tomcat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_tomcat_client_packets',`
++ gen_require(`
++ type tomcat_client_packet_t;
++ ')
++
++ allow $1 tomcat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive tomcat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_tomcat_client_packets',`
++ gen_require(`
++ type tomcat_client_packet_t;
++ ')
++
++ dontaudit $1 tomcat_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive tomcat_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_tomcat_client_packets',`
++ corenet_send_tomcat_client_packets($1)
++ corenet_receive_tomcat_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive tomcat_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_tomcat_client_packets',`
++ corenet_dontaudit_send_tomcat_client_packets($1)
++ corenet_dontaudit_receive_tomcat_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to tomcat_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_tomcat_client_packets',`
++ gen_require(`
++ type tomcat_client_packet_t;
++ ')
++
++ allow $1 tomcat_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send tomcat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_tomcat_server_packets',`
++ gen_require(`
++ type tomcat_server_packet_t;
++ ')
++
++ allow $1 tomcat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send tomcat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_tomcat_server_packets',`
++ gen_require(`
++ type tomcat_server_packet_t;
++ ')
++
++ dontaudit $1 tomcat_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive tomcat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_tomcat_server_packets',`
++ gen_require(`
++ type tomcat_server_packet_t;
++ ')
++
++ allow $1 tomcat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive tomcat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_tomcat_server_packets',`
++ gen_require(`
++ type tomcat_server_packet_t;
++ ')
++
++ dontaudit $1 tomcat_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive tomcat_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_tomcat_server_packets',`
++ corenet_send_tomcat_server_packets($1)
++ corenet_receive_tomcat_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive tomcat_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_tomcat_server_packets',`
++ corenet_dontaudit_send_tomcat_server_packets($1)
++ corenet_dontaudit_receive_tomcat_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to tomcat_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_tomcat_server_packets',`
++ gen_require(`
++ type tomcat_server_packet_t;
++ ')
++
++ allow $1 tomcat_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the tor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ allow $1 tor_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the tor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ allow $1 tor_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the tor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ dontaudit $1 tor_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the tor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ allow $1 tor_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the tor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ dontaudit $1 tor_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the tor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_tor_port',`
++ corenet_udp_send_tor_port($1)
++ corenet_udp_receive_tor_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the tor port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_tor_port',`
++ corenet_dontaudit_udp_send_tor_port($1)
++ corenet_dontaudit_udp_receive_tor_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the tor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ allow $1 tor_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the tor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ allow $1 tor_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the tor port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_tor_port',`
++ gen_require(`
++ type tor_port_t;
++ ')
++
++ allow $1 tor_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send tor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_tor_client_packets',`
++ gen_require(`
++ type tor_client_packet_t;
++ ')
++
++ allow $1 tor_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send tor_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_tor_client_packets',`
++ gen_require(`
++ type tor_client_packet_t;
++ ')
++
++ dontaudit $1 tor_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive tor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_tor_client_packets',`
++ gen_require(`
++ type tor_client_packet_t;
++ ')
++
++ allow $1 tor_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive tor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_tor_client_packets',`
++ gen_require(`
++ type tor_client_packet_t;
++ ')
++
++ dontaudit $1 tor_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive tor_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_tor_client_packets',`
++ corenet_send_tor_client_packets($1)
++ corenet_receive_tor_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive tor_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_tor_client_packets',`
++ corenet_dontaudit_send_tor_client_packets($1)
++ corenet_dontaudit_receive_tor_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to tor_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_tor_client_packets',`
++ gen_require(`
++ type tor_client_packet_t;
++ ')
++
++ allow $1 tor_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send tor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_tor_server_packets',`
++ gen_require(`
++ type tor_server_packet_t;
++ ')
++
++ allow $1 tor_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send tor_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_tor_server_packets',`
++ gen_require(`
++ type tor_server_packet_t;
++ ')
++
++ dontaudit $1 tor_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive tor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_tor_server_packets',`
++ gen_require(`
++ type tor_server_packet_t;
++ ')
++
++ allow $1 tor_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive tor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_tor_server_packets',`
++ gen_require(`
++ type tor_server_packet_t;
++ ')
++
++ dontaudit $1 tor_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive tor_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_tor_server_packets',`
++ corenet_send_tor_server_packets($1)
++ corenet_receive_tor_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive tor_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_tor_server_packets',`
++ corenet_dontaudit_send_tor_server_packets($1)
++ corenet_dontaudit_receive_tor_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to tor_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_tor_server_packets',`
++ gen_require(`
++ type tor_server_packet_t;
++ ')
++
++ allow $1 tor_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the traceroute port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ allow $1 traceroute_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the traceroute port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ allow $1 traceroute_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the traceroute port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ dontaudit $1 traceroute_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the traceroute port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ allow $1 traceroute_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the traceroute port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ dontaudit $1 traceroute_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the traceroute port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_traceroute_port',`
++ corenet_udp_send_traceroute_port($1)
++ corenet_udp_receive_traceroute_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the traceroute port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_traceroute_port',`
++ corenet_dontaudit_udp_send_traceroute_port($1)
++ corenet_dontaudit_udp_receive_traceroute_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the traceroute port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ allow $1 traceroute_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the traceroute port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ allow $1 traceroute_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the traceroute port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_traceroute_port',`
++ gen_require(`
++ type traceroute_port_t;
++ ')
++
++ allow $1 traceroute_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send traceroute_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_traceroute_client_packets',`
++ gen_require(`
++ type traceroute_client_packet_t;
++ ')
++
++ allow $1 traceroute_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send traceroute_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_traceroute_client_packets',`
++ gen_require(`
++ type traceroute_client_packet_t;
++ ')
++
++ dontaudit $1 traceroute_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive traceroute_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_traceroute_client_packets',`
++ gen_require(`
++ type traceroute_client_packet_t;
++ ')
++
++ allow $1 traceroute_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive traceroute_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_traceroute_client_packets',`
++ gen_require(`
++ type traceroute_client_packet_t;
++ ')
++
++ dontaudit $1 traceroute_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive traceroute_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_traceroute_client_packets',`
++ corenet_send_traceroute_client_packets($1)
++ corenet_receive_traceroute_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive traceroute_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_traceroute_client_packets',`
++ corenet_dontaudit_send_traceroute_client_packets($1)
++ corenet_dontaudit_receive_traceroute_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to traceroute_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_traceroute_client_packets',`
++ gen_require(`
++ type traceroute_client_packet_t;
++ ')
++
++ allow $1 traceroute_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send traceroute_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_traceroute_server_packets',`
++ gen_require(`
++ type traceroute_server_packet_t;
++ ')
++
++ allow $1 traceroute_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send traceroute_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_traceroute_server_packets',`
++ gen_require(`
++ type traceroute_server_packet_t;
++ ')
++
++ dontaudit $1 traceroute_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive traceroute_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_traceroute_server_packets',`
++ gen_require(`
++ type traceroute_server_packet_t;
++ ')
++
++ allow $1 traceroute_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive traceroute_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_traceroute_server_packets',`
++ gen_require(`
++ type traceroute_server_packet_t;
++ ')
++
++ dontaudit $1 traceroute_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive traceroute_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_traceroute_server_packets',`
++ corenet_send_traceroute_server_packets($1)
++ corenet_receive_traceroute_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive traceroute_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_traceroute_server_packets',`
++ corenet_dontaudit_send_traceroute_server_packets($1)
++ corenet_dontaudit_receive_traceroute_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to traceroute_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_traceroute_server_packets',`
++ gen_require(`
++ type traceroute_server_packet_t;
++ ')
++
++ allow $1 traceroute_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the transproxy port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ allow $1 transproxy_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the transproxy port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ allow $1 transproxy_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the transproxy port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ dontaudit $1 transproxy_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the transproxy port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ allow $1 transproxy_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the transproxy port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ dontaudit $1 transproxy_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the transproxy port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_transproxy_port',`
++ corenet_udp_send_transproxy_port($1)
++ corenet_udp_receive_transproxy_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the transproxy port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_transproxy_port',`
++ corenet_dontaudit_udp_send_transproxy_port($1)
++ corenet_dontaudit_udp_receive_transproxy_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the transproxy port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ allow $1 transproxy_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the transproxy port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ allow $1 transproxy_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the transproxy port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_transproxy_port',`
++ gen_require(`
++ type transproxy_port_t;
++ ')
++
++ allow $1 transproxy_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send transproxy_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_transproxy_client_packets',`
++ gen_require(`
++ type transproxy_client_packet_t;
++ ')
++
++ allow $1 transproxy_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send transproxy_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_transproxy_client_packets',`
++ gen_require(`
++ type transproxy_client_packet_t;
++ ')
++
++ dontaudit $1 transproxy_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive transproxy_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_transproxy_client_packets',`
++ gen_require(`
++ type transproxy_client_packet_t;
++ ')
++
++ allow $1 transproxy_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive transproxy_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_transproxy_client_packets',`
++ gen_require(`
++ type transproxy_client_packet_t;
++ ')
++
++ dontaudit $1 transproxy_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive transproxy_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_transproxy_client_packets',`
++ corenet_send_transproxy_client_packets($1)
++ corenet_receive_transproxy_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive transproxy_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_transproxy_client_packets',`
++ corenet_dontaudit_send_transproxy_client_packets($1)
++ corenet_dontaudit_receive_transproxy_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to transproxy_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_transproxy_client_packets',`
++ gen_require(`
++ type transproxy_client_packet_t;
++ ')
++
++ allow $1 transproxy_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send transproxy_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_transproxy_server_packets',`
++ gen_require(`
++ type transproxy_server_packet_t;
++ ')
++
++ allow $1 transproxy_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send transproxy_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_transproxy_server_packets',`
++ gen_require(`
++ type transproxy_server_packet_t;
++ ')
++
++ dontaudit $1 transproxy_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive transproxy_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_transproxy_server_packets',`
++ gen_require(`
++ type transproxy_server_packet_t;
++ ')
++
++ allow $1 transproxy_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive transproxy_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_transproxy_server_packets',`
++ gen_require(`
++ type transproxy_server_packet_t;
++ ')
++
++ dontaudit $1 transproxy_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive transproxy_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_transproxy_server_packets',`
++ corenet_send_transproxy_server_packets($1)
++ corenet_receive_transproxy_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive transproxy_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_transproxy_server_packets',`
++ corenet_dontaudit_send_transproxy_server_packets($1)
++ corenet_dontaudit_receive_transproxy_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to transproxy_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_transproxy_server_packets',`
++ gen_require(`
++ type transproxy_server_packet_t;
++ ')
++
++ allow $1 transproxy_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the uucpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ allow $1 uucpd_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the uucpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ allow $1 uucpd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the uucpd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ dontaudit $1 uucpd_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the uucpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ allow $1 uucpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the uucpd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ dontaudit $1 uucpd_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the uucpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_uucpd_port',`
++ corenet_udp_send_uucpd_port($1)
++ corenet_udp_receive_uucpd_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the uucpd port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_uucpd_port',`
++ corenet_dontaudit_udp_send_uucpd_port($1)
++ corenet_dontaudit_udp_receive_uucpd_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the uucpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ allow $1 uucpd_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the uucpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ allow $1 uucpd_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the uucpd port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_uucpd_port',`
++ gen_require(`
++ type uucpd_port_t;
++ ')
++
++ allow $1 uucpd_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send uucpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_uucpd_client_packets',`
++ gen_require(`
++ type uucpd_client_packet_t;
++ ')
++
++ allow $1 uucpd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send uucpd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_uucpd_client_packets',`
++ gen_require(`
++ type uucpd_client_packet_t;
++ ')
++
++ dontaudit $1 uucpd_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive uucpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_uucpd_client_packets',`
++ gen_require(`
++ type uucpd_client_packet_t;
++ ')
++
++ allow $1 uucpd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive uucpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_uucpd_client_packets',`
++ gen_require(`
++ type uucpd_client_packet_t;
++ ')
++
++ dontaudit $1 uucpd_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive uucpd_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_uucpd_client_packets',`
++ corenet_send_uucpd_client_packets($1)
++ corenet_receive_uucpd_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive uucpd_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_uucpd_client_packets',`
++ corenet_dontaudit_send_uucpd_client_packets($1)
++ corenet_dontaudit_receive_uucpd_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to uucpd_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_uucpd_client_packets',`
++ gen_require(`
++ type uucpd_client_packet_t;
++ ')
++
++ allow $1 uucpd_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send uucpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_uucpd_server_packets',`
++ gen_require(`
++ type uucpd_server_packet_t;
++ ')
++
++ allow $1 uucpd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send uucpd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_uucpd_server_packets',`
++ gen_require(`
++ type uucpd_server_packet_t;
++ ')
++
++ dontaudit $1 uucpd_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive uucpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_uucpd_server_packets',`
++ gen_require(`
++ type uucpd_server_packet_t;
++ ')
++
++ allow $1 uucpd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive uucpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_uucpd_server_packets',`
++ gen_require(`
++ type uucpd_server_packet_t;
++ ')
++
++ dontaudit $1 uucpd_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive uucpd_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_uucpd_server_packets',`
++ corenet_send_uucpd_server_packets($1)
++ corenet_receive_uucpd_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive uucpd_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_uucpd_server_packets',`
++ corenet_dontaudit_send_uucpd_server_packets($1)
++ corenet_dontaudit_receive_uucpd_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to uucpd_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_uucpd_server_packets',`
++ gen_require(`
++ type uucpd_server_packet_t;
++ ')
++
++ allow $1 uucpd_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the virt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ allow $1 virt_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the virt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ allow $1 virt_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the virt port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ dontaudit $1 virt_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the virt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ allow $1 virt_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the virt port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ dontaudit $1 virt_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the virt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_virt_port',`
++ corenet_udp_send_virt_port($1)
++ corenet_udp_receive_virt_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the virt port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_virt_port',`
++ corenet_dontaudit_udp_send_virt_port($1)
++ corenet_dontaudit_udp_receive_virt_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the virt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ allow $1 virt_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the virt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ allow $1 virt_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the virt port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_virt_port',`
++ gen_require(`
++ type virt_port_t;
++ ')
++
++ allow $1 virt_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send virt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_virt_client_packets',`
++ gen_require(`
++ type virt_client_packet_t;
++ ')
++
++ allow $1 virt_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send virt_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_virt_client_packets',`
++ gen_require(`
++ type virt_client_packet_t;
++ ')
++
++ dontaudit $1 virt_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive virt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_virt_client_packets',`
++ gen_require(`
++ type virt_client_packet_t;
++ ')
++
++ allow $1 virt_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive virt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_virt_client_packets',`
++ gen_require(`
++ type virt_client_packet_t;
++ ')
++
++ dontaudit $1 virt_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive virt_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_virt_client_packets',`
++ corenet_send_virt_client_packets($1)
++ corenet_receive_virt_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive virt_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_virt_client_packets',`
++ corenet_dontaudit_send_virt_client_packets($1)
++ corenet_dontaudit_receive_virt_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to virt_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_virt_client_packets',`
++ gen_require(`
++ type virt_client_packet_t;
++ ')
++
++ allow $1 virt_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send virt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_virt_server_packets',`
++ gen_require(`
++ type virt_server_packet_t;
++ ')
++
++ allow $1 virt_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send virt_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_virt_server_packets',`
++ gen_require(`
++ type virt_server_packet_t;
++ ')
++
++ dontaudit $1 virt_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive virt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_virt_server_packets',`
++ gen_require(`
++ type virt_server_packet_t;
++ ')
++
++ allow $1 virt_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive virt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_virt_server_packets',`
++ gen_require(`
++ type virt_server_packet_t;
++ ')
++
++ dontaudit $1 virt_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive virt_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_virt_server_packets',`
++ corenet_send_virt_server_packets($1)
++ corenet_receive_virt_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive virt_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_virt_server_packets',`
++ corenet_dontaudit_send_virt_server_packets($1)
++ corenet_dontaudit_receive_virt_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to virt_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_virt_server_packets',`
++ gen_require(`
++ type virt_server_packet_t;
++ ')
++
++ allow $1 virt_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the vnc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ allow $1 vnc_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the vnc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ allow $1 vnc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the vnc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ dontaudit $1 vnc_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the vnc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ allow $1 vnc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the vnc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ dontaudit $1 vnc_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the vnc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_vnc_port',`
++ corenet_udp_send_vnc_port($1)
++ corenet_udp_receive_vnc_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the vnc port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_vnc_port',`
++ corenet_dontaudit_udp_send_vnc_port($1)
++ corenet_dontaudit_udp_receive_vnc_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the vnc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ allow $1 vnc_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the vnc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ allow $1 vnc_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the vnc port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_vnc_port',`
++ gen_require(`
++ type vnc_port_t;
++ ')
++
++ allow $1 vnc_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send vnc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_vnc_client_packets',`
++ gen_require(`
++ type vnc_client_packet_t;
++ ')
++
++ allow $1 vnc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send vnc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_vnc_client_packets',`
++ gen_require(`
++ type vnc_client_packet_t;
++ ')
++
++ dontaudit $1 vnc_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive vnc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_vnc_client_packets',`
++ gen_require(`
++ type vnc_client_packet_t;
++ ')
++
++ allow $1 vnc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive vnc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_vnc_client_packets',`
++ gen_require(`
++ type vnc_client_packet_t;
++ ')
++
++ dontaudit $1 vnc_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive vnc_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_vnc_client_packets',`
++ corenet_send_vnc_client_packets($1)
++ corenet_receive_vnc_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive vnc_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_vnc_client_packets',`
++ corenet_dontaudit_send_vnc_client_packets($1)
++ corenet_dontaudit_receive_vnc_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to vnc_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_vnc_client_packets',`
++ gen_require(`
++ type vnc_client_packet_t;
++ ')
++
++ allow $1 vnc_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send vnc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_vnc_server_packets',`
++ gen_require(`
++ type vnc_server_packet_t;
++ ')
++
++ allow $1 vnc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send vnc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_vnc_server_packets',`
++ gen_require(`
++ type vnc_server_packet_t;
++ ')
++
++ dontaudit $1 vnc_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive vnc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_vnc_server_packets',`
++ gen_require(`
++ type vnc_server_packet_t;
++ ')
++
++ allow $1 vnc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive vnc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_vnc_server_packets',`
++ gen_require(`
++ type vnc_server_packet_t;
++ ')
++
++ dontaudit $1 vnc_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive vnc_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_vnc_server_packets',`
++ corenet_send_vnc_server_packets($1)
++ corenet_receive_vnc_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive vnc_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_vnc_server_packets',`
++ corenet_dontaudit_send_vnc_server_packets($1)
++ corenet_dontaudit_receive_vnc_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to vnc_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_vnc_server_packets',`
++ gen_require(`
++ type vnc_server_packet_t;
++ ')
++
++ allow $1 vnc_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the whois port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ allow $1 whois_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the whois port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ allow $1 whois_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the whois port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ dontaudit $1 whois_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the whois port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ allow $1 whois_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the whois port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ dontaudit $1 whois_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the whois port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_whois_port',`
++ corenet_udp_send_whois_port($1)
++ corenet_udp_receive_whois_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the whois port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_whois_port',`
++ corenet_dontaudit_udp_send_whois_port($1)
++ corenet_dontaudit_udp_receive_whois_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the whois port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ allow $1 whois_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the whois port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ allow $1 whois_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the whois port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_whois_port',`
++ gen_require(`
++ type whois_port_t;
++ ')
++
++ allow $1 whois_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send whois_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_whois_client_packets',`
++ gen_require(`
++ type whois_client_packet_t;
++ ')
++
++ allow $1 whois_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send whois_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_whois_client_packets',`
++ gen_require(`
++ type whois_client_packet_t;
++ ')
++
++ dontaudit $1 whois_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive whois_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_whois_client_packets',`
++ gen_require(`
++ type whois_client_packet_t;
++ ')
++
++ allow $1 whois_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive whois_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_whois_client_packets',`
++ gen_require(`
++ type whois_client_packet_t;
++ ')
++
++ dontaudit $1 whois_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive whois_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_whois_client_packets',`
++ corenet_send_whois_client_packets($1)
++ corenet_receive_whois_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive whois_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_whois_client_packets',`
++ corenet_dontaudit_send_whois_client_packets($1)
++ corenet_dontaudit_receive_whois_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to whois_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_whois_client_packets',`
++ gen_require(`
++ type whois_client_packet_t;
++ ')
++
++ allow $1 whois_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send whois_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_whois_server_packets',`
++ gen_require(`
++ type whois_server_packet_t;
++ ')
++
++ allow $1 whois_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send whois_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_whois_server_packets',`
++ gen_require(`
++ type whois_server_packet_t;
++ ')
++
++ dontaudit $1 whois_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive whois_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_whois_server_packets',`
++ gen_require(`
++ type whois_server_packet_t;
++ ')
++
++ allow $1 whois_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive whois_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_whois_server_packets',`
++ gen_require(`
++ type whois_server_packet_t;
++ ')
++
++ dontaudit $1 whois_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive whois_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_whois_server_packets',`
++ corenet_send_whois_server_packets($1)
++ corenet_receive_whois_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive whois_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_whois_server_packets',`
++ corenet_dontaudit_send_whois_server_packets($1)
++ corenet_dontaudit_receive_whois_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to whois_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_whois_server_packets',`
++ gen_require(`
++ type whois_server_packet_t;
++ ')
++
++ allow $1 whois_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the wccp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ allow $1 wccp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the wccp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ allow $1 wccp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the wccp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ dontaudit $1 wccp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the wccp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ allow $1 wccp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the wccp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ dontaudit $1 wccp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the wccp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_wccp_port',`
++ corenet_udp_send_wccp_port($1)
++ corenet_udp_receive_wccp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the wccp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_wccp_port',`
++ corenet_dontaudit_udp_send_wccp_port($1)
++ corenet_dontaudit_udp_receive_wccp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the wccp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ allow $1 wccp_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the wccp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ allow $1 wccp_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the wccp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_wccp_port',`
++ gen_require(`
++ type wccp_port_t;
++ ')
++
++ allow $1 wccp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send wccp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_wccp_client_packets',`
++ gen_require(`
++ type wccp_client_packet_t;
++ ')
++
++ allow $1 wccp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send wccp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_wccp_client_packets',`
++ gen_require(`
++ type wccp_client_packet_t;
++ ')
++
++ dontaudit $1 wccp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive wccp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_wccp_client_packets',`
++ gen_require(`
++ type wccp_client_packet_t;
++ ')
++
++ allow $1 wccp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive wccp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_wccp_client_packets',`
++ gen_require(`
++ type wccp_client_packet_t;
++ ')
++
++ dontaudit $1 wccp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive wccp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_wccp_client_packets',`
++ corenet_send_wccp_client_packets($1)
++ corenet_receive_wccp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive wccp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_wccp_client_packets',`
++ corenet_dontaudit_send_wccp_client_packets($1)
++ corenet_dontaudit_receive_wccp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to wccp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_wccp_client_packets',`
++ gen_require(`
++ type wccp_client_packet_t;
++ ')
++
++ allow $1 wccp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send wccp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_wccp_server_packets',`
++ gen_require(`
++ type wccp_server_packet_t;
++ ')
++
++ allow $1 wccp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send wccp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_wccp_server_packets',`
++ gen_require(`
++ type wccp_server_packet_t;
++ ')
++
++ dontaudit $1 wccp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive wccp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_wccp_server_packets',`
++ gen_require(`
++ type wccp_server_packet_t;
++ ')
++
++ allow $1 wccp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive wccp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_wccp_server_packets',`
++ gen_require(`
++ type wccp_server_packet_t;
++ ')
++
++ dontaudit $1 wccp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive wccp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_wccp_server_packets',`
++ corenet_send_wccp_server_packets($1)
++ corenet_receive_wccp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive wccp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_wccp_server_packets',`
++ corenet_dontaudit_send_wccp_server_packets($1)
++ corenet_dontaudit_receive_wccp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to wccp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_wccp_server_packets',`
++ gen_require(`
++ type wccp_server_packet_t;
++ ')
++
++ allow $1 wccp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the xdmcp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ allow $1 xdmcp_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the xdmcp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ allow $1 xdmcp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the xdmcp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ dontaudit $1 xdmcp_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the xdmcp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ allow $1 xdmcp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the xdmcp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ dontaudit $1 xdmcp_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the xdmcp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_xdmcp_port',`
++ corenet_udp_send_xdmcp_port($1)
++ corenet_udp_receive_xdmcp_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the xdmcp port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_xdmcp_port',`
++ corenet_dontaudit_udp_send_xdmcp_port($1)
++ corenet_dontaudit_udp_receive_xdmcp_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the xdmcp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ allow $1 xdmcp_port_t:tcp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Bind UDP sockets to the xdmcp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ allow $1 xdmcp_port_t:udp_socket name_bind;
++ allow $1 self:capability net_bind_service;
++')
++
++########################################
++##
++## Make a TCP connection to the xdmcp port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_xdmcp_port',`
++ gen_require(`
++ type xdmcp_port_t;
++ ')
++
++ allow $1 xdmcp_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send xdmcp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xdmcp_client_packets',`
++ gen_require(`
++ type xdmcp_client_packet_t;
++ ')
++
++ allow $1 xdmcp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xdmcp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xdmcp_client_packets',`
++ gen_require(`
++ type xdmcp_client_packet_t;
++ ')
++
++ dontaudit $1 xdmcp_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xdmcp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xdmcp_client_packets',`
++ gen_require(`
++ type xdmcp_client_packet_t;
++ ')
++
++ allow $1 xdmcp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xdmcp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xdmcp_client_packets',`
++ gen_require(`
++ type xdmcp_client_packet_t;
++ ')
++
++ dontaudit $1 xdmcp_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xdmcp_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xdmcp_client_packets',`
++ corenet_send_xdmcp_client_packets($1)
++ corenet_receive_xdmcp_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xdmcp_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xdmcp_client_packets',`
++ corenet_dontaudit_send_xdmcp_client_packets($1)
++ corenet_dontaudit_receive_xdmcp_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xdmcp_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xdmcp_client_packets',`
++ gen_require(`
++ type xdmcp_client_packet_t;
++ ')
++
++ allow $1 xdmcp_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send xdmcp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xdmcp_server_packets',`
++ gen_require(`
++ type xdmcp_server_packet_t;
++ ')
++
++ allow $1 xdmcp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xdmcp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xdmcp_server_packets',`
++ gen_require(`
++ type xdmcp_server_packet_t;
++ ')
++
++ dontaudit $1 xdmcp_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xdmcp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xdmcp_server_packets',`
++ gen_require(`
++ type xdmcp_server_packet_t;
++ ')
++
++ allow $1 xdmcp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xdmcp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xdmcp_server_packets',`
++ gen_require(`
++ type xdmcp_server_packet_t;
++ ')
++
++ dontaudit $1 xdmcp_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xdmcp_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xdmcp_server_packets',`
++ corenet_send_xdmcp_server_packets($1)
++ corenet_receive_xdmcp_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xdmcp_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xdmcp_server_packets',`
++ corenet_dontaudit_send_xdmcp_server_packets($1)
++ corenet_dontaudit_receive_xdmcp_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xdmcp_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xdmcp_server_packets',`
++ gen_require(`
++ type xdmcp_server_packet_t;
++ ')
++
++ allow $1 xdmcp_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the xen port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ allow $1 xen_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the xen port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ allow $1 xen_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the xen port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ dontaudit $1 xen_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the xen port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ allow $1 xen_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the xen port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ dontaudit $1 xen_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the xen port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_xen_port',`
++ corenet_udp_send_xen_port($1)
++ corenet_udp_receive_xen_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the xen port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_xen_port',`
++ corenet_dontaudit_udp_send_xen_port($1)
++ corenet_dontaudit_udp_receive_xen_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the xen port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ allow $1 xen_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the xen port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ allow $1 xen_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the xen port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_xen_port',`
++ gen_require(`
++ type xen_port_t;
++ ')
++
++ allow $1 xen_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send xen_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xen_client_packets',`
++ gen_require(`
++ type xen_client_packet_t;
++ ')
++
++ allow $1 xen_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xen_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xen_client_packets',`
++ gen_require(`
++ type xen_client_packet_t;
++ ')
++
++ dontaudit $1 xen_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xen_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xen_client_packets',`
++ gen_require(`
++ type xen_client_packet_t;
++ ')
++
++ allow $1 xen_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xen_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xen_client_packets',`
++ gen_require(`
++ type xen_client_packet_t;
++ ')
++
++ dontaudit $1 xen_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xen_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xen_client_packets',`
++ corenet_send_xen_client_packets($1)
++ corenet_receive_xen_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xen_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xen_client_packets',`
++ corenet_dontaudit_send_xen_client_packets($1)
++ corenet_dontaudit_receive_xen_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xen_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xen_client_packets',`
++ gen_require(`
++ type xen_client_packet_t;
++ ')
++
++ allow $1 xen_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send xen_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xen_server_packets',`
++ gen_require(`
++ type xen_server_packet_t;
++ ')
++
++ allow $1 xen_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xen_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xen_server_packets',`
++ gen_require(`
++ type xen_server_packet_t;
++ ')
++
++ dontaudit $1 xen_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xen_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xen_server_packets',`
++ gen_require(`
++ type xen_server_packet_t;
++ ')
++
++ allow $1 xen_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xen_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xen_server_packets',`
++ gen_require(`
++ type xen_server_packet_t;
++ ')
++
++ dontaudit $1 xen_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xen_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xen_server_packets',`
++ corenet_send_xen_server_packets($1)
++ corenet_receive_xen_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xen_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xen_server_packets',`
++ corenet_dontaudit_send_xen_server_packets($1)
++ corenet_dontaudit_receive_xen_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xen_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xen_server_packets',`
++ gen_require(`
++ type xen_server_packet_t;
++ ')
++
++ allow $1 xen_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the xfs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ allow $1 xfs_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the xfs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ allow $1 xfs_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the xfs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ dontaudit $1 xfs_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the xfs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ allow $1 xfs_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the xfs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ dontaudit $1 xfs_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the xfs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_xfs_port',`
++ corenet_udp_send_xfs_port($1)
++ corenet_udp_receive_xfs_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the xfs port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_xfs_port',`
++ corenet_dontaudit_udp_send_xfs_port($1)
++ corenet_dontaudit_udp_receive_xfs_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the xfs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ allow $1 xfs_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the xfs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ allow $1 xfs_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the xfs port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_xfs_port',`
++ gen_require(`
++ type xfs_port_t;
++ ')
++
++ allow $1 xfs_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send xfs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xfs_client_packets',`
++ gen_require(`
++ type xfs_client_packet_t;
++ ')
++
++ allow $1 xfs_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xfs_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xfs_client_packets',`
++ gen_require(`
++ type xfs_client_packet_t;
++ ')
++
++ dontaudit $1 xfs_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xfs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xfs_client_packets',`
++ gen_require(`
++ type xfs_client_packet_t;
++ ')
++
++ allow $1 xfs_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xfs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xfs_client_packets',`
++ gen_require(`
++ type xfs_client_packet_t;
++ ')
++
++ dontaudit $1 xfs_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xfs_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xfs_client_packets',`
++ corenet_send_xfs_client_packets($1)
++ corenet_receive_xfs_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xfs_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xfs_client_packets',`
++ corenet_dontaudit_send_xfs_client_packets($1)
++ corenet_dontaudit_receive_xfs_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xfs_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xfs_client_packets',`
++ gen_require(`
++ type xfs_client_packet_t;
++ ')
++
++ allow $1 xfs_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send xfs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xfs_server_packets',`
++ gen_require(`
++ type xfs_server_packet_t;
++ ')
++
++ allow $1 xfs_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xfs_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xfs_server_packets',`
++ gen_require(`
++ type xfs_server_packet_t;
++ ')
++
++ dontaudit $1 xfs_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xfs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xfs_server_packets',`
++ gen_require(`
++ type xfs_server_packet_t;
++ ')
++
++ allow $1 xfs_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xfs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xfs_server_packets',`
++ gen_require(`
++ type xfs_server_packet_t;
++ ')
++
++ dontaudit $1 xfs_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xfs_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xfs_server_packets',`
++ corenet_send_xfs_server_packets($1)
++ corenet_receive_xfs_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xfs_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xfs_server_packets',`
++ corenet_dontaudit_send_xfs_server_packets($1)
++ corenet_dontaudit_receive_xfs_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xfs_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xfs_server_packets',`
++ gen_require(`
++ type xfs_server_packet_t;
++ ')
++
++ allow $1 xfs_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the xserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ allow $1 xserver_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the xserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ allow $1 xserver_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the xserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ dontaudit $1 xserver_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the xserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ allow $1 xserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the xserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ dontaudit $1 xserver_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the xserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_xserver_port',`
++ corenet_udp_send_xserver_port($1)
++ corenet_udp_receive_xserver_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the xserver port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_xserver_port',`
++ corenet_dontaudit_udp_send_xserver_port($1)
++ corenet_dontaudit_udp_receive_xserver_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the xserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ allow $1 xserver_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the xserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ allow $1 xserver_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the xserver port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_xserver_port',`
++ gen_require(`
++ type xserver_port_t;
++ ')
++
++ allow $1 xserver_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send xserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xserver_client_packets',`
++ gen_require(`
++ type xserver_client_packet_t;
++ ')
++
++ allow $1 xserver_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xserver_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xserver_client_packets',`
++ gen_require(`
++ type xserver_client_packet_t;
++ ')
++
++ dontaudit $1 xserver_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xserver_client_packets',`
++ gen_require(`
++ type xserver_client_packet_t;
++ ')
++
++ allow $1 xserver_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xserver_client_packets',`
++ gen_require(`
++ type xserver_client_packet_t;
++ ')
++
++ dontaudit $1 xserver_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xserver_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xserver_client_packets',`
++ corenet_send_xserver_client_packets($1)
++ corenet_receive_xserver_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xserver_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xserver_client_packets',`
++ corenet_dontaudit_send_xserver_client_packets($1)
++ corenet_dontaudit_receive_xserver_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xserver_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xserver_client_packets',`
++ gen_require(`
++ type xserver_client_packet_t;
++ ')
++
++ allow $1 xserver_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send xserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_xserver_server_packets',`
++ gen_require(`
++ type xserver_server_packet_t;
++ ')
++
++ allow $1 xserver_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send xserver_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_xserver_server_packets',`
++ gen_require(`
++ type xserver_server_packet_t;
++ ')
++
++ dontaudit $1 xserver_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive xserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_xserver_server_packets',`
++ gen_require(`
++ type xserver_server_packet_t;
++ ')
++
++ allow $1 xserver_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive xserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_xserver_server_packets',`
++ gen_require(`
++ type xserver_server_packet_t;
++ ')
++
++ dontaudit $1 xserver_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive xserver_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_xserver_server_packets',`
++ corenet_send_xserver_server_packets($1)
++ corenet_receive_xserver_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive xserver_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_xserver_server_packets',`
++ corenet_dontaudit_send_xserver_server_packets($1)
++ corenet_dontaudit_receive_xserver_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to xserver_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_xserver_server_packets',`
++ gen_require(`
++ type xserver_server_packet_t;
++ ')
++
++ allow $1 xserver_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the zebra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ allow $1 zebra_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the zebra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ allow $1 zebra_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the zebra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ dontaudit $1 zebra_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the zebra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ allow $1 zebra_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the zebra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ dontaudit $1 zebra_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the zebra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_zebra_port',`
++ corenet_udp_send_zebra_port($1)
++ corenet_udp_receive_zebra_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the zebra port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_zebra_port',`
++ corenet_dontaudit_udp_send_zebra_port($1)
++ corenet_dontaudit_udp_receive_zebra_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the zebra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ allow $1 zebra_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the zebra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ allow $1 zebra_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the zebra port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_zebra_port',`
++ gen_require(`
++ type zebra_port_t;
++ ')
++
++ allow $1 zebra_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send zebra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_zebra_client_packets',`
++ gen_require(`
++ type zebra_client_packet_t;
++ ')
++
++ allow $1 zebra_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send zebra_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_zebra_client_packets',`
++ gen_require(`
++ type zebra_client_packet_t;
++ ')
++
++ dontaudit $1 zebra_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive zebra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_zebra_client_packets',`
++ gen_require(`
++ type zebra_client_packet_t;
++ ')
++
++ allow $1 zebra_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive zebra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_zebra_client_packets',`
++ gen_require(`
++ type zebra_client_packet_t;
++ ')
++
++ dontaudit $1 zebra_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive zebra_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_zebra_client_packets',`
++ corenet_send_zebra_client_packets($1)
++ corenet_receive_zebra_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive zebra_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_zebra_client_packets',`
++ corenet_dontaudit_send_zebra_client_packets($1)
++ corenet_dontaudit_receive_zebra_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to zebra_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_zebra_client_packets',`
++ gen_require(`
++ type zebra_client_packet_t;
++ ')
++
++ allow $1 zebra_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send zebra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_zebra_server_packets',`
++ gen_require(`
++ type zebra_server_packet_t;
++ ')
++
++ allow $1 zebra_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send zebra_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_zebra_server_packets',`
++ gen_require(`
++ type zebra_server_packet_t;
++ ')
++
++ dontaudit $1 zebra_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive zebra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_zebra_server_packets',`
++ gen_require(`
++ type zebra_server_packet_t;
++ ')
++
++ allow $1 zebra_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive zebra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_zebra_server_packets',`
++ gen_require(`
++ type zebra_server_packet_t;
++ ')
++
++ dontaudit $1 zebra_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive zebra_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_zebra_server_packets',`
++ corenet_send_zebra_server_packets($1)
++ corenet_receive_zebra_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive zebra_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_zebra_server_packets',`
++ corenet_dontaudit_send_zebra_server_packets($1)
++ corenet_dontaudit_receive_zebra_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to zebra_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_zebra_server_packets',`
++ gen_require(`
++ type zebra_server_packet_t;
++ ')
++
++ allow $1 zebra_server_packet_t:packet relabelto;
++')
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the zope port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ allow $1 zope_port_t:tcp_socket { send_msg recv_msg };
++')
++
++########################################
++##
++## Send UDP traffic on the zope port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ allow $1 zope_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Do not audit attempts to send UDP traffic on the zope port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_send_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ dontaudit $1 zope_port_t:udp_socket send_msg;
++')
++
++########################################
++##
++## Receive UDP traffic on the zope port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ allow $1 zope_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Do not audit attempts to receive UDP traffic on the zope port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_receive_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ dontaudit $1 zope_port_t:udp_socket recv_msg;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the zope port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_zope_port',`
++ corenet_udp_send_zope_port($1)
++ corenet_udp_receive_zope_port($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive
++## UDP traffic on the zope port.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_udp_sendrecv_zope_port',`
++ corenet_dontaudit_udp_send_zope_port($1)
++ corenet_dontaudit_udp_receive_zope_port($1)
++')
++
++########################################
++##
++## Bind TCP sockets to the zope port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ allow $1 zope_port_t:tcp_socket name_bind;
++
++')
++
++########################################
++##
++## Bind UDP sockets to the zope port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ allow $1 zope_port_t:udp_socket name_bind;
++
++')
++
++########################################
++##
++## Make a TCP connection to the zope port.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_tcp_connect_zope_port',`
++ gen_require(`
++ type zope_port_t;
++ ')
++
++ allow $1 zope_port_t:tcp_socket name_connect;
++')
++
++
++########################################
++##
++## Send zope_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_zope_client_packets',`
++ gen_require(`
++ type zope_client_packet_t;
++ ')
++
++ allow $1 zope_client_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send zope_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_zope_client_packets',`
++ gen_require(`
++ type zope_client_packet_t;
++ ')
++
++ dontaudit $1 zope_client_packet_t:packet send;
++')
++
++########################################
++##
++## Receive zope_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_zope_client_packets',`
++ gen_require(`
++ type zope_client_packet_t;
++ ')
++
++ allow $1 zope_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive zope_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_zope_client_packets',`
++ gen_require(`
++ type zope_client_packet_t;
++ ')
++
++ dontaudit $1 zope_client_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive zope_client packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_zope_client_packets',`
++ corenet_send_zope_client_packets($1)
++ corenet_receive_zope_client_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive zope_client packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_zope_client_packets',`
++ corenet_dontaudit_send_zope_client_packets($1)
++ corenet_dontaudit_receive_zope_client_packets($1)
++')
++
++########################################
++##
++## Relabel packets to zope_client the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_zope_client_packets',`
++ gen_require(`
++ type zope_client_packet_t;
++ ')
++
++ allow $1 zope_client_packet_t:packet relabelto;
++')
++
++
++########################################
++##
++## Send zope_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_send_zope_server_packets',`
++ gen_require(`
++ type zope_server_packet_t;
++ ')
++
++ allow $1 zope_server_packet_t:packet send;
++')
++
++########################################
++##
++## Do not audit attempts to send zope_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_send_zope_server_packets',`
++ gen_require(`
++ type zope_server_packet_t;
++ ')
++
++ dontaudit $1 zope_server_packet_t:packet send;
++')
++
++########################################
++##
++## Receive zope_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_receive_zope_server_packets',`
++ gen_require(`
++ type zope_server_packet_t;
++ ')
++
++ allow $1 zope_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Do not audit attempts to receive zope_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_dontaudit_receive_zope_server_packets',`
++ gen_require(`
++ type zope_server_packet_t;
++ ')
++
++ dontaudit $1 zope_server_packet_t:packet recv;
++')
++
++########################################
++##
++## Send and receive zope_server packets.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_sendrecv_zope_server_packets',`
++ corenet_send_zope_server_packets($1)
++ corenet_receive_zope_server_packets($1)
++')
++
++########################################
++##
++## Do not audit attempts to send and receive zope_server packets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++##
++#
++interface(`corenet_dontaudit_sendrecv_zope_server_packets',`
++ corenet_dontaudit_send_zope_server_packets($1)
++ corenet_dontaudit_receive_zope_server_packets($1)
++')
++
++########################################
++##
++## Relabel packets to zope_server the packet type.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`corenet_relabelto_zope_server_packets',`
++ gen_require(`
++ type zope_server_packet_t;
++ ')
++
++ allow $1 zope_server_packet_t:packet relabelto;
++')
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_compat_ipv4_node',`
++ gen_require(`
++ type compat_ipv4_node_t;
++ ')
++
++ allow $1 compat_ipv4_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_compat_ipv4_node',`
++ gen_require(`
++ type compat_ipv4_node_t;
++ ')
++
++ allow $1 compat_ipv4_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_compat_ipv4_node',`
++ gen_require(`
++ type compat_ipv4_node_t;
++ ')
++
++ allow $1 compat_ipv4_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_compat_ipv4_node',`
++ corenet_udp_send_compat_ipv4_node($1)
++ corenet_udp_receive_compat_ipv4_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_compat_ipv4_node',`
++ gen_require(`
++ type compat_ipv4_node_t;
++ ')
++
++ allow $1 compat_ipv4_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_compat_ipv4_node',`
++ gen_require(`
++ type compat_ipv4_node_t;
++ ')
++
++ allow $1 compat_ipv4_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_compat_ipv4_node',`
++ corenet_raw_send_compat_ipv4_node($1)
++ corenet_raw_receive_compat_ipv4_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node compat_ipv4.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_compat_ipv4_node',`
++ gen_require(`
++ type compat_ipv4_node_t;
++ ')
++
++ allow $1 compat_ipv4_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the compat_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_compat_ipv4_node',`
++ gen_require(`
++ type compat_ipv4_node_t;
++ ')
++
++ allow $1 compat_ipv4_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_inaddr_any_node',`
++ gen_require(`
++ type inaddr_any_node_t;
++ ')
++
++ allow $1 inaddr_any_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_inaddr_any_node',`
++ gen_require(`
++ type inaddr_any_node_t;
++ ')
++
++ allow $1 inaddr_any_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_inaddr_any_node',`
++ gen_require(`
++ type inaddr_any_node_t;
++ ')
++
++ allow $1 inaddr_any_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_inaddr_any_node',`
++ corenet_udp_send_inaddr_any_node($1)
++ corenet_udp_receive_inaddr_any_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_inaddr_any_node',`
++ gen_require(`
++ type inaddr_any_node_t;
++ ')
++
++ allow $1 inaddr_any_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_inaddr_any_node',`
++ gen_require(`
++ type inaddr_any_node_t;
++ ')
++
++ allow $1 inaddr_any_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_inaddr_any_node',`
++ corenet_raw_send_inaddr_any_node($1)
++ corenet_raw_receive_inaddr_any_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node inaddr_any.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_inaddr_any_node',`
++ gen_require(`
++ type inaddr_any_node_t;
++ ')
++
++ allow $1 inaddr_any_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the inaddr_any node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_inaddr_any_node',`
++ gen_require(`
++ type inaddr_any_node_t;
++ ')
++
++ allow $1 inaddr_any_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_link_local_node',`
++ gen_require(`
++ type link_local_node_t;
++ ')
++
++ allow $1 link_local_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_link_local_node',`
++ gen_require(`
++ type link_local_node_t;
++ ')
++
++ allow $1 link_local_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_link_local_node',`
++ gen_require(`
++ type link_local_node_t;
++ ')
++
++ allow $1 link_local_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_link_local_node',`
++ corenet_udp_send_link_local_node($1)
++ corenet_udp_receive_link_local_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_link_local_node',`
++ gen_require(`
++ type link_local_node_t;
++ ')
++
++ allow $1 link_local_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_link_local_node',`
++ gen_require(`
++ type link_local_node_t;
++ ')
++
++ allow $1 link_local_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_link_local_node',`
++ corenet_raw_send_link_local_node($1)
++ corenet_raw_receive_link_local_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node link_local.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_link_local_node',`
++ gen_require(`
++ type link_local_node_t;
++ ')
++
++ allow $1 link_local_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the link_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_link_local_node',`
++ gen_require(`
++ type link_local_node_t;
++ ')
++
++ allow $1 link_local_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_lo_node',`
++ gen_require(`
++ type lo_node_t;
++ ')
++
++ allow $1 lo_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_lo_node',`
++ gen_require(`
++ type lo_node_t;
++ ')
++
++ allow $1 lo_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_lo_node',`
++ gen_require(`
++ type lo_node_t;
++ ')
++
++ allow $1 lo_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_lo_node',`
++ corenet_udp_send_lo_node($1)
++ corenet_udp_receive_lo_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_lo_node',`
++ gen_require(`
++ type lo_node_t;
++ ')
++
++ allow $1 lo_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_lo_node',`
++ gen_require(`
++ type lo_node_t;
++ ')
++
++ allow $1 lo_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_lo_node',`
++ corenet_raw_send_lo_node($1)
++ corenet_raw_receive_lo_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node lo.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_lo_node',`
++ gen_require(`
++ type lo_node_t;
++ ')
++
++ allow $1 lo_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the lo node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_lo_node',`
++ gen_require(`
++ type lo_node_t;
++ ')
++
++ allow $1 lo_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_mapped_ipv4_node',`
++ gen_require(`
++ type mapped_ipv4_node_t;
++ ')
++
++ allow $1 mapped_ipv4_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_mapped_ipv4_node',`
++ gen_require(`
++ type mapped_ipv4_node_t;
++ ')
++
++ allow $1 mapped_ipv4_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_mapped_ipv4_node',`
++ gen_require(`
++ type mapped_ipv4_node_t;
++ ')
++
++ allow $1 mapped_ipv4_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_mapped_ipv4_node',`
++ corenet_udp_send_mapped_ipv4_node($1)
++ corenet_udp_receive_mapped_ipv4_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_mapped_ipv4_node',`
++ gen_require(`
++ type mapped_ipv4_node_t;
++ ')
++
++ allow $1 mapped_ipv4_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_mapped_ipv4_node',`
++ gen_require(`
++ type mapped_ipv4_node_t;
++ ')
++
++ allow $1 mapped_ipv4_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_mapped_ipv4_node',`
++ corenet_raw_send_mapped_ipv4_node($1)
++ corenet_raw_receive_mapped_ipv4_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node mapped_ipv4.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_mapped_ipv4_node',`
++ gen_require(`
++ type mapped_ipv4_node_t;
++ ')
++
++ allow $1 mapped_ipv4_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the mapped_ipv4 node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_mapped_ipv4_node',`
++ gen_require(`
++ type mapped_ipv4_node_t;
++ ')
++
++ allow $1 mapped_ipv4_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_multicast_node',`
++ gen_require(`
++ type multicast_node_t;
++ ')
++
++ allow $1 multicast_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_multicast_node',`
++ gen_require(`
++ type multicast_node_t;
++ ')
++
++ allow $1 multicast_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_multicast_node',`
++ gen_require(`
++ type multicast_node_t;
++ ')
++
++ allow $1 multicast_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_multicast_node',`
++ corenet_udp_send_multicast_node($1)
++ corenet_udp_receive_multicast_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_multicast_node',`
++ gen_require(`
++ type multicast_node_t;
++ ')
++
++ allow $1 multicast_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_multicast_node',`
++ gen_require(`
++ type multicast_node_t;
++ ')
++
++ allow $1 multicast_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_multicast_node',`
++ corenet_raw_send_multicast_node($1)
++ corenet_raw_receive_multicast_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node multicast.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_multicast_node',`
++ gen_require(`
++ type multicast_node_t;
++ ')
++
++ allow $1 multicast_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the multicast node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_multicast_node',`
++ gen_require(`
++ type multicast_node_t;
++ ')
++
++ allow $1 multicast_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_site_local_node',`
++ gen_require(`
++ type site_local_node_t;
++ ')
++
++ allow $1 site_local_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_site_local_node',`
++ gen_require(`
++ type site_local_node_t;
++ ')
++
++ allow $1 site_local_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_site_local_node',`
++ gen_require(`
++ type site_local_node_t;
++ ')
++
++ allow $1 site_local_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_site_local_node',`
++ corenet_udp_send_site_local_node($1)
++ corenet_udp_receive_site_local_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_site_local_node',`
++ gen_require(`
++ type site_local_node_t;
++ ')
++
++ allow $1 site_local_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_site_local_node',`
++ gen_require(`
++ type site_local_node_t;
++ ')
++
++ allow $1 site_local_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_site_local_node',`
++ corenet_raw_send_site_local_node($1)
++ corenet_raw_receive_site_local_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node site_local.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_site_local_node',`
++ gen_require(`
++ type site_local_node_t;
++ ')
++
++ allow $1 site_local_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the site_local node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_site_local_node',`
++ gen_require(`
++ type site_local_node_t;
++ ')
++
++ allow $1 site_local_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP traffic on the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_unspec_node',`
++ gen_require(`
++ type unspec_node_t;
++ ')
++
++ allow $1 unspec_node_t:node { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP traffic on the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_unspec_node',`
++ gen_require(`
++ type unspec_node_t;
++ ')
++
++ allow $1 unspec_node_t:node udp_send;
++')
++
++########################################
++##
++## Receive UDP traffic on the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_unspec_node',`
++ gen_require(`
++ type unspec_node_t;
++ ')
++
++ allow $1 unspec_node_t:node udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP traffic on the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_unspec_node',`
++ corenet_udp_send_unspec_node($1)
++ corenet_udp_receive_unspec_node($1)
++')
++
++########################################
++##
++## Send raw IP packets on the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_unspec_node',`
++ gen_require(`
++ type unspec_node_t;
++ ')
++
++ allow $1 unspec_node_t:node rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_unspec_node',`
++ gen_require(`
++ type unspec_node_t;
++ ')
++
++ allow $1 unspec_node_t:node rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_unspec_node',`
++ corenet_raw_send_unspec_node($1)
++ corenet_raw_receive_unspec_node($1)
++')
++
++########################################
++##
++## Bind TCP sockets to node unspec.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_bind_unspec_node',`
++ gen_require(`
++ type unspec_node_t;
++ ')
++
++ allow $1 unspec_node_t:tcp_socket node_bind;
++')
++
++########################################
++##
++## Bind UDP sockets to the unspec node.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_bind_unspec_node',`
++ gen_require(`
++ type unspec_node_t;
++ ')
++
++ allow $1 unspec_node_t:udp_socket node_bind;
++')
++
++
++
++
++
++
++########################################
++##
++## Send and receive TCP network traffic on the lo interface.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_tcp_sendrecv_lo_if',`
++ gen_require(`
++ type lo_netif_t;
++ ')
++
++ allow $1 lo_netif_t:netif { tcp_send tcp_recv };
++')
++
++########################################
++##
++## Send UDP network traffic on the lo interface.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_send_lo_if',`
++ gen_require(`
++ type lo_netif_t;
++ ')
++
++ allow $1 lo_netif_t:netif udp_send;
++')
++
++########################################
++##
++## Receive UDP network traffic on the lo interface.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_receive_lo_if',`
++ gen_require(`
++ type lo_netif_t;
++ ')
++
++ allow $1 lo_netif_t:netif udp_recv;
++')
++
++########################################
++##
++## Send and receive UDP network traffic on the lo interface.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_udp_sendrecv_lo_if',`
++ corenet_udp_send_lo_if($1)
++ corenet_udp_receive_lo_if($1)
++')
++
++########################################
++##
++## Send raw IP packets on the lo interface.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_send_lo_if',`
++ gen_require(`
++ type lo_netif_t;
++ ')
++
++ allow $1 lo_netif_t:netif rawip_send;
++')
++
++########################################
++##
++## Receive raw IP packets on the lo interface.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_receive_lo_if',`
++ gen_require(`
++ type lo_netif_t;
++ ')
++
++ allow $1 lo_netif_t:netif rawip_recv;
++')
++
++########################################
++##
++## Send and receive raw IP packets on the lo interface.
++##
++##
++##
++## Domain allowed access.
++##
++##
++##
++#
++interface(`corenet_raw_sendrecv_lo_if',`
++ corenet_raw_send_lo_if($1)
++ corenet_raw_receive_lo_if($1)
++')
++
++
++
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2008-02-26 14:23:11.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in 2009-01-13 19:18:30.000000000 +0100
+@@ -1441,10 +1441,11 @@
+ #
+ interface(`corenet_tcp_bind_all_unreserved_ports',`
+ gen_require(`
+- attribute port_type, reserved_port_type;
++ attribute port_type;
++ type hi_reserved_port_t, reserved_port_t;
+ ')
+
+- allow $1 { port_type -reserved_port_type }:tcp_socket name_bind;
++ allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:tcp_socket name_bind;
+ ')
+
+ ########################################
+@@ -1459,10 +1460,11 @@
+ #
+ interface(`corenet_udp_bind_all_unreserved_ports',`
+ gen_require(`
+- attribute port_type, reserved_port_type;
++ attribute port_type;
++ type hi_reserved_port_t, reserved_port_t;
+ ')
+
+- allow $1 { port_type -reserved_port_type }:udp_socket name_bind;
++ allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:udp_socket name_bind;
+ ')
+
+ ########################################
+diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te
+--- nsaserefpolicy/policy/modules/kernel/corenetwork.te 1970-01-01 01:00:00.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te 2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,1754 @@
++#
++# This is a generated file! Instead of modifying this file, the
++# corenetwork.te.in or corenetwork.te.m4 file should be modified.
++#
++#
++# shiftn(num,list...)
++#
++# shift the list num times
++#
++
++
++#
++# build_option(option_name,true,[false])
++#
++# makes an ifdef. hacky quoting changes because with
++# regular quoting, the macros in $2 and $3 will not be expanded
++#
++
++
++
++
++#
++# network_interface(if_name,linux_interface,mls_sensitivity)
++#
++
++
++
++
++#
++# network_node(node_name,mls_sensitivity,address,netmask[, mls_sensitivity,address,netmask, [...]])
++#
++
++
++
++
++#
++# network_port(port_name,protocol portnum mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
++#
++
++
++#
++# network_packet(packet_name)
++#
++
++
++policy_module(corenetwork,1.2.16)
++
++########################################
++#
++# Declarations
++#
++
++attribute client_packet_type;
++attribute netif_type;
++attribute node_type;
++attribute packet_type;
++attribute port_type;
++attribute reserved_port_type;
++attribute rpc_port_type;
++attribute server_packet_type;
++
++attribute corenet_unconfined_type;
++
++type ppp_device_t;
++dev_node(ppp_device_t)
++
++#
++# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*
++#
++type tun_tap_device_t;
++dev_node(tun_tap_device_t)
++
++########################################
++#
++# Ports and packets
++#
++
++#
++# client_packet_t is the default type of IPv4 and IPv6 client packets.
++#
++type client_packet_t, packet_type, client_packet_type;
++
++#
++# The netlabel_peer_t is used by the kernel's NetLabel subsystem for network
++# connections using NetLabel which do not carry full SELinux contexts.
++#
++type netlabel_peer_t;
++sid netmsg gen_context(system_u:object_r:netlabel_peer_t,mls_systemhigh)
++
++#
++# port_t is the default type of INET port numbers.
++#
++type port_t, port_type;
++sid port gen_context(system_u:object_r:port_t,s0)
++
++#
++# reserved_port_t is the type of INET port numbers below 1024.
++#
++type reserved_port_t, port_type, reserved_port_type;
++
++#
++# hi_reserved_port_t is the type of INET port numbers between 600-1023.
++#
++type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
++
++#
++# server_packet_t is the default type of IPv4 and IPv6 server packets.
++#
++type server_packet_t, packet_type, server_packet_type;
++
++
++type afs_bos_port_t, port_type;
++type afs_bos_client_packet_t, packet_type, client_packet_type;
++type afs_bos_server_packet_t, packet_type, server_packet_type;
++portcon udp 7007 gen_context(system_u:object_r:afs_bos_port_t,s0)
++
++
++
++type afs_fs_port_t, port_type;
++type afs_fs_client_packet_t, packet_type, client_packet_type;
++type afs_fs_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2040 gen_context(system_u:object_r:afs_fs_port_t,s0)
++portcon udp 7000 gen_context(system_u:object_r:afs_fs_port_t,s0)
++portcon udp 7005 gen_context(system_u:object_r:afs_fs_port_t,s0)
++
++
++
++type afs_ka_port_t, port_type;
++type afs_ka_client_packet_t, packet_type, client_packet_type;
++type afs_ka_server_packet_t, packet_type, server_packet_type;
++portcon udp 7004 gen_context(system_u:object_r:afs_ka_port_t,s0)
++
++
++
++type afs_pt_port_t, port_type;
++type afs_pt_client_packet_t, packet_type, client_packet_type;
++type afs_pt_server_packet_t, packet_type, server_packet_type;
++portcon udp 7002 gen_context(system_u:object_r:afs_pt_port_t,s0)
++
++
++
++type afs_vl_port_t, port_type;
++type afs_vl_client_packet_t, packet_type, client_packet_type;
++type afs_vl_server_packet_t, packet_type, server_packet_type;
++portcon udp 7003 gen_context(system_u:object_r:afs_vl_port_t,s0)
++
++
++
++type amanda_port_t, port_type;
++type amanda_client_packet_t, packet_type, client_packet_type;
++type amanda_server_packet_t, packet_type, server_packet_type;
++portcon udp 10080 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10080 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon udp 10081 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10081 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10082 gen_context(system_u:object_r:amanda_port_t,s0)
++portcon tcp 10083 gen_context(system_u:object_r:amanda_port_t,s0)
++
++
++
++type amavisd_recv_port_t, port_type;
++type amavisd_recv_client_packet_t, packet_type, client_packet_type;
++type amavisd_recv_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10024 gen_context(system_u:object_r:amavisd_recv_port_t,s0)
++
++
++
++type amavisd_send_port_t, port_type;
++type amavisd_send_client_packet_t, packet_type, client_packet_type;
++type amavisd_send_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10025 gen_context(system_u:object_r:amavisd_send_port_t,s0)
++
++
++
++type aol_port_t, port_type;
++type aol_client_packet_t, packet_type, client_packet_type;
++type aol_server_packet_t, packet_type, server_packet_type;
++portcon udp 5190 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5190 gen_context(system_u:object_r:aol_port_t,s0)
++portcon udp 5191 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5191 gen_context(system_u:object_r:aol_port_t,s0)
++portcon udp 5192 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5192 gen_context(system_u:object_r:aol_port_t,s0)
++portcon udp 5193 gen_context(system_u:object_r:aol_port_t,s0)
++portcon tcp 5193 gen_context(system_u:object_r:aol_port_t,s0)
++
++
++
++type apcupsd_port_t, port_type;
++type apcupsd_client_packet_t, packet_type, client_packet_type;
++type apcupsd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3551 gen_context(system_u:object_r:apcupsd_port_t,s0)
++portcon udp 3551 gen_context(system_u:object_r:apcupsd_port_t,s0)
++
++
++
++type asterisk_port_t, port_type;
++type asterisk_client_packet_t, packet_type, client_packet_type;
++type asterisk_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1720 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 2427 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 2727 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 4569 gen_context(system_u:object_r:asterisk_port_t,s0)
++portcon udp 5060 gen_context(system_u:object_r:asterisk_port_t,s0)
++
++
++
++type audit_port_t, port_type;
++type audit_client_packet_t, packet_type, client_packet_type;
++type audit_server_packet_t, packet_type, server_packet_type;
++
++typeattribute audit_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 60 gen_context(system_u:object_r:audit_port_t,s0)
++
++
++
++type auth_port_t, port_type;
++type auth_client_packet_t, packet_type, client_packet_type;
++type auth_server_packet_t, packet_type, server_packet_type;
++
++typeattribute auth_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 113 gen_context(system_u:object_r:auth_port_t,s0)
++
++
++
++type bgp_port_t, port_type;
++type bgp_client_packet_t, packet_type, client_packet_type;
++type bgp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute bgp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 179 gen_context(system_u:object_r:bgp_port_t,s0)
++
++typeattribute bgp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 179 gen_context(system_u:object_r:bgp_port_t,s0)
++portcon tcp 2605 gen_context(system_u:object_r:bgp_port_t,s0)
++portcon udp 2605 gen_context(system_u:object_r:bgp_port_t,s0)
++
++
++type biff_port_t, port_type, reserved_port_type;
++type clamd_port_t, port_type;
++type clamd_client_packet_t, packet_type, client_packet_type;
++type clamd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3310 gen_context(system_u:object_r:clamd_port_t,s0)
++
++
++
++type clockspeed_port_t, port_type;
++type clockspeed_client_packet_t, packet_type, client_packet_type;
++type clockspeed_server_packet_t, packet_type, server_packet_type;
++portcon udp 4041 gen_context(system_u:object_r:clockspeed_port_t,s0)
++
++
++
++type cluster_port_t, port_type;
++type cluster_client_packet_t, packet_type, client_packet_type;
++type cluster_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5149 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 5149 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 40040 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 50006 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 50006 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 50007 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 50007 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon tcp 50008 gen_context(system_u:object_r:cluster_port_t,s0)
++portcon udp 50008 gen_context(system_u:object_r:cluster_port_t,s0)
++
++
++
++type comsat_port_t, port_type;
++type comsat_client_packet_t, packet_type, client_packet_type;
++type comsat_server_packet_t, packet_type, server_packet_type;
++
++typeattribute comsat_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 512 gen_context(system_u:object_r:comsat_port_t,s0)
++
++
++
++type cyphesis_port_t, port_type;
++type cyphesis_client_packet_t, packet_type, client_packet_type;
++type cyphesis_server_packet_t, packet_type, server_packet_type;
++portcon udp 32771 gen_context(system_u:object_r:cyphesis_port_t,s0)
++portcon tcp 6767 gen_context(system_u:object_r:cyphesis_port_t,s0)
++portcon tcp 6769 gen_context(system_u:object_r:cyphesis_port_t,s0)
++
++
++portcon tcp 6780-6799 gen_context(system_u:object_r:cyphesis_port_t, s0)
++
++type cvs_port_t, port_type;
++type cvs_client_packet_t, packet_type, client_packet_type;
++type cvs_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2401 gen_context(system_u:object_r:cvs_port_t,s0)
++portcon udp 2401 gen_context(system_u:object_r:cvs_port_t,s0)
++
++
++
++type dcc_port_t, port_type;
++type dcc_client_packet_t, packet_type, client_packet_type;
++type dcc_server_packet_t, packet_type, server_packet_type;
++portcon udp 6276 gen_context(system_u:object_r:dcc_port_t,s0)
++portcon udp 6277 gen_context(system_u:object_r:dcc_port_t,s0)
++
++
++
++type dbskkd_port_t, port_type;
++type dbskkd_client_packet_t, packet_type, client_packet_type;
++type dbskkd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1178 gen_context(system_u:object_r:dbskkd_port_t,s0)
++
++
++
++type dhcpc_port_t, port_type;
++type dhcpc_client_packet_t, packet_type, client_packet_type;
++type dhcpc_server_packet_t, packet_type, server_packet_type;
++
++typeattribute dhcpc_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 68 gen_context(system_u:object_r:dhcpc_port_t,s0)
++
++
++
++type dhcpd_port_t, port_type;
++type dhcpd_client_packet_t, packet_type, client_packet_type;
++type dhcpd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 67 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon tcp 647 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon udp 647 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon tcp 847 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++typeattribute dhcpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute dhcpd_port_t rpc_port_type;
++
++portcon udp 847 gen_context(system_u:object_r:dhcpd_port_t,s0)
++
++
++
++type dict_port_t, port_type;
++type dict_client_packet_t, packet_type, client_packet_type;
++type dict_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2628 gen_context(system_u:object_r:dict_port_t,s0)
++
++
++
++type distccd_port_t, port_type;
++type distccd_client_packet_t, packet_type, client_packet_type;
++type distccd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3632 gen_context(system_u:object_r:distccd_port_t,s0)
++
++
++
++type dns_port_t, port_type;
++type dns_client_packet_t, packet_type, client_packet_type;
++type dns_server_packet_t, packet_type, server_packet_type;
++
++typeattribute dns_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 53 gen_context(system_u:object_r:dns_port_t,s0)
++
++typeattribute dns_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 53 gen_context(system_u:object_r:dns_port_t,s0)
++
++
++
++type fingerd_port_t, port_type;
++type fingerd_client_packet_t, packet_type, client_packet_type;
++type fingerd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute fingerd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 79 gen_context(system_u:object_r:fingerd_port_t,s0)
++
++
++
++type flash_port_t, port_type;
++type flash_client_packet_t, packet_type, client_packet_type;
++type flash_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1935 gen_context(system_u:object_r:flash_port_t,s0)
++portcon udp 1935 gen_context(system_u:object_r:flash_port_t,s0)
++
++
++
++type ftp_data_port_t, port_type;
++type ftp_data_client_packet_t, packet_type, client_packet_type;
++type ftp_data_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ftp_data_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 20 gen_context(system_u:object_r:ftp_data_port_t,s0)
++
++
++
++type ftp_port_t, port_type;
++type ftp_client_packet_t, packet_type, client_packet_type;
++type ftp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ftp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 21 gen_context(system_u:object_r:ftp_port_t,s0)
++
++
++
++type gatekeeper_port_t, port_type;
++type gatekeeper_client_packet_t, packet_type, client_packet_type;
++type gatekeeper_server_packet_t, packet_type, server_packet_type;
++portcon udp 1718 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++portcon udp 1719 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++portcon tcp 1721 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++portcon tcp 7000 gen_context(system_u:object_r:gatekeeper_port_t,s0)
++
++
++
++type giftd_port_t, port_type;
++type giftd_client_packet_t, packet_type, client_packet_type;
++type giftd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1213 gen_context(system_u:object_r:giftd_port_t,s0)
++
++
++
++type gopher_port_t, port_type;
++type gopher_client_packet_t, packet_type, client_packet_type;
++type gopher_server_packet_t, packet_type, server_packet_type;
++
++typeattribute gopher_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 70 gen_context(system_u:object_r:gopher_port_t,s0)
++
++typeattribute gopher_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 70 gen_context(system_u:object_r:gopher_port_t,s0)
++
++
++
++type http_cache_port_t, port_type;
++type http_cache_client_packet_t, packet_type, client_packet_type;
++type http_cache_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3128 gen_context(system_u:object_r:http_cache_port_t,s0)
++portcon udp 3130 gen_context(system_u:object_r:http_cache_port_t,s0)
++portcon tcp 8080 gen_context(system_u:object_r:http_cache_port_t,s0)
++portcon tcp 8118 gen_context(system_u:object_r:http_cache_port_t,s0)
++
++ # 8118 is for privoxy
++
++type http_port_t, port_type;
++type http_client_packet_t, packet_type, client_packet_type;
++type http_server_packet_t, packet_type, server_packet_type;
++
++typeattribute http_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 80 gen_context(system_u:object_r:http_port_t,s0)
++
++typeattribute http_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 443 gen_context(system_u:object_r:http_port_t,s0)
++
++typeattribute http_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 488 gen_context(system_u:object_r:http_port_t,s0)
++portcon tcp 8008 gen_context(system_u:object_r:http_port_t,s0)
++portcon tcp 8009 gen_context(system_u:object_r:http_port_t,s0)
++portcon tcp 8443 gen_context(system_u:object_r:http_port_t,s0)
++
++ #8443 is mod_nss default port
++
++type howl_port_t, port_type;
++type howl_client_packet_t, packet_type, client_packet_type;
++type howl_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5335 gen_context(system_u:object_r:howl_port_t,s0)
++portcon udp 5353 gen_context(system_u:object_r:howl_port_t,s0)
++
++
++
++type hplip_port_t, port_type;
++type hplip_client_packet_t, packet_type, client_packet_type;
++type hplip_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1782 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 2207 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 2208 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 8290 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 50000 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 50002 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 8292 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9100 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9101 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9102 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9220 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9221 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9222 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9280 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9281 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9282 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9290 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9291 gen_context(system_u:object_r:hplip_port_t,s0)
++portcon tcp 9292 gen_context(system_u:object_r:hplip_port_t,s0)
++
++
++
++type i18n_input_port_t, port_type;
++type i18n_input_client_packet_t, packet_type, client_packet_type;
++type i18n_input_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9010 gen_context(system_u:object_r:i18n_input_port_t,s0)
++
++
++
++type imaze_port_t, port_type;
++type imaze_client_packet_t, packet_type, client_packet_type;
++type imaze_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5323 gen_context(system_u:object_r:imaze_port_t,s0)
++portcon udp 5323 gen_context(system_u:object_r:imaze_port_t,s0)
++
++
++
++type inetd_child_port_t, port_type;
++type inetd_child_client_packet_t, packet_type, client_packet_type;
++type inetd_child_server_packet_t, packet_type, server_packet_type;
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 1 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 1 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 7 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 7 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 9 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 9 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 13 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 13 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 19 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 19 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 37 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 37 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 512 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 543 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 544 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon tcp 891 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon udp 891 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon tcp 892 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++typeattribute inetd_child_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute inetd_child_port_t rpc_port_type;
++
++portcon udp 892 gen_context(system_u:object_r:inetd_child_port_t,s0)
++portcon tcp 2105 gen_context(system_u:object_r:inetd_child_port_t,s0)
++portcon tcp 5666 gen_context(system_u:object_r:inetd_child_port_t,s0)
++
++
++
++type innd_port_t, port_type;
++type innd_client_packet_t, packet_type, client_packet_type;
++type innd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute innd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 119 gen_context(system_u:object_r:innd_port_t,s0)
++
++
++
++type ipp_port_t, port_type;
++type ipp_client_packet_t, packet_type, client_packet_type;
++type ipp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ipp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ipp_port_t rpc_port_type;
++
++portcon tcp 631 gen_context(system_u:object_r:ipp_port_t,s0)
++
++typeattribute ipp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ipp_port_t rpc_port_type;
++
++portcon udp 631 gen_context(system_u:object_r:ipp_port_t,s0)
++
++
++
++type ipsecnat_port_t, port_type;
++type ipsecnat_client_packet_t, packet_type, client_packet_type;
++type ipsecnat_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4500 gen_context(system_u:object_r:ipsecnat_port_t,s0)
++portcon udp 4500 gen_context(system_u:object_r:ipsecnat_port_t,s0)
++
++
++
++type ircd_port_t, port_type;
++type ircd_client_packet_t, packet_type, client_packet_type;
++type ircd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 6667 gen_context(system_u:object_r:ircd_port_t,s0)
++
++
++
++type isakmp_port_t, port_type;
++type isakmp_client_packet_t, packet_type, client_packet_type;
++type isakmp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute isakmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 500 gen_context(system_u:object_r:isakmp_port_t,s0)
++
++
++
++type iscsi_port_t, port_type;
++type iscsi_client_packet_t, packet_type, client_packet_type;
++type iscsi_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3260 gen_context(system_u:object_r:iscsi_port_t,s0)
++
++
++
++type isns_port_t, port_type;
++type isns_client_packet_t, packet_type, client_packet_type;
++type isns_server_packet_t, packet_type, server_packet_type;
++portcon tcp 3205 gen_context(system_u:object_r:isns_port_t,s0)
++portcon udp 3205 gen_context(system_u:object_r:isns_port_t,s0)
++
++
++
++type jabber_client_port_t, port_type;
++type jabber_client_client_packet_t, packet_type, client_packet_type;
++type jabber_client_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5222 gen_context(system_u:object_r:jabber_client_port_t,s0)
++portcon tcp 5223 gen_context(system_u:object_r:jabber_client_port_t,s0)
++
++
++
++type jabber_interserver_port_t, port_type;
++type jabber_interserver_client_packet_t, packet_type, client_packet_type;
++type jabber_interserver_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5269 gen_context(system_u:object_r:jabber_interserver_port_t,s0)
++
++
++
++type kerberos_admin_port_t, port_type;
++type kerberos_admin_client_packet_t, packet_type, client_packet_type;
++type kerberos_admin_server_packet_t, packet_type, server_packet_type;
++
++typeattribute kerberos_admin_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 464 gen_context(system_u:object_r:kerberos_admin_port_t,s0)
++
++typeattribute kerberos_admin_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 464 gen_context(system_u:object_r:kerberos_admin_port_t,s0)
++
++typeattribute kerberos_admin_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kerberos_admin_port_t rpc_port_type;
++
++portcon tcp 749 gen_context(system_u:object_r:kerberos_admin_port_t,s0)
++
++
++
++type kerberos_master_port_t, port_type;
++type kerberos_master_client_packet_t, packet_type, client_packet_type;
++type kerberos_master_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4444 gen_context(system_u:object_r:kerberos_master_port_t,s0)
++portcon udp 4444 gen_context(system_u:object_r:kerberos_master_port_t,s0)
++
++
++
++type kerberos_port_t, port_type;
++type kerberos_client_packet_t, packet_type, client_packet_type;
++type kerberos_server_packet_t, packet_type, server_packet_type;
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 88 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 88 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kerberos_port_t rpc_port_type;
++
++portcon tcp 750 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++typeattribute kerberos_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kerberos_port_t rpc_port_type;
++
++portcon udp 750 gen_context(system_u:object_r:kerberos_port_t,s0)
++
++
++
++type kismet_port_t, port_type;
++type kismet_client_packet_t, packet_type, client_packet_type;
++type kismet_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2501 gen_context(system_u:object_r:kismet_port_t,s0)
++
++
++
++type kprop_port_t, port_type;
++type kprop_client_packet_t, packet_type, client_packet_type;
++type kprop_server_packet_t, packet_type, server_packet_type;
++
++typeattribute kprop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute kprop_port_t rpc_port_type;
++
++portcon tcp 754 gen_context(system_u:object_r:kprop_port_t,s0)
++
++
++
++type ktalkd_port_t, port_type;
++type ktalkd_client_packet_t, packet_type, client_packet_type;
++type ktalkd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ktalkd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 517 gen_context(system_u:object_r:ktalkd_port_t,s0)
++
++typeattribute ktalkd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 518 gen_context(system_u:object_r:ktalkd_port_t,s0)
++
++
++
++type ldap_port_t, port_type;
++type ldap_client_packet_t, packet_type, client_packet_type;
++type ldap_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 389 gen_context(system_u:object_r:ldap_port_t,s0)
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 389 gen_context(system_u:object_r:ldap_port_t,s0)
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ldap_port_t rpc_port_type;
++
++portcon tcp 636 gen_context(system_u:object_r:ldap_port_t,s0)
++
++typeattribute ldap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute ldap_port_t rpc_port_type;
++
++portcon udp 636 gen_context(system_u:object_r:ldap_port_t,s0)
++portcon tcp 3268 gen_context(system_u:object_r:ldap_port_t,s0)
++
++
++type lrrd_port_t, port_type;
++type lmtp_port_t, port_type;
++type lmtp_client_packet_t, packet_type, client_packet_type;
++type lmtp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute lmtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 24 gen_context(system_u:object_r:lmtp_port_t,s0)
++
++typeattribute lmtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 24 gen_context(system_u:object_r:lmtp_port_t,s0)
++
++
++
++type mail_port_t, port_type;
++type mail_client_packet_t, packet_type, client_packet_type;
++type mail_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2000 gen_context(system_u:object_r:mail_port_t,s0)
++
++
++
++type mmcc_port_t, port_type;
++type mmcc_client_packet_t, packet_type, client_packet_type;
++type mmcc_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5050 gen_context(system_u:object_r:mmcc_port_t,s0)
++portcon udp 5050 gen_context(system_u:object_r:mmcc_port_t,s0)
++
++
++
++type monopd_port_t, port_type;
++type monopd_client_packet_t, packet_type, client_packet_type;
++type monopd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1234 gen_context(system_u:object_r:monopd_port_t,s0)
++
++
++
++type msnp_port_t, port_type;
++type msnp_client_packet_t, packet_type, client_packet_type;
++type msnp_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1863 gen_context(system_u:object_r:msnp_port_t,s0)
++portcon udp 1863 gen_context(system_u:object_r:msnp_port_t,s0)
++
++
++
++type munin_port_t, port_type;
++type munin_client_packet_t, packet_type, client_packet_type;
++type munin_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4949 gen_context(system_u:object_r:munin_port_t,s0)
++portcon udp 4949 gen_context(system_u:object_r:munin_port_t,s0)
++
++
++
++type mythtv_port_t, port_type;
++type mythtv_client_packet_t, packet_type, client_packet_type;
++type mythtv_server_packet_t, packet_type, server_packet_type;
++portcon tcp 6543 gen_context(system_u:object_r:mythtv_port_t,s0)
++portcon udp 6543 gen_context(system_u:object_r:mythtv_port_t,s0)
++
++
++
++type mysqld_port_t, port_type;
++type mysqld_client_packet_t, packet_type, client_packet_type;
++type mysqld_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1186 gen_context(system_u:object_r:mysqld_port_t,s0)
++portcon tcp 3306 gen_context(system_u:object_r:mysqld_port_t,s0)
++
++
++portcon tcp 63132-63163 gen_context(system_u:object_r:mysqld_port_t, s0)
++
++type nessus_port_t, port_type;
++type nessus_client_packet_t, packet_type, client_packet_type;
++type nessus_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1241 gen_context(system_u:object_r:nessus_port_t,s0)
++
++
++
++type netsupport_port_t, port_type;
++type netsupport_client_packet_t, packet_type, client_packet_type;
++type netsupport_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5405 gen_context(system_u:object_r:netsupport_port_t,s0)
++portcon udp 5405 gen_context(system_u:object_r:netsupport_port_t,s0)
++
++
++
++type nmbd_port_t, port_type;
++type nmbd_client_packet_t, packet_type, client_packet_type;
++type nmbd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute nmbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 137 gen_context(system_u:object_r:nmbd_port_t,s0)
++
++typeattribute nmbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 138 gen_context(system_u:object_r:nmbd_port_t,s0)
++
++
++
++type ntp_port_t, port_type;
++type ntp_client_packet_t, packet_type, client_packet_type;
++type ntp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ntp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 123 gen_context(system_u:object_r:ntp_port_t,s0)
++
++
++
++type ocsp_port_t, port_type;
++type ocsp_client_packet_t, packet_type, client_packet_type;
++type ocsp_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9080 gen_context(system_u:object_r:ocsp_port_t,s0)
++
++
++
++type openvpn_port_t, port_type;
++type openvpn_client_packet_t, packet_type, client_packet_type;
++type openvpn_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1194 gen_context(system_u:object_r:openvpn_port_t,s0)
++portcon udp 1194 gen_context(system_u:object_r:openvpn_port_t,s0)
++
++
++
++type pegasus_http_port_t, port_type;
++type pegasus_http_client_packet_t, packet_type, client_packet_type;
++type pegasus_http_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5988 gen_context(system_u:object_r:pegasus_http_port_t,s0)
++
++
++
++type pegasus_https_port_t, port_type;
++type pegasus_https_client_packet_t, packet_type, client_packet_type;
++type pegasus_https_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5989 gen_context(system_u:object_r:pegasus_https_port_t,s0)
++
++
++
++type pki_ca_port_t, port_type;
++type pki_ca_client_packet_t, packet_type, client_packet_type;
++type pki_ca_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9180 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9701 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9443 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9444 gen_context(system_u:object_r:pki_ca_port_t,s0)
++portcon tcp 9445 gen_context(system_u:object_r:pki_ca_port_t,s0)
++
++
++
++type pki_kra_port_t, port_type;
++type pki_kra_client_packet_t, packet_type, client_packet_type;
++type pki_kra_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10180 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10701 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10443 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10444 gen_context(system_u:object_r:pki_kra_port_t,s0)
++portcon tcp 10445 gen_context(system_u:object_r:pki_kra_port_t,s0)
++
++
++
++type pki_ocsp_port_t, port_type;
++type pki_ocsp_client_packet_t, packet_type, client_packet_type;
++type pki_ocsp_server_packet_t, packet_type, server_packet_type;
++portcon tcp 11180 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11701 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11443 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11444 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++portcon tcp 11445 gen_context(system_u:object_r:pki_ocsp_port_t,s0)
++
++
++
++type pki_tks_port_t, port_type;
++type pki_tks_client_packet_t, packet_type, client_packet_type;
++type pki_tks_server_packet_t, packet_type, server_packet_type;
++portcon tcp 13180 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13701 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13443 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13444 gen_context(system_u:object_r:pki_tks_port_t,s0)
++portcon tcp 13445 gen_context(system_u:object_r:pki_tks_port_t,s0)
++
++
++
++type pki_ra_port_t, port_type;
++type pki_ra_client_packet_t, packet_type, client_packet_type;
++type pki_ra_server_packet_t, packet_type, server_packet_type;
++portcon tcp 12888 gen_context(system_u:object_r:pki_ra_port_t,s0)
++portcon tcp 12889 gen_context(system_u:object_r:pki_ra_port_t,s0)
++
++
++
++type pki_tps_port_t, port_type;
++type pki_tps_client_packet_t, packet_type, client_packet_type;
++type pki_tps_server_packet_t, packet_type, server_packet_type;
++portcon tcp 7888 gen_context(system_u:object_r:pki_tps_port_t,s0)
++portcon tcp 7889 gen_context(system_u:object_r:pki_tps_port_t,s0)
++
++
++
++type postfix_policyd_port_t, port_type;
++type postfix_policyd_client_packet_t, packet_type, client_packet_type;
++type postfix_policyd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 10031 gen_context(system_u:object_r:postfix_policyd_port_t,s0)
++
++
++
++type pulseaudio_port_t, port_type;
++type pulseaudio_client_packet_t, packet_type, client_packet_type;
++type pulseaudio_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4713 gen_context(system_u:object_r:pulseaudio_port_t,s0)
++
++
++
++type pgpkeyserver_port_t, port_type;
++type pgpkeyserver_client_packet_t, packet_type, client_packet_type;
++type pgpkeyserver_server_packet_t, packet_type, server_packet_type;
++portcon udp 11371 gen_context(system_u:object_r:pgpkeyserver_port_t,s0)
++portcon tcp 11371 gen_context(system_u:object_r:pgpkeyserver_port_t,s0)
++
++
++
++type pop_port_t, port_type;
++type pop_client_packet_t, packet_type, client_packet_type;
++type pop_server_packet_t, packet_type, server_packet_type;
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 106 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 109 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 110 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 143 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 220 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute pop_port_t rpc_port_type;
++
++portcon tcp 993 gen_context(system_u:object_r:pop_port_t,s0)
++
++typeattribute pop_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute pop_port_t rpc_port_type;
++
++portcon tcp 995 gen_context(system_u:object_r:pop_port_t,s0)
++portcon tcp 1109 gen_context(system_u:object_r:pop_port_t,s0)
++
++
++
++type portmap_port_t, port_type;
++type portmap_client_packet_t, packet_type, client_packet_type;
++type portmap_server_packet_t, packet_type, server_packet_type;
++
++typeattribute portmap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 111 gen_context(system_u:object_r:portmap_port_t,s0)
++
++typeattribute portmap_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 111 gen_context(system_u:object_r:portmap_port_t,s0)
++
++
++
++type postgresql_port_t, port_type;
++type postgresql_client_packet_t, packet_type, client_packet_type;
++type postgresql_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5432 gen_context(system_u:object_r:postgresql_port_t,s0)
++
++
++
++type postgrey_port_t, port_type;
++type postgrey_client_packet_t, packet_type, client_packet_type;
++type postgrey_server_packet_t, packet_type, server_packet_type;
++portcon tcp 60000 gen_context(system_u:object_r:postgrey_port_t,s0)
++
++
++
++type prelude_port_t, port_type;
++type prelude_client_packet_t, packet_type, client_packet_type;
++type prelude_server_packet_t, packet_type, server_packet_type;
++portcon tcp 4690 gen_context(system_u:object_r:prelude_port_t,s0)
++portcon udp 4690 gen_context(system_u:object_r:prelude_port_t,s0)
++
++
++
++type printer_port_t, port_type;
++type printer_client_packet_t, packet_type, client_packet_type;
++type printer_server_packet_t, packet_type, server_packet_type;
++
++typeattribute printer_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 515 gen_context(system_u:object_r:printer_port_t,s0)
++
++
++
++type ptal_port_t, port_type;
++type ptal_client_packet_t, packet_type, client_packet_type;
++type ptal_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5703 gen_context(system_u:object_r:ptal_port_t,s0)
++
++
++
++type pxe_port_t, port_type;
++type pxe_client_packet_t, packet_type, client_packet_type;
++type pxe_server_packet_t, packet_type, server_packet_type;
++portcon udp 4011 gen_context(system_u:object_r:pxe_port_t,s0)
++
++
++
++type pyzor_port_t, port_type;
++type pyzor_client_packet_t, packet_type, client_packet_type;
++type pyzor_server_packet_t, packet_type, server_packet_type;
++portcon udp 24441 gen_context(system_u:object_r:pyzor_port_t,s0)
++
++
++
++type radacct_port_t, port_type;
++type radacct_client_packet_t, packet_type, client_packet_type;
++type radacct_server_packet_t, packet_type, server_packet_type;
++portcon udp 1646 gen_context(system_u:object_r:radacct_port_t,s0)
++portcon udp 1813 gen_context(system_u:object_r:radacct_port_t,s0)
++
++
++
++type radius_port_t, port_type;
++type radius_client_packet_t, packet_type, client_packet_type;
++type radius_server_packet_t, packet_type, server_packet_type;
++portcon udp 1645 gen_context(system_u:object_r:radius_port_t,s0)
++portcon udp 1812 gen_context(system_u:object_r:radius_port_t,s0)
++
++
++
++type razor_port_t, port_type;
++type razor_client_packet_t, packet_type, client_packet_type;
++type razor_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2703 gen_context(system_u:object_r:razor_port_t,s0)
++
++
++
++type ricci_port_t, port_type;
++type ricci_client_packet_t, packet_type, client_packet_type;
++type ricci_server_packet_t, packet_type, server_packet_type;
++portcon tcp 11111 gen_context(system_u:object_r:ricci_port_t,s0)
++portcon udp 11111 gen_context(system_u:object_r:ricci_port_t,s0)
++
++
++
++type ricci_modcluster_port_t, port_type;
++type ricci_modcluster_client_packet_t, packet_type, client_packet_type;
++type ricci_modcluster_server_packet_t, packet_type, server_packet_type;
++portcon tcp 16851 gen_context(system_u:object_r:ricci_modcluster_port_t,s0)
++portcon udp 16851 gen_context(system_u:object_r:ricci_modcluster_port_t,s0)
++
++
++
++type rlogind_port_t, port_type;
++type rlogind_client_packet_t, packet_type, client_packet_type;
++type rlogind_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rlogind_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 513 gen_context(system_u:object_r:rlogind_port_t,s0)
++
++
++
++type rndc_port_t, port_type;
++type rndc_client_packet_t, packet_type, client_packet_type;
++type rndc_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rndc_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute rndc_port_t rpc_port_type;
++
++portcon tcp 953 gen_context(system_u:object_r:rndc_port_t,s0)
++
++
++
++type router_port_t, port_type;
++type router_client_packet_t, packet_type, client_packet_type;
++type router_server_packet_t, packet_type, server_packet_type;
++
++typeattribute router_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 520 gen_context(system_u:object_r:router_port_t,s0)
++
++typeattribute router_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 521 gen_context(system_u:object_r:router_port_t,s0)
++
++typeattribute router_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 521 gen_context(system_u:object_r:router_port_t,s0)
++
++
++
++type rsh_port_t, port_type;
++type rsh_client_packet_t, packet_type, client_packet_type;
++type rsh_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rsh_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 514 gen_context(system_u:object_r:rsh_port_t,s0)
++
++
++
++type rsync_port_t, port_type;
++type rsync_client_packet_t, packet_type, client_packet_type;
++type rsync_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rsync_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute rsync_port_t rpc_port_type;
++
++portcon tcp 873 gen_context(system_u:object_r:rsync_port_t,s0)
++
++typeattribute rsync_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute rsync_port_t rpc_port_type;
++
++portcon udp 873 gen_context(system_u:object_r:rsync_port_t,s0)
++
++
++
++type rwho_port_t, port_type;
++type rwho_client_packet_t, packet_type, client_packet_type;
++type rwho_server_packet_t, packet_type, server_packet_type;
++
++typeattribute rwho_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 513 gen_context(system_u:object_r:rwho_port_t,s0)
++
++
++
++type smbd_port_t, port_type;
++type smbd_client_packet_t, packet_type, client_packet_type;
++type smbd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute smbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 137-139 gen_context(system_u:object_r:smbd_port_t,s0)
++
++typeattribute smbd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 445 gen_context(system_u:object_r:smbd_port_t,s0)
++
++
++
++type smtp_port_t, port_type;
++type smtp_client_packet_t, packet_type, client_packet_type;
++type smtp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute smtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 25 gen_context(system_u:object_r:smtp_port_t,s0)
++
++typeattribute smtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 465 gen_context(system_u:object_r:smtp_port_t,s0)
++
++typeattribute smtp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 587 gen_context(system_u:object_r:smtp_port_t,s0)
++
++
++
++type snmp_port_t, port_type;
++type snmp_client_packet_t, packet_type, client_packet_type;
++type snmp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute snmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 161 gen_context(system_u:object_r:snmp_port_t,s0)
++
++typeattribute snmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 162 gen_context(system_u:object_r:snmp_port_t,s0)
++
++typeattribute snmp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 199 gen_context(system_u:object_r:snmp_port_t,s0)
++
++
++
++type spamd_port_t, port_type;
++type spamd_client_packet_t, packet_type, client_packet_type;
++type spamd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute spamd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute spamd_port_t rpc_port_type;
++
++portcon tcp 783 gen_context(system_u:object_r:spamd_port_t,s0)
++
++
++
++type ssh_port_t, port_type;
++type ssh_client_packet_t, packet_type, client_packet_type;
++type ssh_server_packet_t, packet_type, server_packet_type;
++
++typeattribute ssh_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 22 gen_context(system_u:object_r:ssh_port_t,s0)
++
++
++
++type soundd_port_t, port_type;
++type soundd_client_packet_t, packet_type, client_packet_type;
++type soundd_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8000 gen_context(system_u:object_r:soundd_port_t,s0)
++portcon tcp 9433 gen_context(system_u:object_r:soundd_port_t,s0)
++portcon tcp 16001 gen_context(system_u:object_r:soundd_port_t,s0)
++
++
++type socks_port_t, port_type; type stunnel_port_t, port_type;
++type squid_port_t, port_type;
++type squid_client_packet_t, packet_type, client_packet_type;
++type squid_server_packet_t, packet_type, server_packet_type;
++portcon udp 3401 gen_context(system_u:object_r:squid_port_t,s0)
++portcon tcp 3401 gen_context(system_u:object_r:squid_port_t,s0)
++portcon udp 4827 gen_context(system_u:object_r:squid_port_t,s0)
++portcon tcp 4827 gen_context(system_u:object_r:squid_port_t,s0)
++
++ # snmp and htcp
++
++type swat_port_t, port_type;
++type swat_client_packet_t, packet_type, client_packet_type;
++type swat_server_packet_t, packet_type, server_packet_type;
++
++typeattribute swat_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++typeattribute swat_port_t rpc_port_type;
++
++portcon tcp 901 gen_context(system_u:object_r:swat_port_t,s0)
++
++
++
++type syslogd_port_t, port_type;
++type syslogd_client_packet_t, packet_type, client_packet_type;
++type syslogd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute syslogd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 514 gen_context(system_u:object_r:syslogd_port_t,s0)
++
++
++
++type telnetd_port_t, port_type;
++type telnetd_client_packet_t, packet_type, client_packet_type;
++type telnetd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute telnetd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 23 gen_context(system_u:object_r:telnetd_port_t,s0)
++
++
++
++type tftp_port_t, port_type;
++type tftp_client_packet_t, packet_type, client_packet_type;
++type tftp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute tftp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 69 gen_context(system_u:object_r:tftp_port_t,s0)
++
++
++
++type tomcat_port_t, port_type;
++type tomcat_client_packet_t, packet_type, client_packet_type;
++type tomcat_server_packet_t, packet_type, server_packet_type;
++portcon tcp 1701 gen_context(system_u:object_r:tomcat_port_t,s0)
++
++
++
++type tor_port_t, port_type;
++type tor_client_packet_t, packet_type, client_packet_type;
++type tor_server_packet_t, packet_type, server_packet_type;
++portcon tcp 9001 gen_context(system_u:object_r:tor_port_t,s0)
++portcon tcp 9030 gen_context(system_u:object_r:tor_port_t,s0)
++portcon tcp 9050 gen_context(system_u:object_r:tor_port_t,s0)
++portcon tcp 9051 gen_context(system_u:object_r:tor_port_t,s0)
++
++
++
++type traceroute_port_t, port_type;
++type traceroute_client_packet_t, packet_type, client_packet_type;
++type traceroute_server_packet_t, packet_type, server_packet_type;
++portcon udp 64000 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64001 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64002 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64003 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64004 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64005 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64006 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64007 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64008 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64009 gen_context(system_u:object_r:traceroute_port_t,s0)
++portcon udp 64010 gen_context(system_u:object_r:traceroute_port_t,s0)
++
++
++
++type transproxy_port_t, port_type;
++type transproxy_client_packet_t, packet_type, client_packet_type;
++type transproxy_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8081 gen_context(system_u:object_r:transproxy_port_t,s0)
++
++
++type utcpserver_port_t, port_type;
++type uucpd_port_t, port_type;
++type uucpd_client_packet_t, packet_type, client_packet_type;
++type uucpd_server_packet_t, packet_type, server_packet_type;
++
++typeattribute uucpd_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 540 gen_context(system_u:object_r:uucpd_port_t,s0)
++
++
++
++type virt_port_t, port_type;
++type virt_client_packet_t, packet_type, client_packet_type;
++type virt_server_packet_t, packet_type, server_packet_type;
++portcon tcp 16509 gen_context(system_u:object_r:virt_port_t,s0)
++portcon udp 16509 gen_context(system_u:object_r:virt_port_t,s0)
++portcon tcp 16514 gen_context(system_u:object_r:virt_port_t,s0)
++portcon udp 16514 gen_context(system_u:object_r:virt_port_t,s0)
++
++
++
++
++type vnc_port_t, port_type;
++type vnc_client_packet_t, packet_type, client_packet_type;
++type vnc_server_packet_t, packet_type, server_packet_type;
++portcon tcp 5900 gen_context(system_u:object_r:vnc_port_t,s0)
++
++
++# Reserve 100 ports for vnc/virt machines
++portcon tcp 5901-5999 gen_context(system_u:object_r:vnc_port_t, s0)
++
++type whois_port_t, port_type;
++type whois_client_packet_t, packet_type, client_packet_type;
++type whois_server_packet_t, packet_type, server_packet_type;
++
++typeattribute whois_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 43 gen_context(system_u:object_r:whois_port_t,s0)
++
++typeattribute whois_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 43 gen_context(system_u:object_r:whois_port_t,s0)
++portcon tcp 4321 gen_context(system_u:object_r:whois_port_t,s0 )
++portcon udp 4321 gen_context(system_u:object_r:whois_port_t,s0)
++
++
++
++type wccp_port_t, port_type;
++type wccp_client_packet_t, packet_type, client_packet_type;
++type wccp_server_packet_t, packet_type, server_packet_type;
++portcon udp 2048 gen_context(system_u:object_r:wccp_port_t,s0)
++
++
++
++type xdmcp_port_t, port_type;
++type xdmcp_client_packet_t, packet_type, client_packet_type;
++type xdmcp_server_packet_t, packet_type, server_packet_type;
++
++typeattribute xdmcp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon udp 177 gen_context(system_u:object_r:xdmcp_port_t,s0)
++
++typeattribute xdmcp_port_t reserved_port_type;
++#bindresvport in glibc starts searching for reserved ports at 600
++
++portcon tcp 177 gen_context(system_u:object_r:xdmcp_port_t,s0)
++
++
++
++type xen_port_t, port_type;
++type xen_client_packet_t, packet_type, client_packet_type;
++type xen_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8002 gen_context(system_u:object_r:xen_port_t,s0)
++
++
++
++type xfs_port_t, port_type;
++type xfs_client_packet_t, packet_type, client_packet_type;
++type xfs_server_packet_t, packet_type, server_packet_type;
++portcon tcp 7100 gen_context(system_u:object_r:xfs_port_t,s0)
++
++
++
++type xserver_port_t, port_type;
++type xserver_client_packet_t, packet_type, client_packet_type;
++type xserver_server_packet_t, packet_type, server_packet_type;
++portcon tcp 6000 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6001 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6002 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6003 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6004 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6005 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6006 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6007 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6008 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6009 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6010 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6011 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6012 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6013 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6014 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6015 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6016 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6017 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6018 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6019 gen_context(system_u:object_r:xserver_port_t,s0)
++portcon tcp 6020 gen_context(system_u:object_r:xserver_port_t,s0)
++
++
++
++type zebra_port_t, port_type;
++type zebra_client_packet_t, packet_type, client_packet_type;
++type zebra_server_packet_t, packet_type, server_packet_type;
++portcon tcp 2600 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2601 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2602 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2603 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2604 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon tcp 2606 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2600 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2601 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2602 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2603 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2604 gen_context(system_u:object_r:zebra_port_t,s0)
++portcon udp 2606 gen_context(system_u:object_r:zebra_port_t,s0)
++
++
++
++type zope_port_t, port_type;
++type zope_client_packet_t, packet_type, client_packet_type;
++type zope_server_packet_t, packet_type, server_packet_type;
++portcon tcp 8021 gen_context(system_u:object_r:zope_port_t,s0)
+
- miscfiles_read_localization(usernetctl_t)
-
- seutil_read_config(usernetctl_t)
-
- sysnet_read_config(usernetctl_t)
-
-+term_search_ptys(usernetctl_t)
+
- optional_policy(`
- hostname_exec(usernetctl_t)
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.fc serefpolicy-3.3.1/policy/modules/apps/vmware.fc
---- nsaserefpolicy/policy/modules/apps/vmware.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.fc 2009-01-05 11:17:34.000000000 +0100
-@@ -1,9 +1,9 @@
- #
- # HOME_DIR/
- #
--HOME_DIR/\.vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
--HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:ROLE_vmware_conf_t,s0)
--HOME_DIR/vmware(/.*)? gen_context(system_u:object_r:ROLE_vmware_file_t,s0)
-+HOME_DIR/\.vmware(/.*)? gen_context(system_u:object_r:user_vmware_file_t,s0)
-+HOME_DIR/\.vmware[^/]*/.*\.cfg -- gen_context(system_u:object_r:user_vmware_conf_t,s0)
-+HOME_DIR/vmware(/.*)? gen_context(system_u:object_r:user_vmware_file_t,s0)
-
- #
- # /etc
-@@ -21,19 +21,25 @@
- /usr/bin/vmware-nmbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-ping -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-smbd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-+/usr/sbin/vmware-guest.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-smbpasswd -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-smbpasswd\.bin -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
- /usr/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
- /usr/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/sbin/vmware-serverd -- gen_context(system_u:object_r:vmware_exec_t,s0)
-
- /usr/lib/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
- /usr/lib/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
- /usr/lib/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-
- /usr/lib64/vmware/config -- gen_context(system_u:object_r:vmware_sys_conf_t,s0)
- /usr/lib64/vmware/bin/vmware-mks -- gen_context(system_u:object_r:vmware_exec_t,s0)
- /usr/lib64/vmware/bin/vmware-ui -- gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib64/vmware/bin/vmplayer -- gen_context(system_u:object_r:vmware_exec_t,s0)
-+/usr/lib64/vmware/bin/vmware-vmx -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-
- ifdef(`distro_gentoo',`
- /opt/vmware/workstation/bin/vmnet-bridge -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-@@ -49,3 +55,8 @@
- /opt/vmware/workstation/bin/vmware-wizard -- gen_context(system_u:object_r:vmware_exec_t,s0)
- /opt/vmware/workstation/bin/vmware -- gen_context(system_u:object_r:vmware_exec_t,s0)
- ')
-+/var/log/vmware.* -- gen_context(system_u:object_r:vmware_log_t,s0)
-+/var/run/vmnat.* -s gen_context(system_u:object_r:vmware_var_run_t,s0)
-+/var/run/vmware.* gen_context(system_u:object_r:vmware_var_run_t,s0)
-+/usr/lib/vmware-tools/sbin32/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-+/usr/lib/vmware-tools/sbin64/vmware.* -- gen_context(system_u:object_r:vmware_host_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.if serefpolicy-3.3.1/policy/modules/apps/vmware.if
---- nsaserefpolicy/policy/modules/apps/vmware.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.if 2009-01-05 11:17:34.000000000 +0100
-@@ -164,7 +164,7 @@
- sysnet_dns_name_resolve($1_vmware_t)
- sysnet_read_config($1_vmware_t)
-
-- xserver_user_client_template($1,$1_vmware_t,$1_vmware_tmpfs_t)
-+ xserver_user_x_domain_template($1,$1_vmware,$1_vmware_t,$1_vmware_tmpfs_t)
- ')
-
- ########################################
-@@ -202,3 +202,22 @@
-
- allow $1 vmware_sys_conf_t:file append;
- ')
++
++# Defaults for reserved ports. Earlier portcon entries take precedence;
++# these entries just cover any remaining reserved ports not otherwise declared.
++
++portcon tcp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
++portcon udp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
++portcon tcp 1-599 gen_context(system_u:object_r:reserved_port_t, s0)
++portcon udp 1-599 gen_context(system_u:object_r:reserved_port_t, s0)
+
+########################################
-+##
-+## Append to VMWare log files.
-+##
-+##
-+##
-+## Domain allowed access.
-+##
-+##
+#
-+interface(`vmware_append_log',`
-+ gen_require(`
-+ type vmware_log_t;
-+ ')
++# Network nodes
++#
+
-+ logging_search_logs($1)
-+ append_files_pattern($1,vmware_log_t,vmware_log_t)
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/vmware.te serefpolicy-3.3.1/policy/modules/apps/vmware.te
---- nsaserefpolicy/policy/modules/apps/vmware.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/vmware.te 2009-01-05 11:17:34.000000000 +0100
-@@ -22,17 +22,21 @@
- type vmware_var_run_t;
- files_pid_file(vmware_var_run_t)
-
-+type vmware_log_t;
-+logging_log_file(vmware_log_t)
++#
++# node_t is the default type of network nodes.
++# The node_*_t types are used for specific network
++# nodes in net_contexts or net_contexts.mls.
++#
++type node_t, node_type;
++sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh)
+
- ########################################
- #
- # VMWare host local policy
- #
-
--allow vmware_host_t self:capability { setuid net_raw };
-+allow vmware_host_t self:capability { setgid setuid net_raw };
- dontaudit vmware_host_t self:capability sys_tty_config;
--allow vmware_host_t self:process signal_perms;
-+allow vmware_host_t self:process { execstack execmem signal_perms };
- allow vmware_host_t self:fifo_file rw_fifo_file_perms;
- allow vmware_host_t self:unix_stream_socket create_stream_socket_perms;
- allow vmware_host_t self:rawip_socket create_socket_perms;
-+allow vmware_host_t self:tcp_socket create_socket_perms;
-
- # cjp: the ro and rw files should be split up
- manage_files_pattern(vmware_host_t,vmware_sys_conf_t,vmware_sys_conf_t)
-@@ -41,6 +45,11 @@
- manage_sock_files_pattern(vmware_host_t,vmware_var_run_t,vmware_var_run_t)
- files_pid_filetrans(vmware_host_t,vmware_var_run_t,{ file sock_file })
-
-+manage_files_pattern(vmware_host_t,vmware_log_t,vmware_log_t)
-+logging_log_filetrans(vmware_host_t,vmware_log_t,{ file dir })
+
-+files_search_home(vmware_host_t)
++type compat_ipv4_node_t alias node_compat_ipv4_t, node_type;
++nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:: gen_context(system_u:object_r:compat_ipv4_node_t,s0)
+
- kernel_read_kernel_sysctls(vmware_host_t)
- kernel_list_proc(vmware_host_t)
- kernel_read_proc_symlinks(vmware_host_t)
-@@ -63,6 +72,7 @@
- corenet_sendrecv_all_server_packets(vmware_host_t)
-
- dev_read_sysfs(vmware_host_t)
-+dev_read_urand(vmware_host_t)
- dev_rw_vmware(vmware_host_t)
-
- domain_use_interactive_fds(vmware_host_t)
-@@ -99,14 +109,12 @@
- ')
- netutils_domtrans_ping(vmware_host_t)
-
--ifdef(`TODO',`
--# VMWare need access to pcmcia devices for network
- optional_policy(`
--allow kernel_t cardmgr_var_lib_t:dir { getattr search };
--allow kernel_t cardmgr_var_lib_t:file { getattr ioctl read };
-+ unconfined_domain(vmware_host_t)
- ')
--# Vmware create network devices
--allow kernel_t self:capability net_admin;
--allow kernel_t self:netlink_route_socket { bind create getattr nlmsg_read nlmsg_write read write };
--allow kernel_t self:socket create;
+
-+optional_policy(`
-+ xserver_xdm_rw_shm(vmware_host_t)
- ')
+
++type inaddr_any_node_t alias node_inaddr_any_t, node_type;
++nodecon 0.0.0.0 255.255.255.255 gen_context(system_u:object_r:inaddr_any_node_t,s0)
+
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.fc serefpolicy-3.3.1/policy/modules/apps/wine.fc
---- nsaserefpolicy/policy/modules/apps/wine.fc 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.fc 2009-01-05 11:17:34.000000000 +0100
-@@ -1,4 +1,6 @@
- /usr/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
-
--/opt/cxoffice/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
--/opt/picasa/wine/bin/wine -- gen_context(system_u:object_r:wine_exec_t,s0)
-+/opt/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-+/opt/picasa/wine/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-+/opt/google/picasa(/.*)?/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-+HOME_DIR/cxoffice/bin/wine.* -- gen_context(system_u:object_r:wine_exec_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.if serefpolicy-3.3.1/policy/modules/apps/wine.if
---- nsaserefpolicy/policy/modules/apps/wine.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.if 2009-01-05 11:17:34.000000000 +0100
-@@ -49,3 +49,53 @@
- role $2 types wine_t;
- allow wine_t $3:chr_file rw_term_perms;
- ')
+
-+#######################################
-+##
-+## The per role template for the wine module.
-+##
-+##
-+##
-+## This template creates a derived domains which are used
-+## for wine applications.
-+##
-+##
-+##
-+##
-+## The prefix of the user domain (e.g., user
-+## is the prefix for user_t).
-+##
-+##
-+##
-+##
-+## The type of the user domain.
-+##
-+##
-+##
-+##
-+## The role associated with the user domain.
-+##
-+##
++type node_internal_t, node_type;
++type link_local_node_t alias node_link_local_t, node_type;
++nodecon fe80:: ffff:ffff:ffff:ffff:: gen_context(system_u:object_r:link_local_node_t,s0)
++
++
++
++type lo_node_t alias node_lo_t, node_type;
++nodecon 127.0.0.1 255.255.255.255 gen_context(system_u:object_r:lo_node_t,s0 - mls_systemhigh)
++
++
++
++type mapped_ipv4_node_t alias node_mapped_ipv4_t, node_type;
++nodecon ::ffff:0000:0000 ffff:ffff:ffff:ffff:ffff:ffff:: gen_context(system_u:object_r:mapped_ipv4_node_t,s0)
++
++
++
++type multicast_node_t alias node_multicast_t, node_type;
++nodecon ff00:: ff00:: gen_context(system_u:object_r:multicast_node_t,s0 - mls_systemhigh)
++
++
++
++type site_local_node_t alias node_site_local_t, node_type;
++nodecon fec0:: ffc0:: gen_context(system_u:object_r:site_local_node_t,s0)
++
++
++
++type unspec_node_t alias node_unspec_t, node_type;
++nodecon :: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff gen_context(system_u:object_r:unspec_node_t,s0)
++
++
++
++########################################
++#
++# Network Interfaces
+#
-+template(`wine_per_role_template',`
-+ gen_require(`
-+ type wine_exec_t;
-+ ')
+
-+ type $1_wine_t;
-+ domain_type($1_wine_t)
-+ domain_entry_file($1_wine_t,wine_exec_t)
-+ role $3 types $1_wine_t;
++#
++# netif_t is the default type of network interfaces.
++#
++type netif_t, netif_type;
++sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
+
-+ domain_interactive_fd($1_wine_t)
++ifdef(`enable_mls',`
+
-+ userdom_unpriv_usertype($1, $1_wine_t)
+
-+ allow $1_wine_t self:process { execheap execmem };
++gen_require(`type unlabeled_t;')
++type lo_netif_t alias netif_lo_t, netif_type;
++netifcon lo gen_context(system_u:object_r:lo_netif_t,s0 - mls_systemhigh) gen_context(system_u:object_r:unlabeled_t,s0 - mls_systemhigh)
+
-+ domtrans_pattern($2, wine_exec_t, $1_wine_t)
+
-+ optional_policy(`
-+ xserver_xdm_rw_shm($1_wine_t)
-+ ')
-+')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/apps/wine.te serefpolicy-3.3.1/policy/modules/apps/wine.te
---- nsaserefpolicy/policy/modules/apps/wine.te 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/apps/wine.te 2009-01-05 11:17:34.000000000 +0100
-@@ -9,6 +9,7 @@
- type wine_t;
- type wine_exec_t;
- application_domain(wine_t,wine_exec_t)
-+role system_r types wine_t;
-
- ########################################
- #
-@@ -17,10 +18,17 @@
-
- optional_policy(`
- allow wine_t self:process { execstack execmem execheap };
-+ domain_mmap_low_type(wine_t)
-+ domain_mmap_low(wine_t)
- unconfined_domain_noaudit(wine_t)
- files_execmod_all_files(wine_t)
-
-- optional_policy(`
-- hal_dbus_chat(wine_t)
-- ')
-+')
+
-+optional_policy(`
-+ hal_dbus_chat(wine_t)
-+')
++',`
+
-+optional_policy(`
-+ xserver_xdm_rw_shm(wine_t)
- ')
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.fc serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc
---- nsaserefpolicy/policy/modules/kernel/corecommands.fc 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.fc 2009-01-05 11:17:34.000000000 +0100
-@@ -7,11 +7,11 @@
- /bin/d?ash -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/bash2 -- gen_context(system_u:object_r:shell_exec_t,s0)
-+/usr/bin/git-shell -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/ksh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/sash -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/tcsh -- gen_context(system_u:object_r:shell_exec_t,s0)
- /bin/zsh.* -- gen_context(system_u:object_r:shell_exec_t,s0)
--
- #
- # /dev
- #
-@@ -67,6 +67,12 @@
-
- /etc/security/namespace.init -- gen_context(system_u:object_r:bin_t,s0)
-
++typealias netif_t alias { lo_netif_t netif_lo_t };
+
-+/etc/sysconfig/crond -- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/init -- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/libvirtd -- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/netconsole -- gen_context(system_u:object_r:bin_t,s0)
-+/etc/sysconfig/readonly-root -- gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifup-.* -- gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifup-.* -l gen_context(system_u:object_r:bin_t,s0)
- /etc/sysconfig/network-scripts/ifdown-.* -- gen_context(system_u:object_r:bin_t,s0)
-@@ -99,11 +105,6 @@
- /lib/rcscripts/net\.modules\.d/helpers\.d/udhcpc-.* -- gen_context(system_u:object_r:bin_t,s0)
- ')
-
--ifdef(`distro_redhat',`
--/lib/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
--/lib64/dbus-1/dbus-daemon-launch-helper -- gen_context(system_u:object_r:bin_t,s0)
--')
--
- #
- # /sbin
- #
-@@ -127,6 +128,8 @@
- /opt/vmware/workstation/lib/lib/wrapper-gtk24\.sh -- gen_context(system_u:object_r:bin_t,s0)
- ')
-
-+/opt/gutenprint/cups/lib/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
++')
+
- #
- # /usr
- #
-@@ -144,10 +147,7 @@
- /usr/lib(64)?/[^/]*firefox[^/]*/firefox -- gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/apt/methods.+ -- gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/courier(/.*)? gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/backend(/.*)? gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/cgi-bin/.* -- gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/daemon(/.*)? gen_context(system_u:object_r:bin_t,s0)
--/usr/lib(64)?/cups/filter(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/cups(/.*)? gen_context(system_u:object_r:bin_t,s0)
-
- /usr/lib(64)?/cyrus-imapd/.* -- gen_context(system_u:object_r:bin_t,s0)
- /usr/lib(64)?/dpkg/.+ -- gen_context(system_u:object_r:bin_t,s0)
-@@ -178,6 +178,8 @@
- /usr/lib(64)?/xen/bin(/.*)? gen_context(system_u:object_r:bin_t,s0)
-
- /usr/libexec(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/libsexec/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
+
- /usr/libexec/openssh/sftp-server -- gen_context(system_u:object_r:bin_t,s0)
-
- /usr/local/lib(64)?/ipsec/.* -- gen_context(system_u:object_r:bin_t,s0)
-@@ -185,8 +187,12 @@
- /usr/local/Brother(/.*)?/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/local/Printer/[^/]*/cupswrapper(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/local/Printer/[^/]*/lpd(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/local/linuxprinter/filters(/.*)? gen_context(system_u:object_r:bin_t,s0)
-
-+/usr/bin/scponly -- gen_context(system_u:object_r:shell_exec_t,s0)
-+/usr/sbin/scponlyc -- gen_context(system_u:object_r:shell_exec_t,s0)
- /usr/sbin/sesh -- gen_context(system_u:object_r:shell_exec_t,s0)
-+/usr/sbin/smrsh -- gen_context(system_u:object_r:shell_exec_t,s0)
-
- /usr/share/apr-0/build/[^/]+\.sh -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/apr-0/build/libtool -- gen_context(system_u:object_r:bin_t,s0)
-@@ -213,9 +219,11 @@
- /etc/gdm/[^/]+/.* gen_context(system_u:object_r:bin_t,s0)
-
- /usr/lib/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib64/.*/program(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/lib/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
--/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/lib64/bluetooth(/.*)? -- gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib/vmware-tools/sbin32(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib/vmware-tools/sbin64(/.*)? gen_context(system_u:object_r:bin_t,s0)
- /usr/share/authconfig/authconfig-gtk\.py -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/authconfig/authconfig-tui\.py -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/authconfig/authconfig\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -223,7 +231,6 @@
- /usr/share/clamav/clamd-gen -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/clamav/freshclam-sleep -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/fedora-usermgmt/wrapper -- gen_context(system_u:object_r:bin_t,s0)
--/usr/share/hplip/[^/]* -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/hwbrowser/hwbrowser -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/pwlib/make/ptlib-config -- gen_context(system_u:object_r:bin_t,s0)
- /usr/share/pydict/pydict\.py -- gen_context(system_u:object_r:bin_t,s0)
-@@ -284,3 +291,12 @@
- ifdef(`distro_suse',`
- /var/lib/samba/bin/.+ gen_context(system_u:object_r:bin_t,s0)
- ')
-+/usr/lib(64)?/nspluginwrapper/npconfig gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/nspluginwrapper/npviewer gen_context(system_u:object_r:bin_t,s0)
++########################################
++#
++# Unconfined access to this module
++#
+
-+/usr/lib(64)?/ConsoleKit/scripts(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/usr/lib(64)?/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
-+/etc/ConsoleKit/run-session.d(/.*)? gen_context(system_u:object_r:bin_t,s0)
++allow corenet_unconfined_type node_type:node *;
++allow corenet_unconfined_type netif_type:netif *;
++allow corenet_unconfined_type packet_type:packet *;
++allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_connect };
++allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
+
-+/lib/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
-+/lib64/security/pam_krb5/pam_krb5_storetmp -- gen_context(system_u:object_r:bin_t,s0)
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corecommands.if serefpolicy-3.3.1/policy/modules/kernel/corecommands.if
---- nsaserefpolicy/policy/modules/kernel/corecommands.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corecommands.if 2009-01-05 11:17:34.000000000 +0100
-@@ -875,6 +875,7 @@
-
- read_lnk_files_pattern($1,bin_t,bin_t)
- can_exec($1,chroot_exec_t)
-+ allow $1 self:capability sys_chroot;
- ')
-
- ########################################
-diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.if.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in
---- nsaserefpolicy/policy/modules/kernel/corenetwork.if.in 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.if.in 2009-01-05 11:17:34.000000000 +0100
-@@ -1441,10 +1441,11 @@
- #
- interface(`corenet_tcp_bind_all_unreserved_ports',`
- gen_require(`
-- attribute port_type, reserved_port_type;
-+ attribute port_type;
-+ type hi_reserved_port_t, reserved_port_t;
- ')
-
-- allow $1 { port_type -reserved_port_type }:tcp_socket name_bind;
-+ allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:tcp_socket name_bind;
- ')
-
- ########################################
-@@ -1459,10 +1460,11 @@
- #
- interface(`corenet_udp_bind_all_unreserved_ports',`
- gen_require(`
-- attribute port_type, reserved_port_type;
-+ attribute port_type;
-+ type hi_reserved_port_t, reserved_port_t;
- ')
-
-- allow $1 { port_type -reserved_port_type }:udp_socket name_bind;
-+ allow $1 { port_type -hi_reserved_port_t -reserved_port_t }:udp_socket name_bind;
- ')
-
- ########################################
++# Bind to any network address.
++allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
++allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corenetwork.te.in serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in
--- nsaserefpolicy/policy/modules/kernel/corenetwork.te.in 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2009-01-05 11:21:29.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/corenetwork.te.in 2009-01-13 19:18:30.000000000 +0100
@@ -1,5 +1,5 @@
-policy_module(corenetwork,1.2.15)
@@ -7807,7 +70642,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/corene
network_port(xen, tcp,8002,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.fc serefpolicy-3.3.1/policy/modules/kernel/devices.fc
--- nsaserefpolicy/policy/modules/kernel/devices.fc 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,7 +1,7 @@
/dev -d gen_context(system_u:object_r:device_t,s0)
@@ -7934,7 +70769,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.if serefpolicy-3.3.1/policy/modules/kernel/devices.if
--- nsaserefpolicy/policy/modules/kernel/devices.if 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.if 2009-01-13 19:18:30.000000000 +0100
@@ -65,7 +65,7 @@
relabelfrom_dirs_pattern($1,device_t,device_node)
@@ -8361,7 +71196,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/devices.te serefpolicy-3.3.1/policy/modules/kernel/devices.te
--- nsaserefpolicy/policy/modules/kernel/devices.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/devices.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/devices.te 2009-01-13 19:18:30.000000000 +0100
@@ -32,6 +32,12 @@
type apm_bios_t;
dev_node(apm_bios_t)
@@ -8429,7 +71264,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/device
type power_device_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.if serefpolicy-3.3.1/policy/modules/kernel/domain.if
--- nsaserefpolicy/policy/modules/kernel/domain.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.if 2009-01-13 19:18:30.000000000 +0100
@@ -525,7 +525,7 @@
')
@@ -8479,7 +71314,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
## all protocols (TCP, UDP, etc)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.3.1/policy/modules/kernel/domain.te
--- nsaserefpolicy/policy/modules/kernel/domain.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/domain.te 2009-01-13 19:18:30.000000000 +0100
@@ -5,6 +5,13 @@
#
# Declarations
@@ -8553,7 +71388,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.fc serefpolicy-3.3.1/policy/modules/kernel/files.fc
--- nsaserefpolicy/policy/modules/kernel/files.fc 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.fc 2009-01-13 19:18:30.000000000 +0100
@@ -32,6 +32,7 @@
/boot/lost\+found -d gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
/boot/lost\+found/.* <>
@@ -8564,7 +71399,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
# /emul
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.3.1/policy/modules/kernel/files.if
--- nsaserefpolicy/policy/modules/kernel/files.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.if 2009-01-13 19:18:30.000000000 +0100
@@ -110,6 +110,11 @@
##
#
@@ -8952,7 +71787,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.te serefpolicy-3.3.1/policy/modules/kernel/files.te
--- nsaserefpolicy/policy/modules/kernel/files.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/files.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/files.te 2009-01-13 19:18:30.000000000 +0100
@@ -50,11 +50,15 @@
#
# etc_t is the type of the system etc directories.
@@ -8992,7 +71827,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.if serefpolicy-3.3.1/policy/modules/kernel/filesystem.if
--- nsaserefpolicy/policy/modules/kernel/filesystem.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.if 2009-01-13 19:18:30.000000000 +0100
@@ -310,6 +310,25 @@
########################################
@@ -9394,7 +72229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesystem.te serefpolicy-3.3.1/policy/modules/kernel/filesystem.te
--- nsaserefpolicy/policy/modules/kernel/filesystem.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/filesystem.te 2009-01-13 19:18:30.000000000 +0100
@@ -21,10 +21,11 @@
# Use xattrs for the following filesystem types.
@@ -9458,7 +72293,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/filesy
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.if serefpolicy-3.3.1/policy/modules/kernel/kernel.if
--- nsaserefpolicy/policy/modules/kernel/kernel.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.if 2009-01-13 19:18:30.000000000 +0100
@@ -330,6 +330,11 @@
allow $1 self:capability sys_module;
@@ -10129,7 +72964,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel.te serefpolicy-3.3.1/policy/modules/kernel/kernel.te
--- nsaserefpolicy/policy/modules/kernel/kernel.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/kernel.te 2009-01-13 19:18:30.000000000 +0100
@@ -45,6 +45,15 @@
sid kernel gen_context(system_u:system_r:kernel_t,mls_systemhigh)
@@ -10222,7 +73057,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/kernel
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if serefpolicy-3.3.1/policy/modules/kernel/mls.if
--- nsaserefpolicy/policy/modules/kernel/mls.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/mls.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/mls.if 2009-01-13 19:18:30.000000000 +0100
@@ -612,6 +612,26 @@
########################################
##
@@ -10279,7 +73114,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/mls.if
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.if serefpolicy-3.3.1/policy/modules/kernel/selinux.if
--- nsaserefpolicy/policy/modules/kernel/selinux.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/selinux.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/selinux.if 2009-01-13 19:18:30.000000000 +0100
@@ -164,6 +164,7 @@
type security_t;
')
@@ -10400,7 +73235,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinux.te serefpolicy-3.3.1/policy/modules/kernel/selinux.te
--- nsaserefpolicy/policy/modules/kernel/selinux.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/selinux.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/selinux.te 2009-01-13 19:18:30.000000000 +0100
@@ -10,6 +10,7 @@
attribute can_setenforce;
attribute can_setsecparam;
@@ -10424,7 +73259,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/selinu
neverallow ~{ selinux_unconfined_type can_setenforce } security_t:security setenforce;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.fc serefpolicy-3.3.1/policy/modules/kernel/storage.fc
--- nsaserefpolicy/policy/modules/kernel/storage.fc 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/storage.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/storage.fc 2009-01-13 19:18:30.000000000 +0100
@@ -13,6 +13,7 @@
/dev/cm20.* -b gen_context(system_u:object_r:removable_device_t,s0)
/dev/dasd[^/]* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
@@ -10460,7 +73295,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
/dev/ataraid/.* -b gen_context(system_u:object_r:fixed_disk_device_t,mls_systemhigh)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storage.if serefpolicy-3.3.1/policy/modules/kernel/storage.if
--- nsaserefpolicy/policy/modules/kernel/storage.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/storage.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/storage.if 2009-01-13 19:18:30.000000000 +0100
@@ -81,6 +81,26 @@
########################################
@@ -10490,7 +73325,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/storag
## SELinux protections for filesystem objects, and
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/terminal.if serefpolicy-3.3.1/policy/modules/kernel/terminal.if
--- nsaserefpolicy/policy/modules/kernel/terminal.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/kernel/terminal.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/kernel/terminal.if 2009-01-13 19:18:30.000000000 +0100
@@ -525,11 +525,13 @@
interface(`term_use_generic_ptys',`
gen_require(`
@@ -10519,7 +73354,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/termin
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide.if serefpolicy-3.3.1/policy/modules/services/aide.if
--- nsaserefpolicy/policy/modules/services/aide.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/aide.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/aide.if 2009-01-13 19:18:30.000000000 +0100
@@ -79,10 +79,12 @@
allow $1 aide_t:process { ptrace signal_perms };
@@ -10537,7 +73372,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aide
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.fc serefpolicy-3.3.1/policy/modules/services/amavis.fc
--- nsaserefpolicy/policy/modules/services/amavis.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.fc 2009-01-13 19:18:30.000000000 +0100
@@ -3,6 +3,7 @@
/etc/amavisd(/.*)? -- gen_context(system_u:object_r:amavis_etc_t,s0)
@@ -10554,7 +73389,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
+/etc/rc\.d/init\.d/amavis -- gen_context(system_u:object_r:amavis_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.if serefpolicy-3.3.1/policy/modules/services/amavis.if
--- nsaserefpolicy/policy/modules/services/amavis.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.if 2009-01-13 19:18:30.000000000 +0100
@@ -189,6 +189,25 @@
########################################
@@ -10628,7 +73463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amavis.te serefpolicy-3.3.1/policy/modules/services/amavis.te
--- nsaserefpolicy/policy/modules/services/amavis.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/amavis.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/amavis.te 2009-01-13 19:18:30.000000000 +0100
@@ -13,7 +13,7 @@
# configuration files
@@ -10659,7 +73494,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/amav
read_files_pattern(amavis_t,amavis_etc_t,amavis_etc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.fc serefpolicy-3.3.1/policy/modules/services/apache.fc
--- nsaserefpolicy/policy/modules/services/apache.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2009-01-05 11:28:23.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,10 +1,9 @@
-HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_ROLE_content_t,s0)
-
@@ -10741,7 +73576,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+/etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.if serefpolicy-3.3.1/policy/modules/services/apache.if
--- nsaserefpolicy/policy/modules/services/apache.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.if 2009-01-13 19:18:30.000000000 +0100
@@ -13,21 +13,16 @@
#
template(`apache_content_template',`
@@ -11394,7 +74229,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apache.te serefpolicy-3.3.1/policy/modules/services/apache.te
--- nsaserefpolicy/policy/modules/services/apache.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apache.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apache.te 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,8 @@
# Declarations
#
@@ -12036,7 +74871,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apac
+manage_lnk_files_pattern(httpd_t,httpdcontent,httpd_rw_content)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.fc serefpolicy-3.3.1/policy/modules/services/apcupsd.fc
--- nsaserefpolicy/policy/modules/services/apcupsd.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -13,3 +13,5 @@
/var/www/apcupsd/upsfstats\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
/var/www/apcupsd/upsimage\.cgi -- gen_context(system_u:object_r:httpd_apcupsd_cgi_script_exec_t,s0)
@@ -12045,7 +74880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+/etc/rc\.d/init\.d/apcupsd -- gen_context(system_u:object_r:apcupsd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.if serefpolicy-3.3.1/policy/modules/services/apcupsd.if
--- nsaserefpolicy/policy/modules/services/apcupsd.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.if 2009-01-13 19:18:30.000000000 +0100
@@ -90,10 +90,102 @@
##
##
@@ -12152,7 +74987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcupsd.te serefpolicy-3.3.1/policy/modules/services/apcupsd.te
--- nsaserefpolicy/policy/modules/services/apcupsd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apcupsd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apcupsd.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,6 +22,9 @@
type apcupsd_var_run_t;
files_pid_file(apcupsd_var_run_t)
@@ -12177,7 +75012,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apcu
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.te serefpolicy-3.3.1/policy/modules/services/apm.te
--- nsaserefpolicy/policy/modules/services/apm.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/apm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/apm.te 2009-01-13 19:18:30.000000000 +0100
@@ -190,6 +190,10 @@
dbus_stub(apmd_t)
@@ -12191,7 +75026,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/apm.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.fc serefpolicy-3.3.1/policy/modules/services/arpwatch.fc
--- nsaserefpolicy/policy/modules/services/arpwatch.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.fc 2009-01-13 19:18:30.000000000 +0100
@@ -9,3 +9,5 @@
#
/var/arpwatch(/.*)? gen_context(system_u:object_r:arpwatch_data_t,s0)
@@ -12200,7 +75035,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
+/etc/rc\.d/init\.d/arpwatch -- gen_context(system_u:object_r:arpwatch_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.if serefpolicy-3.3.1/policy/modules/services/arpwatch.if
--- nsaserefpolicy/policy/modules/services/arpwatch.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.if 2009-01-13 19:18:30.000000000 +0100
@@ -90,3 +90,73 @@
dontaudit $1 arpwatch_t:packet_socket { read write };
@@ -12277,7 +75112,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpwatch.te serefpolicy-3.3.1/policy/modules/services/arpwatch.te
--- nsaserefpolicy/policy/modules/services/arpwatch.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/arpwatch.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/arpwatch.te 2009-01-13 19:18:30.000000000 +0100
@@ -19,6 +19,9 @@
type arpwatch_var_run_t;
files_pid_file(arpwatch_var_run_t)
@@ -12290,7 +75125,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/arpw
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.fc serefpolicy-3.3.1/policy/modules/services/asterisk.fc
--- nsaserefpolicy/policy/modules/services/asterisk.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.fc 2009-01-13 19:18:30.000000000 +0100
@@ -6,3 +6,4 @@
/var/log/asterisk(/.*)? gen_context(system_u:object_r:asterisk_log_t,s0)
/var/run/asterisk(/.*)? gen_context(system_u:object_r:asterisk_var_run_t,s0)
@@ -12298,7 +75133,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
+/etc/rc\.d/init\.d/asterisk -- gen_context(system_u:object_r:asterisk_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.if serefpolicy-3.3.1/policy/modules/services/asterisk.if
--- nsaserefpolicy/policy/modules/services/asterisk.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,83 @@
## Asterisk IP telephony server
+
@@ -12385,7 +75220,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/asterisk.te serefpolicy-3.3.1/policy/modules/services/asterisk.te
--- nsaserefpolicy/policy/modules/services/asterisk.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/asterisk.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/asterisk.te 2009-01-13 19:18:30.000000000 +0100
@@ -31,6 +31,9 @@
type asterisk_var_run_t;
files_pid_file(asterisk_var_run_t)
@@ -12398,7 +75233,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/aste
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.fc serefpolicy-3.3.1/policy/modules/services/automount.fc
--- nsaserefpolicy/policy/modules/services/automount.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.fc 2009-01-13 19:18:30.000000000 +0100
@@ -12,4 +12,7 @@
# /var
#
@@ -12410,7 +75245,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.if serefpolicy-3.3.1/policy/modules/services/automount.if
--- nsaserefpolicy/policy/modules/services/automount.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.if 2009-01-13 19:18:30.000000000 +0100
@@ -74,3 +74,109 @@
dontaudit $1 automount_tmp_t:dir getattr;
@@ -12523,7 +75358,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/automount.te serefpolicy-3.3.1/policy/modules/services/automount.te
--- nsaserefpolicy/policy/modules/services/automount.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/automount.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/automount.te 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,9 @@
files_tmp_file(automount_tmp_t)
files_mountpoint(automount_tmp_t)
@@ -12628,7 +75463,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/auto
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.fc serefpolicy-3.3.1/policy/modules/services/avahi.fc
--- nsaserefpolicy/policy/modules/services/avahi.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,5 +1,9 @@
+/etc/rc\.d/init\.d/avahi.* -- gen_context(system_u:object_r:avahi_initrc_exec_t,s0)
@@ -12641,7 +75476,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
/var/run/avahi-daemon(/.*)? gen_context(system_u:object_r:avahi_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.if serefpolicy-3.3.1/policy/modules/services/avahi.if
--- nsaserefpolicy/policy/modules/services/avahi.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.if 2009-01-13 19:18:30.000000000 +0100
@@ -2,6 +2,103 @@
########################################
@@ -12794,7 +75629,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avahi.te serefpolicy-3.3.1/policy/modules/services/avahi.te
--- nsaserefpolicy/policy/modules/services/avahi.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/avahi.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/avahi.te 2009-01-13 19:18:30.000000000 +0100
@@ -10,6 +10,12 @@
type avahi_exec_t;
init_daemon_domain(avahi_t,avahi_exec_t)
@@ -12846,7 +75681,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/avah
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.fc serefpolicy-3.3.1/policy/modules/services/bind.fc
--- nsaserefpolicy/policy/modules/services/bind.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.fc 2009-01-13 19:18:30.000000000 +0100
@@ -49,3 +49,5 @@
/var/named/chroot/var/log/named.* -- gen_context(system_u:object_r:named_log_t,s0)
/var/named/dynamic(/.*)? gen_context(system_u:object_r:named_cache_t,s0)
@@ -12855,7 +75690,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
+/etc/rc\.d/init\.d/named -- gen_context(system_u:object_r:named_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.if serefpolicy-3.3.1/policy/modules/services/bind.if
--- nsaserefpolicy/policy/modules/services/bind.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.if 2009-01-13 19:18:30.000000000 +0100
@@ -38,6 +38,42 @@
########################################
@@ -12996,7 +75831,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.3.1/policy/modules/services/bind.te
--- nsaserefpolicy/policy/modules/services/bind.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bind.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bind.te 2009-01-13 19:18:30.000000000 +0100
@@ -53,6 +53,9 @@
init_system_domain(ndc_t,ndc_exec_t)
role system_r types ndc_t;
@@ -13035,7 +75870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
domain_use_interactive_fds(ndc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.fc serefpolicy-3.3.1/policy/modules/services/bitlbee.fc
--- nsaserefpolicy/policy/modules/services/bitlbee.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,3 +1,6 @@
/usr/sbin/bitlbee -- gen_context(system_u:object_r:bitlbee_exec_t,s0)
/etc/bitlbee(/.*)? gen_context(system_u:object_r:bitlbee_conf_t,s0)
@@ -13045,7 +75880,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
+/etc/rc\.d/init\.d/bitlbee -- gen_context(system_u:object_r:bitlbee_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.if serefpolicy-3.3.1/policy/modules/services/bitlbee.if
--- nsaserefpolicy/policy/modules/services/bitlbee.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.if 2009-01-13 19:18:30.000000000 +0100
@@ -20,3 +20,70 @@
allow $1 bitlbee_conf_t:file { read getattr };
')
@@ -13119,7 +75954,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitlbee.te serefpolicy-3.3.1/policy/modules/services/bitlbee.te
--- nsaserefpolicy/policy/modules/services/bitlbee.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bitlbee.te 2009-01-13 19:18:30.000000000 +0100
@@ -17,6 +17,12 @@
type bitlbee_var_t;
files_type(bitlbee_var_t)
@@ -13173,7 +76008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bitl
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.fc serefpolicy-3.3.1/policy/modules/services/bluetooth.fc
--- nsaserefpolicy/policy/modules/services/bluetooth.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.fc 2009-01-13 19:18:30.000000000 +0100
@@ -22,3 +22,8 @@
#
/var/lib/bluetooth(/.*)? gen_context(system_u:object_r:bluetooth_var_lib_t,s0)
@@ -13185,7 +76020,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
+/etc/rc\.d/init\.d/pand -- gen_context(system_u:object_r:bluetooth_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.if serefpolicy-3.3.1/policy/modules/services/bluetooth.if
--- nsaserefpolicy/policy/modules/services/bluetooth.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,7 +35,7 @@
template(`bluetooth_per_role_template',`
gen_require(`
@@ -13295,7 +76130,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bluetooth.te serefpolicy-3.3.1/policy/modules/services/bluetooth.te
--- nsaserefpolicy/policy/modules/services/bluetooth.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/bluetooth.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/bluetooth.te 2009-01-13 19:18:30.000000000 +0100
@@ -32,19 +32,22 @@
type bluetooth_var_run_t;
files_pid_file(bluetooth_var_run_t)
@@ -13366,7 +76201,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/blue
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.fc serefpolicy-3.3.1/policy/modules/services/canna.fc
--- nsaserefpolicy/policy/modules/services/canna.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.fc 2009-01-13 19:18:30.000000000 +0100
@@ -20,3 +20,5 @@
/var/run/\.iroha_unix -d gen_context(system_u:object_r:canna_var_run_t,s0)
/var/run/\.iroha_unix/.* -s gen_context(system_u:object_r:canna_var_run_t,s0)
@@ -13375,7 +76210,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
+/etc/rc\.d/init\.d/canna -- gen_context(system_u:object_r:canna_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.if serefpolicy-3.3.1/policy/modules/services/canna.if
--- nsaserefpolicy/policy/modules/services/canna.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.if 2009-01-13 19:18:30.000000000 +0100
@@ -18,3 +18,74 @@
files_search_pids($1)
stream_connect_pattern($1,canna_var_run_t,canna_var_run_t,canna_t)
@@ -13453,7 +76288,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/canna.te serefpolicy-3.3.1/policy/modules/services/canna.te
--- nsaserefpolicy/policy/modules/services/canna.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/canna.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/canna.te 2009-01-13 19:18:30.000000000 +0100
@@ -19,6 +19,9 @@
type canna_var_run_t;
files_pid_file(canna_var_run_t)
@@ -13466,7 +76301,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cann
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.fc serefpolicy-3.3.1/policy/modules/services/clamav.fc
--- nsaserefpolicy/policy/modules/services/clamav.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.fc 2009-01-13 19:18:30.000000000 +0100
@@ -5,16 +5,18 @@
/usr/bin/freshclam -- gen_context(system_u:object_r:freshclam_exec_t,s0)
@@ -13493,7 +76328,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
+/etc/rc\.d/init\.d/clamd-wrapper -- gen_context(system_u:object_r:clamd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.if serefpolicy-3.3.1/policy/modules/services/clamav.if
--- nsaserefpolicy/policy/modules/services/clamav.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.if 2009-01-13 19:18:30.000000000 +0100
@@ -38,6 +38,27 @@
########################################
@@ -13641,7 +76476,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clamav.te serefpolicy-3.3.1/policy/modules/services/clamav.te
--- nsaserefpolicy/policy/modules/services/clamav.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/clamav.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/clamav.te 2009-01-13 19:18:30.000000000 +0100
@@ -13,7 +13,7 @@
# configuration files
@@ -13731,7 +76566,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/clam
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.fc serefpolicy-3.3.1/policy/modules/services/consolekit.fc
--- nsaserefpolicy/policy/modules/services/consolekit.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,3 +1,6 @@
/usr/sbin/console-kit-daemon -- gen_context(system_u:object_r:consolekit_exec_t,s0)
@@ -13741,7 +76576,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+/var/log/ConsoleKit(/.*)? gen_context(system_u:object_r:consolekit_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.if serefpolicy-3.3.1/policy/modules/services/consolekit.if
--- nsaserefpolicy/policy/modules/services/consolekit.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.if 2009-01-13 19:18:30.000000000 +0100
@@ -38,3 +38,24 @@
allow $1 consolekit_t:dbus send_msg;
allow consolekit_t $1:dbus send_msg;
@@ -13769,7 +76604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/consolekit.te serefpolicy-3.3.1/policy/modules/services/consolekit.te
--- nsaserefpolicy/policy/modules/services/consolekit.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/consolekit.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/consolekit.te 2009-01-13 19:18:30.000000000 +0100
@@ -13,6 +13,9 @@
type consolekit_var_run_t;
files_pid_file(consolekit_var_run_t)
@@ -13887,7 +76722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cons
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.fc serefpolicy-3.3.1/policy/modules/services/courier.fc
--- nsaserefpolicy/policy/modules/services/courier.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,5 @@
/etc/courier(/.*)? gen_context(system_u:object_r:courier_etc_t,s0)
+/etc/authlib(/.*)? gen_context(system_u:object_r:courier_etc_t,s0)
@@ -13923,7 +76758,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
+/var/spool/authdaemon(/.*)? gen_context(system_u:object_r:courier_spool_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.if serefpolicy-3.3.1/policy/modules/services/courier.if
--- nsaserefpolicy/policy/modules/services/courier.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.if 2009-01-13 19:18:30.000000000 +0100
@@ -123,3 +123,77 @@
domtrans_pattern($1, courier_pop_exec_t, courier_pop_t)
@@ -14004,7 +76839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/courier.te serefpolicy-3.3.1/policy/modules/services/courier.te
--- nsaserefpolicy/policy/modules/services/courier.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/courier.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/courier.te 2009-01-13 19:18:30.000000000 +0100
@@ -9,7 +9,10 @@
courier_domain_template(authdaemon)
@@ -14037,7 +76872,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cour
# Calendar (PCP) local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.fc serefpolicy-3.3.1/policy/modules/services/cron.fc
--- nsaserefpolicy/policy/modules/services/cron.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.fc 2009-01-13 19:18:30.000000000 +0100
@@ -17,6 +17,8 @@
/var/run/fcron\.fifo -s gen_context(system_u:object_r:crond_var_run_t,s0)
/var/run/fcron\.pid -- gen_context(system_u:object_r:crond_var_run_t,s0)
@@ -14054,7 +76889,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+/var/lib/misc(/.*)? gen_context(system_u:object_r:system_crond_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.if serefpolicy-3.3.1/policy/modules/services/cron.if
--- nsaserefpolicy/policy/modules/services/cron.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,38 +35,24 @@
#
template(`cron_per_role_template',`
@@ -14409,7 +77244,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron.te serefpolicy-3.3.1/policy/modules/services/cron.te
--- nsaserefpolicy/policy/modules/services/cron.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cron.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cron.te 2009-01-13 19:18:30.000000000 +0100
@@ -12,14 +12,6 @@
##
@@ -14687,7 +77522,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cron
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.fc serefpolicy-3.3.1/policy/modules/services/cups.fc
--- nsaserefpolicy/policy/modules/services/cups.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.fc 2009-01-05 11:26:40.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.fc 2009-01-13 19:18:30.000000000 +0100
@@ -8,24 +8,35 @@
/etc/cups/ppd/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
/etc/cups/ppds\.dat -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
@@ -14759,7 +77594,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+/usr/lib/cups/backend/cups-pdf -- gen_context(system_u:object_r:cups_pdf_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.if serefpolicy-3.3.1/policy/modules/services/cups.if
--- nsaserefpolicy/policy/modules/services/cups.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.if 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,30 @@
########################################
@@ -14919,7 +77754,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups.te serefpolicy-3.3.1/policy/modules/services/cups.te
--- nsaserefpolicy/policy/modules/services/cups.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cups.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cups.te 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,9 @@
type cupsd_etc_t;
files_config_file(cupsd_etc_t)
@@ -15256,7 +78091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
optional_policy(`
seutil_sigchld_newrole(hplip_t)
-@@ -645,3 +703,45 @@
+@@ -645,3 +703,57 @@
optional_policy(`
udev_read_db(ptal_t)
')
@@ -15302,9 +78137,21 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cups
+
+userdom_dontaudit_read_sysadm_home_content_files(cups_pdf_t)
+
++tunable_policy(`use_nfs_home_dirs',`
++ fs_manage_nfs_dirs(cups_pdf_t)
++ fs_manage_nfs_files(cups_pdf_t)
++')
++
++tunable_policy(`use_samba_home_dirs',`
++ fs_manage_cifs_dirs(cups_pdf_t)
++ fs_manage_cifs_files(cups_pdf_t)
++')
++
++
++
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.fc serefpolicy-3.3.1/policy/modules/services/cvs.fc
--- nsaserefpolicy/policy/modules/services/cvs.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.fc 2009-01-13 19:18:30.000000000 +0100
@@ -5,3 +5,6 @@
/var/cvs(/.*)? gen_context(system_u:object_r:cvs_data_t,s0)
@@ -15314,7 +78161,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
+/var/www/cgi-bin/cvsweb\.cgi -- gen_context(system_u:object_r:httpd_cvs_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.if serefpolicy-3.3.1/policy/modules/services/cvs.if
--- nsaserefpolicy/policy/modules/services/cvs.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.if 2009-01-13 19:18:30.000000000 +0100
@@ -36,3 +36,72 @@
can_exec($1,cvs_exec_t)
@@ -15390,7 +78237,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.te serefpolicy-3.3.1/policy/modules/services/cvs.te
--- nsaserefpolicy/policy/modules/services/cvs.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cvs.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cvs.te 2009-01-13 19:18:30.000000000 +0100
@@ -28,6 +28,9 @@
type cvs_var_run_t;
files_pid_file(cvs_var_run_t)
@@ -15446,7 +78293,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cvs.
+files_tmp_filetrans(httpd_cvs_script_t, cvs_tmp_t, { file dir })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.fc serefpolicy-3.3.1/policy/modules/services/cyphesis.fc
--- nsaserefpolicy/policy/modules/services/cyphesis.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,6 @@
+
+/usr/bin/cyphesis -- gen_context(system_u:object_r:cyphesis_exec_t,s0)
@@ -15456,7 +78303,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
+/var/run/cyphesis(/.*)? gen_context(system_u:object_r:cyphesis_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.if serefpolicy-3.3.1/policy/modules/services/cyphesis.if
--- nsaserefpolicy/policy/modules/services/cyphesis.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,19 @@
+## policy for cyphesis
+
@@ -15479,7 +78326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyphesis.te serefpolicy-3.3.1/policy/modules/services/cyphesis.te
--- nsaserefpolicy/policy/modules/services/cyphesis.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyphesis.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,92 @@
+policy_module(cyphesis,1.0.0)
+
@@ -15575,7 +78422,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyph
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.fc serefpolicy-3.3.1/policy/modules/services/cyrus.fc
--- nsaserefpolicy/policy/modules/services/cyrus.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.fc 2009-01-13 19:18:30.000000000 +0100
@@ -2,3 +2,5 @@
/usr/lib(64)?/cyrus-imapd/cyrus-master -- gen_context(system_u:object_r:cyrus_exec_t,s0)
@@ -15584,7 +78431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
+/etc/rc\.d/init\.d/cyrus -- gen_context(system_u:object_r:cyrus_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.if serefpolicy-3.3.1/policy/modules/services/cyrus.if
--- nsaserefpolicy/policy/modules/services/cyrus.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.if 2009-01-13 19:18:30.000000000 +0100
@@ -39,3 +39,74 @@
files_search_var_lib($1)
stream_connect_pattern($1,cyrus_var_lib_t,cyrus_var_lib_t,cyrus_t)
@@ -15662,7 +78509,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyrus.te serefpolicy-3.3.1/policy/modules/services/cyrus.te
--- nsaserefpolicy/policy/modules/services/cyrus.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/cyrus.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/cyrus.te 2009-01-13 19:18:30.000000000 +0100
@@ -19,6 +19,9 @@
type cyrus_var_run_t;
files_pid_file(cyrus_var_run_t)
@@ -15675,7 +78522,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/cyru
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.fc serefpolicy-3.3.1/policy/modules/services/dbus.fc
--- nsaserefpolicy/policy/modules/services/dbus.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.fc 2009-01-13 19:18:30.000000000 +0100
@@ -4,6 +4,9 @@
/usr/bin/dbus-daemon(-1)? -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
/bin/dbus-daemon -- gen_context(system_u:object_r:system_dbusd_exec_t,s0)
@@ -15688,7 +78535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
/var/run/dbus(/.*)? gen_context(system_u:object_r:system_dbusd_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.if serefpolicy-3.3.1/policy/modules/services/dbus.if
--- nsaserefpolicy/policy/modules/services/dbus.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.if 2009-01-13 19:18:30.000000000 +0100
@@ -53,6 +53,7 @@
gen_require(`
type system_dbusd_exec_t, system_dbusd_t, dbusd_etc_t;
@@ -15977,7 +78824,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus.te serefpolicy-3.3.1/policy/modules/services/dbus.te
--- nsaserefpolicy/policy/modules/services/dbus.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dbus.te 2009-01-13 19:18:30.000000000 +0100
@@ -9,9 +9,10 @@
#
# Delcarations
@@ -16100,7 +78947,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dbus
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.if serefpolicy-3.3.1/policy/modules/services/dcc.if
--- nsaserefpolicy/policy/modules/services/dcc.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dcc.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dcc.if 2009-01-13 19:18:30.000000000 +0100
@@ -72,6 +72,24 @@
########################################
@@ -16128,7 +78975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.te serefpolicy-3.3.1/policy/modules/services/dcc.te
--- nsaserefpolicy/policy/modules/services/dcc.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dcc.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dcc.te 2009-01-13 19:18:30.000000000 +0100
@@ -105,6 +105,8 @@
files_read_etc_files(cdcc_t)
files_read_etc_runtime_files(cdcc_t)
@@ -16290,7 +79137,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dcc.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.fc serefpolicy-3.3.1/policy/modules/services/ddclient.fc
--- nsaserefpolicy/policy/modules/services/ddclient.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.fc 2009-01-13 19:18:30.000000000 +0100
@@ -9,3 +9,5 @@
/var/log/ddtcd\.log.* -- gen_context(system_u:object_r:ddclient_log_t,s0)
/var/run/ddclient\.pid -- gen_context(system_u:object_r:ddclient_var_run_t,s0)
@@ -16299,7 +79146,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.if serefpolicy-3.3.1/policy/modules/services/ddclient.if
--- nsaserefpolicy/policy/modules/services/ddclient.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.if 2009-01-13 19:18:30.000000000 +0100
@@ -18,3 +18,81 @@
corecmd_search_bin($1)
domtrans_pattern($1, ddclient_exec_t, ddclient_t)
@@ -16384,7 +79231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddclient.te serefpolicy-3.3.1/policy/modules/services/ddclient.te
--- nsaserefpolicy/policy/modules/services/ddclient.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ddclient.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ddclient.te 2009-01-13 19:18:30.000000000 +0100
@@ -11,7 +11,7 @@
init_daemon_domain(ddclient_t,ddclient_exec_t)
@@ -16406,7 +79253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ddcl
# Declarations
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.fc serefpolicy-3.3.1/policy/modules/services/dhcp.fc
--- nsaserefpolicy/policy/modules/services/dhcp.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.fc 2009-01-13 19:18:30.000000000 +0100
@@ -5,3 +5,6 @@
/var/lib/dhcp(3)?/dhcpd\.leases.* -- gen_context(system_u:object_r:dhcpd_state_t,s0)
@@ -16416,7 +79263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.if serefpolicy-3.3.1/policy/modules/services/dhcp.if
--- nsaserefpolicy/policy/modules/services/dhcp.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.if 2009-01-13 19:18:30.000000000 +0100
@@ -19,3 +19,71 @@
sysnet_search_dhcp_state($1)
allow $1 dhcpd_state_t:file setattr;
@@ -16491,7 +79338,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp.te serefpolicy-3.3.1/policy/modules/services/dhcp.te
--- nsaserefpolicy/policy/modules/services/dhcp.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dhcp.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dhcp.te 2009-01-13 19:18:30.000000000 +0100
@@ -19,18 +19,20 @@
type dhcpd_var_run_t;
files_pid_file(dhcpd_var_run_t)
@@ -16557,7 +79404,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dhcp
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.fc serefpolicy-3.3.1/policy/modules/services/dictd.fc
--- nsaserefpolicy/policy/modules/services/dictd.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -4,3 +4,6 @@
/usr/sbin/dictd -- gen_context(system_u:object_r:dictd_exec_t,s0)
@@ -16567,7 +79414,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
+/etc/rc\.d/init\.d/dictd -- gen_context(system_u:object_r:dictd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.if serefpolicy-3.3.1/policy/modules/services/dictd.if
--- nsaserefpolicy/policy/modules/services/dictd.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.if 2009-01-13 19:18:30.000000000 +0100
@@ -14,3 +14,73 @@
interface(`dictd_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -16644,7 +79491,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dictd.te serefpolicy-3.3.1/policy/modules/services/dictd.te
--- nsaserefpolicy/policy/modules/services/dictd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dictd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dictd.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,12 @@
type dictd_var_lib_t alias var_lib_dictd_t;
files_type(dictd_var_lib_t)
@@ -16670,7 +79517,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dict
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.fc serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc
--- nsaserefpolicy/policy/modules/services/dnsmasq.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,7 @@
/usr/sbin/dnsmasq -- gen_context(system_u:object_r:dnsmasq_exec_t,s0)
@@ -16681,7 +79528,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
+/etc/rc\.d/init\.d/dnsmasq -- gen_context(system_u:object_r:dnsmasq_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.if serefpolicy-3.3.1/policy/modules/services/dnsmasq.if
--- nsaserefpolicy/policy/modules/services/dnsmasq.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,144 @@
## dnsmasq DNS forwarder and DHCP server
+
@@ -16829,7 +79676,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsmasq.te serefpolicy-3.3.1/policy/modules/services/dnsmasq.te
--- nsaserefpolicy/policy/modules/services/dnsmasq.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dnsmasq.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,9 @@
type dnsmasq_var_run_t;
files_pid_file(dnsmasq_var_run_t)
@@ -16877,7 +79724,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dnsm
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.fc serefpolicy-3.3.1/policy/modules/services/dovecot.fc
--- nsaserefpolicy/policy/modules/services/dovecot.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.fc 2009-01-13 19:18:30.000000000 +0100
@@ -17,23 +17,24 @@
ifdef(`distro_debian', `
@@ -16910,7 +79757,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+/etc/rc\.d/init\.d/dovecot -- gen_context(system_u:object_r:dovecot_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.if serefpolicy-3.3.1/policy/modules/services/dovecot.if
--- nsaserefpolicy/policy/modules/services/dovecot.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.if 2009-01-13 19:18:30.000000000 +0100
@@ -21,7 +21,46 @@
########################################
@@ -17051,7 +79898,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dovecot.te serefpolicy-3.3.1/policy/modules/services/dovecot.te
--- nsaserefpolicy/policy/modules/services/dovecot.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/dovecot.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/dovecot.te 2009-01-13 19:18:30.000000000 +0100
@@ -15,6 +15,15 @@
domain_entry_file(dovecot_auth_t,dovecot_auth_exec_t)
role system_r types dovecot_auth_t;
@@ -17208,7 +80055,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/dove
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.if serefpolicy-3.3.1/policy/modules/services/exim.if
--- nsaserefpolicy/policy/modules/services/exim.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/exim.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/exim.if 2009-01-13 19:18:30.000000000 +0100
@@ -97,6 +97,26 @@
########################################
@@ -17262,7 +80109,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim.te serefpolicy-3.3.1/policy/modules/services/exim.te
--- nsaserefpolicy/policy/modules/services/exim.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/exim.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/exim.te 2009-01-13 19:18:30.000000000 +0100
@@ -21,9 +21,20 @@
##
gen_tunable(exim_manage_user_files,false)
@@ -17451,7 +80298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/exim
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.fc serefpolicy-3.3.1/policy/modules/services/fail2ban.fc
--- nsaserefpolicy/policy/modules/services/fail2ban.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,3 +1,8 @@
/usr/bin/fail2ban -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
+/usr/bin/fail2ban-server -- gen_context(system_u:object_r:fail2ban_exec_t,s0)
@@ -17464,7 +80311,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.if serefpolicy-3.3.1/policy/modules/services/fail2ban.if
--- nsaserefpolicy/policy/modules/services/fail2ban.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.if 2009-01-13 19:18:30.000000000 +0100
@@ -78,3 +78,68 @@
files_search_pids($1)
allow $1 fail2ban_var_run_t:file read_file_perms;
@@ -17536,7 +80383,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail2ban.te serefpolicy-3.3.1/policy/modules/services/fail2ban.te
--- nsaserefpolicy/policy/modules/services/fail2ban.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fail2ban.te 2009-01-13 19:18:30.000000000 +0100
@@ -18,6 +18,9 @@
type fail2ban_var_run_t;
files_pid_file(fail2ban_var_run_t)
@@ -17610,7 +80457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fail
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.fc serefpolicy-3.3.1/policy/modules/services/fetchmail.fc
--- nsaserefpolicy/policy/modules/services/fetchmail.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.fc 2009-01-13 19:18:30.000000000 +0100
@@ -17,3 +17,4 @@
/var/run/fetchmail/.* -- gen_context(system_u:object_r:fetchmail_var_run_t,s0)
@@ -17618,7 +80465,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.if serefpolicy-3.3.1/policy/modules/services/fetchmail.if
--- nsaserefpolicy/policy/modules/services/fetchmail.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,44 @@
## Remote-mail retrieval and forwarding utility
+
@@ -17666,7 +80513,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetchmail.te serefpolicy-3.3.1/policy/modules/services/fetchmail.te
--- nsaserefpolicy/policy/modules/services/fetchmail.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/fetchmail.te 2009-01-13 19:18:30.000000000 +0100
@@ -14,7 +14,7 @@
files_pid_file(fetchmail_var_run_t)
@@ -17689,7 +80536,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/fetc
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.fc serefpolicy-3.3.1/policy/modules/services/ftp.fc
--- nsaserefpolicy/policy/modules/services/ftp.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.fc 2009-01-13 19:18:30.000000000 +0100
@@ -27,3 +27,6 @@
/var/log/vsftpd.* -- gen_context(system_u:object_r:xferlog_t,s0)
/var/log/xferlog.* -- gen_context(system_u:object_r:xferlog_t,s0)
@@ -17699,7 +80546,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
+/etc/rc\.d/init\.d/proftpd -- gen_context(system_u:object_r:ftp_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.if serefpolicy-3.3.1/policy/modules/services/ftp.if
--- nsaserefpolicy/policy/modules/services/ftp.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.if 2009-01-13 19:18:30.000000000 +0100
@@ -28,11 +28,13 @@
type ftpd_t;
')
@@ -17818,7 +80665,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.te serefpolicy-3.3.1/policy/modules/services/ftp.te
--- nsaserefpolicy/policy/modules/services/ftp.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ftp.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ftp.te 2009-01-13 19:18:30.000000000 +0100
@@ -75,6 +75,9 @@
type xferlog_t;
logging_log_file(xferlog_t)
@@ -17899,13 +80746,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ftp.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.fc serefpolicy-3.3.1/policy/modules/services/gamin.fc
--- nsaserefpolicy/policy/modules/services/gamin.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,2 @@
+
+/usr/libexec/gam_server -- gen_context(system_u:object_r:gamin_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.if serefpolicy-3.3.1/policy/modules/services/gamin.if
--- nsaserefpolicy/policy/modules/services/gamin.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,57 @@
+
+## policy for gamin
@@ -17966,7 +80813,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gami
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gamin.te serefpolicy-3.3.1/policy/modules/services/gamin.te
--- nsaserefpolicy/policy/modules/services/gamin.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gamin.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gamin.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,42 @@
+policy_module(gamin,1.0.0)
+
@@ -18012,14 +80859,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gami
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.fc serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc
--- nsaserefpolicy/policy/modules/services/gnomeclock.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,3 @@
+
+/usr/libexec/gnome-clock-applet-mechanism -- gen_context(system_u:object_r:gnomeclock_exec_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.if serefpolicy-3.3.1/policy/modules/services/gnomeclock.if
--- nsaserefpolicy/policy/modules/services/gnomeclock.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,75 @@
+
+## policy for gnomeclock
@@ -18098,7 +80945,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnomeclock.te serefpolicy-3.3.1/policy/modules/services/gnomeclock.te
--- nsaserefpolicy/policy/modules/services/gnomeclock.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gnomeclock.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,55 @@
+policy_module(gnomeclock,1.0.0)
+########################################
@@ -18157,7 +81004,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gnom
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.te serefpolicy-3.3.1/policy/modules/services/gpm.te
--- nsaserefpolicy/policy/modules/services/gpm.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/gpm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/gpm.te 2009-01-13 19:18:30.000000000 +0100
@@ -41,8 +41,8 @@
allow gpm_t gpm_var_run_t:file manage_file_perms;
files_pid_filetrans(gpm_t,gpm_var_run_t,file)
@@ -18171,7 +81018,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/gpm.
kernel_read_kernel_sysctls(gpm_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.fc serefpolicy-3.3.1/policy/modules/services/hal.fc
--- nsaserefpolicy/policy/modules/services/hal.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.fc 2009-01-13 19:18:30.000000000 +0100
@@ -8,6 +8,8 @@
/usr/libexec/hal-hotplug-map -- gen_context(system_u:object_r:hald_exec_t,s0)
/usr/libexec/hal-system-sonypic -- gen_context(system_u:object_r:hald_sonypic_exec_t,s0)
@@ -18199,7 +81046,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.if serefpolicy-3.3.1/policy/modules/services/hal.if
--- nsaserefpolicy/policy/modules/services/hal.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.if 2009-01-13 19:18:30.000000000 +0100
@@ -302,3 +302,42 @@
files_search_pids($1)
allow $1 hald_var_run_t:file rw_file_perms;
@@ -18245,7 +81092,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.te serefpolicy-3.3.1/policy/modules/services/hal.te
--- nsaserefpolicy/policy/modules/services/hal.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/hal.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/hal.te 2009-01-13 19:18:30.000000000 +0100
@@ -49,6 +49,9 @@
type hald_var_lib_t;
files_type(hald_var_lib_t)
@@ -18274,7 +81121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
logging_log_filetrans(hald_t,hald_log_t,file)
manage_dirs_pattern(hald_t,hald_tmp_t,hald_tmp_t)
-@@ -82,8 +85,9 @@
+@@ -82,8 +85,10 @@
manage_files_pattern(hald_t,hald_var_lib_t,hald_var_lib_t)
manage_sock_files_pattern(hald_t,hald_var_lib_t,hald_var_lib_t)
@@ -18282,10 +81129,11 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
manage_files_pattern(hald_t,hald_var_run_t,hald_var_run_t)
-files_pid_filetrans(hald_t,hald_var_run_t,file)
+files_pid_filetrans(hald_t,hald_var_run_t,{ dir file })
++allow hald_t hald_var_run_t:dir mounton;
kernel_read_system_state(hald_t)
kernel_read_network_state(hald_t)
-@@ -93,6 +97,7 @@
+@@ -93,6 +98,7 @@
kernel_rw_irq_sysctls(hald_t)
kernel_rw_vm_sysctls(hald_t)
kernel_write_proc_files(hald_t)
@@ -18293,7 +81141,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
auth_read_pam_console_data(hald_t)
-@@ -121,6 +126,7 @@
+@@ -121,6 +127,7 @@
dev_rw_power_management(hald_t)
# hal is now execing pm-suspend
dev_rw_sysfs(hald_t)
@@ -18301,7 +81149,18 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
domain_use_interactive_fds(hald_t)
domain_read_all_domains_state(hald_t)
-@@ -155,6 +161,8 @@
+@@ -144,6 +151,10 @@
+ fs_search_all(hald_t)
+ fs_list_inotifyfs(hald_t)
+ fs_list_auto_mountpoints(hald_t)
++fs_mount_dos_fs(hald_t)
++fs_unmount_dos_fs(hald_t)
++fs_manage_dos_files(hald_t)
++
+ files_getattr_all_mountpoints(hald_t)
+
+ mls_file_read_all_levels(hald_t)
+@@ -155,6 +166,8 @@
selinux_compute_relabel_context(hald_t)
selinux_compute_user_contexts(hald_t)
@@ -18310,7 +81169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
storage_raw_read_removable_device(hald_t)
storage_raw_write_removable_device(hald_t)
storage_raw_read_fixed_disk(hald_t)
-@@ -172,6 +180,8 @@
+@@ -172,6 +185,8 @@
init_rw_utmp(hald_t)
init_telinit(hald_t)
@@ -18319,7 +81178,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
libs_use_ld_so(hald_t)
libs_use_shared_libs(hald_t)
libs_exec_ld_so(hald_t)
-@@ -244,6 +254,10 @@
+@@ -244,6 +259,10 @@
')
optional_policy(`
@@ -18330,7 +81189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
hotplug_read_config(hald_t)
')
-@@ -265,6 +279,16 @@
+@@ -265,6 +284,16 @@
')
optional_policy(`
@@ -18347,7 +81206,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
rpc_search_nfs_state_data(hald_t)
')
-@@ -282,16 +306,25 @@
+@@ -282,16 +311,25 @@
')
optional_policy(`
@@ -18374,7 +81233,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
domtrans_pattern(hald_t, hald_acl_exec_t, hald_acl_t)
allow hald_t hald_acl_t:process signal;
-@@ -301,9 +334,14 @@
+@@ -301,9 +339,14 @@
manage_files_pattern(hald_acl_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_acl_t)
@@ -18389,7 +81248,15 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
dev_getattr_generic_usb_dev(hald_acl_t)
dev_getattr_video_dev(hald_acl_t)
dev_setattr_video_dev(hald_acl_t)
-@@ -323,13 +361,22 @@
+@@ -317,19 +360,30 @@
+
+ storage_getattr_removable_dev(hald_acl_t)
+ storage_setattr_removable_dev(hald_acl_t)
++storage_getattr_fixed_disk_dev(hald_acl_t)
++storage_setattr_fixed_disk_dev(hald_acl_t)
+
+ auth_use_nsswitch(hald_acl_t)
+
libs_use_ld_so(hald_acl_t)
libs_use_shared_libs(hald_acl_t)
@@ -18412,7 +81279,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
domtrans_pattern(hald_t, hald_mac_exec_t, hald_mac_t)
allow hald_t hald_mac_t:process signal;
allow hald_mac_t hald_t:unix_stream_socket connectto;
-@@ -338,9 +385,18 @@
+@@ -338,9 +392,18 @@
manage_files_pattern(hald_mac_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_mac_t)
@@ -18431,7 +81298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
libs_use_ld_so(hald_mac_t)
libs_use_shared_libs(hald_mac_t)
-@@ -363,6 +419,8 @@
+@@ -363,6 +426,8 @@
manage_files_pattern(hald_sonypic_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_sonypic_t)
@@ -18440,7 +81307,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
files_read_usr_files(hald_sonypic_t)
libs_use_ld_so(hald_sonypic_t)
-@@ -383,6 +441,8 @@
+@@ -383,6 +448,8 @@
manage_files_pattern(hald_keymap_t,hald_var_lib_t,hald_var_lib_t)
files_search_var_lib(hald_keymap_t)
@@ -18449,7 +81316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
dev_rw_input_dev(hald_keymap_t)
files_read_usr_files(hald_keymap_t)
-@@ -391,3 +451,8 @@
+@@ -391,3 +458,8 @@
libs_use_shared_libs(hald_keymap_t)
miscfiles_read_localization(hald_keymap_t)
@@ -18460,7 +81327,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/hal.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.fc serefpolicy-3.3.1/policy/modules/services/inetd.fc
--- nsaserefpolicy/policy/modules/services/inetd.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,6 +1,8 @@
/usr/sbin/identd -- gen_context(system_u:object_r:inetd_child_exec_t,s0)
@@ -18472,7 +81339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
/usr/sbin/xinetd -- gen_context(system_u:object_r:inetd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.if serefpolicy-3.3.1/policy/modules/services/inetd.if
--- nsaserefpolicy/policy/modules/services/inetd.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.if 2009-01-13 19:18:30.000000000 +0100
@@ -115,6 +115,10 @@
allow $1 inetd_t:tcp_socket rw_stream_socket_perms;
@@ -18486,7 +81353,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inetd.te serefpolicy-3.3.1/policy/modules/services/inetd.te
--- nsaserefpolicy/policy/modules/services/inetd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inetd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inetd.te 2009-01-13 19:18:30.000000000 +0100
@@ -30,6 +30,10 @@
type inetd_child_var_run_t;
files_pid_file(inetd_child_var_run_t)
@@ -18542,7 +81409,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inet
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.fc serefpolicy-3.3.1/policy/modules/services/inn.fc
--- nsaserefpolicy/policy/modules/services/inn.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.fc 2009-01-13 19:18:30.000000000 +0100
@@ -64,3 +64,5 @@
/var/run/news(/.*)? gen_context(system_u:object_r:innd_var_run_t,s0)
@@ -18551,7 +81418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
+/etc/rc\.d/init\.d/innd -- gen_context(system_u:object_r:innd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.if serefpolicy-3.3.1/policy/modules/services/inn.if
--- nsaserefpolicy/policy/modules/services/inn.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.if 2009-01-13 19:18:30.000000000 +0100
@@ -54,8 +54,7 @@
')
@@ -18645,7 +81512,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.te serefpolicy-3.3.1/policy/modules/services/inn.te
--- nsaserefpolicy/policy/modules/services/inn.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/inn.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/inn.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,7 +22,10 @@
files_pid_file(innd_var_run_t)
@@ -18660,7 +81527,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/inn.
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.fc serefpolicy-3.3.1/policy/modules/services/jabber.fc
--- nsaserefpolicy/policy/modules/services/jabber.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.fc 2009-01-13 19:18:30.000000000 +0100
@@ -2,3 +2,4 @@
/var/lib/jabber(/.*)? gen_context(system_u:object_r:jabberd_var_lib_t,s0)
@@ -18668,7 +81535,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
+/etc/rc\.d/init\.d/jabber -- gen_context(system_u:object_r:jabber_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.if serefpolicy-3.3.1/policy/modules/services/jabber.if
--- nsaserefpolicy/policy/modules/services/jabber.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.if 2009-01-13 19:18:30.000000000 +0100
@@ -13,3 +13,73 @@
interface(`jabber_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -18745,7 +81612,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabber.te serefpolicy-3.3.1/policy/modules/services/jabber.te
--- nsaserefpolicy/policy/modules/services/jabber.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/jabber.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/jabber.te 2009-01-13 19:18:30.000000000 +0100
@@ -19,6 +19,9 @@
type jabberd_var_run_t;
files_pid_file(jabberd_var_run_t)
@@ -18758,7 +81625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/jabb
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.fc serefpolicy-3.3.1/policy/modules/services/kerberos.fc
--- nsaserefpolicy/policy/modules/services/kerberos.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.fc 2009-01-13 19:18:30.000000000 +0100
@@ -7,12 +7,22 @@
/usr/(local/)?(kerberos/)?sbin/krb5kdc -- gen_context(system_u:object_r:krb5kdc_exec_t,s0)
@@ -18784,7 +81651,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+/etc/rc\.d/init\.d/krb5kdc -- gen_context(system_u:object_r:kerberos_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.if serefpolicy-3.3.1/policy/modules/services/kerberos.if
--- nsaserefpolicy/policy/modules/services/kerberos.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.if 2009-01-13 19:18:30.000000000 +0100
@@ -23,6 +23,25 @@
########################################
@@ -19069,7 +81936,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerberos.te serefpolicy-3.3.1/policy/modules/services/kerberos.te
--- nsaserefpolicy/policy/modules/services/kerberos.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerberos.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerberos.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,7 @@
type kadmind_t;
type kadmind_exec_t;
@@ -19261,7 +82128,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerb
+kerberos_use(kpropd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.fc serefpolicy-3.3.1/policy/modules/services/kerneloops.fc
--- nsaserefpolicy/policy/modules/services/kerneloops.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,4 @@
+
+/usr/sbin/kerneloops -- gen_context(system_u:object_r:kerneloops_exec_t,s0)
@@ -19269,7 +82136,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
+/etc/rc\.d/init\.d/kerneloops -- gen_context(system_u:object_r:kerneloops_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.if serefpolicy-3.3.1/policy/modules/services/kerneloops.if
--- nsaserefpolicy/policy/modules/services/kerneloops.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,140 @@
+
+## policy for kerneloops
@@ -19413,7 +82280,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kerneloops.te serefpolicy-3.3.1/policy/modules/services/kerneloops.te
--- nsaserefpolicy/policy/modules/services/kerneloops.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/kerneloops.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/kerneloops.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,63 @@
+policy_module(kerneloops,1.0.0)
+
@@ -19480,7 +82347,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/kern
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.fc serefpolicy-3.3.1/policy/modules/services/ldap.fc
--- nsaserefpolicy/policy/modules/services/ldap.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.fc 2009-01-13 19:18:30.000000000 +0100
@@ -14,3 +14,5 @@
/var/run/openldap(/.*)? gen_context(system_u:object_r:slapd_var_run_t,s0)
/var/run/slapd\.args -- gen_context(system_u:object_r:slapd_var_run_t,s0)
@@ -19489,7 +82356,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
+/etc/rc\.d/init\.d/ldap -- gen_context(system_u:object_r:ldap_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.if serefpolicy-3.3.1/policy/modules/services/ldap.if
--- nsaserefpolicy/policy/modules/services/ldap.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.if 2009-01-13 19:18:30.000000000 +0100
@@ -73,3 +73,80 @@
allow $1 slapd_var_run_t:sock_file write;
allow $1 slapd_t:unix_stream_socket connectto;
@@ -19573,7 +82440,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap.te serefpolicy-3.3.1/policy/modules/services/ldap.te
--- nsaserefpolicy/policy/modules/services/ldap.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ldap.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ldap.te 2009-01-13 19:18:30.000000000 +0100
@@ -31,6 +31,9 @@
type slapd_var_run_t;
files_pid_file(slapd_var_run_t)
@@ -19586,7 +82453,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ldap
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.fc serefpolicy-3.3.1/policy/modules/services/lpd.fc
--- nsaserefpolicy/policy/modules/services/lpd.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/lpd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/lpd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -3,6 +3,8 @@
#
/dev/printer -s gen_context(system_u:object_r:printer_t,s0)
@@ -19614,7 +82481,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.if serefpolicy-3.3.1/policy/modules/services/lpd.if
--- nsaserefpolicy/policy/modules/services/lpd.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/lpd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/lpd.if 2009-01-13 19:18:30.000000000 +0100
@@ -336,10 +336,8 @@
')
@@ -19629,7 +82496,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/lpd.
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.fc serefpolicy-3.3.1/policy/modules/services/mailman.fc
--- nsaserefpolicy/policy/modules/services/mailman.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.fc 2009-01-13 19:18:30.000000000 +0100
@@ -31,3 +31,4 @@
/var/lock/mailman(/.*)? gen_context(system_u:object_r:mailman_lock_t,s0)
/var/spool/mailman(/.*)? gen_context(system_u:object_r:mailman_data_t,s0)
@@ -19637,7 +82504,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
+/usr/lib/mailman/mail/mailman -- gen_context(system_u:object_r:mailman_mail_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.if serefpolicy-3.3.1/policy/modules/services/mailman.if
--- nsaserefpolicy/policy/modules/services/mailman.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.if 2009-01-13 19:18:30.000000000 +0100
@@ -31,6 +31,12 @@
allow mailman_$1_t self:tcp_socket create_stream_socket_perms;
allow mailman_$1_t self:udp_socket create_socket_perms;
@@ -19687,7 +82554,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailman.te serefpolicy-3.3.1/policy/modules/services/mailman.te
--- nsaserefpolicy/policy/modules/services/mailman.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailman.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailman.te 2009-01-13 19:18:30.000000000 +0100
@@ -53,10 +53,9 @@
apache_use_fds(mailman_cgi_t)
apache_dontaudit_append_log(mailman_cgi_t)
@@ -19735,13 +82602,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.fc serefpolicy-3.3.1/policy/modules/services/mailscanner.fc
--- nsaserefpolicy/policy/modules/services/mailscanner.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,2 @@
+/var/spool/MailScanner(/.*)? gen_context(system_u:object_r:mailscanner_spool_t,s0)
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.if serefpolicy-3.3.1/policy/modules/services/mailscanner.if
--- nsaserefpolicy/policy/modules/services/mailscanner.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,59 @@
+## Anti-Virus and Anti-Spam Filter
+
@@ -19804,7 +82671,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mailscanner.te serefpolicy-3.3.1/policy/modules/services/mailscanner.te
--- nsaserefpolicy/policy/modules/services/mailscanner.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mailscanner.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mailscanner.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,5 @@
+
+policy_module(mailscanner,1.0.0)
@@ -19813,8 +82680,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mail
+files_type(mailscanner_spool_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.fc serefpolicy-3.3.1/policy/modules/services/mta.fc
--- nsaserefpolicy/policy/modules/services/mta.fc 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.fc 2009-01-05 11:17:34.000000000 +0100
-@@ -11,9 +11,10 @@
++++ serefpolicy-3.3.1/policy/modules/services/mta.fc 2009-01-13 19:18:30.000000000 +0100
+@@ -8,12 +8,14 @@
+ /etc/postfix/aliases.* gen_context(system_u:object_r:etc_aliases_t,s0)
+ ')
+
++/usr/lib/courier/bin/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
/usr/lib(64)?/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
/usr/sbin/rmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
@@ -19826,7 +82697,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
/var/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
/var/qmail/bin/sendmail -- gen_context(system_u:object_r:sendmail_exec_t,s0)
-@@ -22,6 +23,4 @@
+@@ -22,6 +24,4 @@
/var/spool/(client)?mqueue(/.*)? gen_context(system_u:object_r:mqueue_spool_t,s0)
/var/spool/mail(/.*)? gen_context(system_u:object_r:mail_spool_t,s0)
@@ -19836,7 +82707,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.if serefpolicy-3.3.1/policy/modules/services/mta.if
--- nsaserefpolicy/policy/modules/services/mta.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mta.if 2009-01-13 19:18:30.000000000 +0100
@@ -133,6 +133,15 @@
sendmail_create_log($1_mail_t)
')
@@ -20011,7 +82882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.te serefpolicy-3.3.1/policy/modules/services/mta.te
--- nsaserefpolicy/policy/modules/services/mta.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mta.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mta.te 2009-01-13 19:18:30.000000000 +0100
@@ -6,6 +6,8 @@
# Declarations
#
@@ -20180,7 +83051,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mta.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.fc serefpolicy-3.3.1/policy/modules/services/munin.fc
--- nsaserefpolicy/policy/modules/services/munin.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.fc 2009-01-13 19:18:30.000000000 +0100
@@ -6,6 +6,9 @@
/usr/share/munin/plugins/.* -- gen_context(system_u:object_r:munin_exec_t,s0)
@@ -20195,8 +83066,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+/etc/rc\.d/init\.d/munin-node -- gen_context(system_u:object_r:munin_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.if serefpolicy-3.3.1/policy/modules/services/munin.if
--- nsaserefpolicy/policy/modules/services/munin.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.if 2009-01-05 11:17:34.000000000 +0100
-@@ -80,3 +80,104 @@
++++ serefpolicy-3.3.1/policy/modules/services/munin.if 2009-01-13 19:18:30.000000000 +0100
+@@ -80,3 +80,123 @@
dontaudit $1 munin_var_lib_t:dir search_dir_perms;
')
@@ -20220,6 +83091,25 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+ init_labeled_script_domtrans($1,munin_script_exec_t)
+')
+
++#######################################
++##
++## Do not audit attempts to read and write
++## munin server TCP sockets.
++##
++##
++##
++## Domain to not audit.
++##
++##
++#
++interface(`munin_dontaudit_rw_tcp_sockets',`
++ gen_require(`
++ type munin_t;
++ ')
++
++ dontaudit $1 munin_t:tcp_socket { read write };
++')
++
+########################################
+##
+## All of the rules required to administrate
@@ -20303,7 +83193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/munin.te serefpolicy-3.3.1/policy/modules/services/munin.te
--- nsaserefpolicy/policy/modules/services/munin.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/munin.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/munin.te 2009-01-13 19:23:18.000000000 +0100
@@ -25,26 +25,33 @@
type munin_var_run_t alias lrrd_var_run_t;
files_pid_file(munin_var_run_t)
@@ -20317,7 +83207,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
#
-allow munin_t self:capability { setgid setuid };
-+allow munin_t self:capability { chown dac_override setgid setuid sys_rawio };
++allow munin_t self:capability { chown dac_override kill setgid setuid sys_rawio };
dontaudit munin_t self:capability sys_tty_config;
allow munin_t self:process { getsched setsched signal_perms };
allow munin_t self:unix_stream_socket { create_stream_socket_perms connectto };
@@ -20394,7 +83284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
userdom_dontaudit_use_unpriv_user_fds(munin_t)
userdom_dontaudit_search_sysadm_home_dirs(munin_t)
-@@ -108,7 +128,21 @@
+@@ -108,7 +128,39 @@
')
optional_policy(`
@@ -20403,8 +83293,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+')
+
+optional_policy(`
++ files_search_mnt(munin_t)
++')
++
++optional_policy(`
++ logging_getattr_generic_log_files(munin_t)
++')
++
++optional_policy(`
+ mta_read_config(munin_t)
+ mta_send_mail(munin_t)
++ mta_read_queue(munin_t)
+')
+
+optional_policy(`
@@ -20413,11 +83312,20 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+')
+
+optional_policy(`
++ postfix_list_spool(munin_t)
++ postfix_getattr_spool_files(munin_t)
++')
++
++optional_policy(`
++ rpc_search_nfs_state_data(munin_t)
++')
++
++optional_policy(`
+ sendmail_read_log(munin_t)
')
optional_policy(`
-@@ -118,3 +152,9 @@
+@@ -118,3 +170,9 @@
optional_policy(`
udev_read_db(munin_t)
')
@@ -20429,7 +83337,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/muni
+manage_files_pattern(munin_t, httpd_munin_content_t, httpd_munin_content_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.fc serefpolicy-3.3.1/policy/modules/services/mysql.fc
--- nsaserefpolicy/policy/modules/services/mysql.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.fc 2009-01-13 19:18:30.000000000 +0100
@@ -22,3 +22,5 @@
/var/log/mysql.* -- gen_context(system_u:object_r:mysqld_log_t,s0)
@@ -20438,7 +83346,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
+/etc/rc\.d/init\.d/mysqld -- gen_context(system_u:object_r:mysqld_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.if serefpolicy-3.3.1/policy/modules/services/mysql.if
--- nsaserefpolicy/policy/modules/services/mysql.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.if 2009-01-13 19:18:30.000000000 +0100
@@ -32,9 +32,11 @@
interface(`mysql_stream_connect',`
gen_require(`
@@ -20528,7 +83436,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysql.te serefpolicy-3.3.1/policy/modules/services/mysql.te
--- nsaserefpolicy/policy/modules/services/mysql.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/mysql.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/mysql.te 2009-01-13 19:18:30.000000000 +0100
@@ -25,6 +25,9 @@
type mysqld_tmp_t;
files_tmp_file(mysqld_tmp_t)
@@ -20559,7 +83467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/mysq
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.fc serefpolicy-3.3.1/policy/modules/services/nagios.fc
--- nsaserefpolicy/policy/modules/services/nagios.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.fc 2009-01-13 19:18:30.000000000 +0100
@@ -4,13 +4,17 @@
/usr/bin/nagios -- gen_context(system_u:object_r:nagios_exec_t,s0)
/usr/bin/nrpe -- gen_context(system_u:object_r:nrpe_exec_t,s0)
@@ -20584,7 +83492,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.if serefpolicy-3.3.1/policy/modules/services/nagios.if
--- nsaserefpolicy/policy/modules/services/nagios.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.if 2009-01-13 19:18:30.000000000 +0100
@@ -44,7 +44,7 @@
########################################
@@ -20696,7 +83604,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagios.te serefpolicy-3.3.1/policy/modules/services/nagios.te
--- nsaserefpolicy/policy/modules/services/nagios.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nagios.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nagios.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,11 +8,7 @@
type nagios_t;
@@ -20804,7 +83712,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nagi
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.fc serefpolicy-3.3.1/policy/modules/services/networkmanager.fc
--- nsaserefpolicy/policy/modules/services/networkmanager.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,7 +1,16 @@
+/etc/NetworkManager/dispatcher\.d(/.*) gen_context(system_u:object_r:NetworkManager_script_exec_t,s0)
+
@@ -20824,7 +83732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+/var/run/nm-dhclient.* gen_context(system_u:object_r:NetworkManager_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.if serefpolicy-3.3.1/policy/modules/services/networkmanager.if
--- nsaserefpolicy/policy/modules/services/networkmanager.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.if 2009-01-13 19:18:30.000000000 +0100
@@ -74,7 +74,7 @@
')
@@ -20895,7 +83803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/networkmanager.te serefpolicy-3.3.1/policy/modules/services/networkmanager.te
--- nsaserefpolicy/policy/modules/services/networkmanager.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/networkmanager.te 2009-01-13 19:18:30.000000000 +0100
@@ -1,5 +1,5 @@
-policy_module(networkmanager,1.9.0)
@@ -21172,7 +84080,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/netw
+term_dontaudit_use_console(wpa_cli_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.fc serefpolicy-3.3.1/policy/modules/services/nis.fc
--- nsaserefpolicy/policy/modules/services/nis.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.fc 2009-01-13 19:18:30.000000000 +0100
@@ -4,9 +4,14 @@
/sbin/ypbind -- gen_context(system_u:object_r:ypbind_exec_t,s0)
@@ -21190,7 +84098,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
+/etc/rc\.d/init\.d/ypxfrd -- gen_context(system_u:object_r:nis_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.if serefpolicy-3.3.1/policy/modules/services/nis.if
--- nsaserefpolicy/policy/modules/services/nis.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.if 2009-01-13 19:18:30.000000000 +0100
@@ -28,7 +28,7 @@
type var_yp_t;
')
@@ -21333,7 +84241,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.te serefpolicy-3.3.1/policy/modules/services/nis.te
--- nsaserefpolicy/policy/modules/services/nis.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nis.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nis.te 2009-01-13 19:18:30.000000000 +0100
@@ -44,6 +44,9 @@
type ypxfr_exec_t;
init_daemon_domain(ypxfr_t,ypxfr_exec_t)
@@ -21401,7 +84309,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nis.
corenet_tcp_connect_all_ports(ypxfr_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.fc serefpolicy-3.3.1/policy/modules/services/nscd.fc
--- nsaserefpolicy/policy/modules/services/nscd.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -9,3 +9,5 @@
/var/run/\.nscd_socket -s gen_context(system_u:object_r:nscd_var_run_t,s0)
@@ -21410,7 +84318,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+/etc/rc\.d/init\.d/nscd -- gen_context(system_u:object_r:nscd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.if serefpolicy-3.3.1/policy/modules/services/nscd.if
--- nsaserefpolicy/policy/modules/services/nscd.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.if 2009-01-13 19:18:30.000000000 +0100
@@ -2,6 +2,24 @@
########################################
@@ -21550,7 +84458,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd.te serefpolicy-3.3.1/policy/modules/services/nscd.te
--- nsaserefpolicy/policy/modules/services/nscd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nscd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nscd.te 2009-01-13 19:18:30.000000000 +0100
@@ -23,19 +23,22 @@
type nscd_log_t;
logging_log_file(nscd_log_t)
@@ -21644,7 +84552,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nscd
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.fc serefpolicy-3.3.1/policy/modules/services/ntp.fc
--- nsaserefpolicy/policy/modules/services/ntp.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.fc 2009-01-13 19:18:30.000000000 +0100
@@ -17,3 +17,8 @@
/var/log/xntpd.* -- gen_context(system_u:object_r:ntpd_log_t,s0)
@@ -21656,7 +84564,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
+/etc/rc\.d/init\.d/ntpd -- gen_context(system_u:object_r:ntpd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.if serefpolicy-3.3.1/policy/modules/services/ntp.if
--- nsaserefpolicy/policy/modules/services/ntp.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.if 2009-01-13 19:18:30.000000000 +0100
@@ -53,3 +53,76 @@
corecmd_search_bin($1)
domtrans_pattern($1,ntpdate_exec_t,ntpd_t)
@@ -21736,7 +84644,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.te serefpolicy-3.3.1/policy/modules/services/ntp.te
--- nsaserefpolicy/policy/modules/services/ntp.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ntp.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ntp.te 2009-01-13 19:18:30.000000000 +0100
@@ -25,6 +25,12 @@
type ntpdate_exec_t;
init_system_domain(ntpd_t,ntpdate_exec_t)
@@ -21808,7 +84716,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ntp.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.fc serefpolicy-3.3.1/policy/modules/services/nx.fc
--- nsaserefpolicy/policy/modules/services/nx.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/nx.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/nx.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,3 +1,5 @@
+
+/usr/libexec/nx/nxserver -- gen_context(system_u:object_r:nx_server_exec_t,s0)
@@ -21817,7 +84725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/nx.f
/opt/NX/home/nx/\.ssh(/.*)? gen_context(system_u:object_r:nx_server_home_ssh_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oav.te serefpolicy-3.3.1/policy/modules/services/oav.te
--- nsaserefpolicy/policy/modules/services/oav.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oav.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oav.te 2009-01-13 19:18:30.000000000 +0100
@@ -12,7 +12,7 @@
# cjp: may be collapsable to etc_t
@@ -21838,7 +84746,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oav.
logging_log_file(scannerdaemon_log_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.fc serefpolicy-3.3.1/policy/modules/services/oddjob.fc
--- nsaserefpolicy/policy/modules/services/oddjob.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,4 @@
-/usr/lib/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
+/usr/lib(64)?/oddjob/mkhomedir -- gen_context(system_u:object_r:oddjob_mkhomedir_exec_t,s0)
@@ -21847,7 +84755,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.if serefpolicy-3.3.1/policy/modules/services/oddjob.if
--- nsaserefpolicy/policy/modules/services/oddjob.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.if 2009-01-13 19:18:30.000000000 +0100
@@ -44,6 +44,7 @@
')
@@ -21893,7 +84801,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddjob.te serefpolicy-3.3.1/policy/modules/services/oddjob.te
--- nsaserefpolicy/policy/modules/services/oddjob.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/oddjob.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/oddjob.te 2009-01-13 19:18:30.000000000 +0100
@@ -10,14 +10,21 @@
type oddjob_exec_t;
domain_type(oddjob_t)
@@ -21962,7 +84870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/oddj
userdom_generic_user_home_dir_filetrans_generic_user_home_content(oddjob_mkhomedir_t,notdevfile_class_set)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openca.te serefpolicy-3.3.1/policy/modules/services/openca.te
--- nsaserefpolicy/policy/modules/services/openca.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openca.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openca.te 2009-01-13 19:18:30.000000000 +0100
@@ -18,7 +18,7 @@
# /etc/openca standard files
@@ -21974,7 +84882,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
type openca_etc_in_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openct.te serefpolicy-3.3.1/policy/modules/services/openct.te
--- nsaserefpolicy/policy/modules/services/openct.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openct.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openct.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,6 +22,7 @@
allow openct_t self:process signal_perms;
@@ -21985,7 +84893,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
kernel_read_kernel_sysctls(openct_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.fc serefpolicy-3.3.1/policy/modules/services/openvpn.fc
--- nsaserefpolicy/policy/modules/services/openvpn.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.fc 2009-01-13 19:18:30.000000000 +0100
@@ -2,6 +2,7 @@
# /etc
#
@@ -22005,7 +84913,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+/etc/rc\.d/init\.d/openvpn -- gen_context(system_u:object_r:openvpn_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.if serefpolicy-3.3.1/policy/modules/services/openvpn.if
--- nsaserefpolicy/policy/modules/services/openvpn.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.if 2009-01-13 19:18:30.000000000 +0100
@@ -70,6 +70,43 @@
########################################
@@ -22127,7 +85035,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/openvpn.te serefpolicy-3.3.1/policy/modules/services/openvpn.te
--- nsaserefpolicy/policy/modules/services/openvpn.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/openvpn.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/openvpn.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,7 +8,7 @@
##
@@ -22202,7 +85110,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/open
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcscd.te serefpolicy-3.3.1/policy/modules/services/pcscd.te
--- nsaserefpolicy/policy/modules/services/pcscd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pcscd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pcscd.te 2009-01-13 19:18:30.000000000 +0100
@@ -45,6 +45,7 @@
files_read_etc_files(pcscd_t)
files_read_etc_runtime_files(pcscd_t)
@@ -22213,7 +85121,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pcsc
libs_use_ld_so(pcscd_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pegasus.te serefpolicy-3.3.1/policy/modules/services/pegasus.te
--- nsaserefpolicy/policy/modules/services/pegasus.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pegasus.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pegasus.te 2009-01-13 19:18:30.000000000 +0100
@@ -42,6 +42,7 @@
allow pegasus_t pegasus_conf_t:file { read_file_perms link unlink };
allow pegasus_t pegasus_conf_t:lnk_file read_lnk_file_perms;
@@ -22262,7 +85170,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pega
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.fc serefpolicy-3.3.1/policy/modules/services/pki.fc
--- nsaserefpolicy/policy/modules/services/pki.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,46 @@
+
+/etc/rc\.d/init\.d/pki-ca -- gen_context(system_u:object_r:pki_ca_script_exec_t,s0)
@@ -22312,7 +85220,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
+/var/run/pki-tps\.pid -- gen_context(system_u:object_r:pki_tks_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.if serefpolicy-3.3.1/policy/modules/services/pki.if
--- nsaserefpolicy/policy/modules/services/pki.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,643 @@
+
+## policy for pki
@@ -22959,7 +85867,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.te serefpolicy-3.3.1/policy/modules/services/pki.te
--- nsaserefpolicy/policy/modules/services/pki.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pki.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pki.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,91 @@
+policy_module(pki,1.0.0)
+
@@ -23054,14 +85962,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pki.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.fc serefpolicy-3.3.1/policy/modules/services/podsleuth.fc
--- nsaserefpolicy/policy/modules/services/podsleuth.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,3 @@
+/usr/bin/podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/usr/libexec/hal-podsleuth -- gen_context(system_u:object_r:podsleuth_exec_t,s0)
+/var/cache/podsleuth(/.*)? gen_context(system_u:object_r:podsleuth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.if serefpolicy-3.3.1/policy/modules/services/podsleuth.if
--- nsaserefpolicy/policy/modules/services/podsleuth.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,55 @@
+
+## policy for podsleuth
@@ -23120,7 +86028,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pods
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/podsleuth.te serefpolicy-3.3.1/policy/modules/services/podsleuth.te
--- nsaserefpolicy/policy/modules/services/podsleuth.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/podsleuth.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/podsleuth.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,73 @@
+policy_module(podsleuth,1.0.0)
+
@@ -23197,7 +86105,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pods
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.fc serefpolicy-3.3.1/policy/modules/services/polkit.fc
--- nsaserefpolicy/policy/modules/services/polkit.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,9 @@
+
+/usr/libexec/polkit-read-auth-helper -- gen_context(system_u:object_r:polkit_auth_exec_t,s0)
@@ -23210,7 +86118,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+/var/lib/PolicyKit-public(/.*)? gen_context(system_u:object_r:polkit_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.if serefpolicy-3.3.1/policy/modules/services/polkit.if
--- nsaserefpolicy/policy/modules/services/polkit.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,213 @@
+
+## policy for polkit_auth
@@ -23427,7 +86335,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polkit.te serefpolicy-3.3.1/policy/modules/services/polkit.te
--- nsaserefpolicy/policy/modules/services/polkit.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/polkit.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,221 @@
+policy_module(polkit_auth,1.0.0)
+
@@ -23652,7 +86560,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/polk
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portmap.te serefpolicy-3.3.1/policy/modules/services/portmap.te
--- nsaserefpolicy/policy/modules/services/portmap.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/portmap.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/portmap.te 2009-01-13 19:18:30.000000000 +0100
@@ -41,6 +41,7 @@
manage_files_pattern(portmap_t,portmap_var_run_t,portmap_var_run_t)
files_pid_filetrans(portmap_t,portmap_var_run_t,file)
@@ -23663,7 +86571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
kernel_read_proc_symlinks(portmap_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/portslave.te serefpolicy-3.3.1/policy/modules/services/portslave.te
--- nsaserefpolicy/policy/modules/services/portslave.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/portslave.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/portslave.te 2009-01-13 19:18:30.000000000 +0100
@@ -12,7 +12,7 @@
init_daemon_domain(portslave_t,portslave_exec_t)
@@ -23675,7 +86583,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/port
files_lock_file(portslave_lock_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.fc serefpolicy-3.3.1/policy/modules/services/postfix.fc
--- nsaserefpolicy/policy/modules/services/postfix.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.fc 2009-01-13 19:18:30.000000000 +0100
@@ -29,12 +29,10 @@
/usr/lib/postfix/smtpd -- gen_context(system_u:object_r:postfix_smtpd_exec_t,s0)
/usr/lib/postfix/bounce -- gen_context(system_u:object_r:postfix_bounce_exec_t,s0)
@@ -23689,18 +86597,30 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
/usr/sbin/postdrop -- gen_context(system_u:object_r:postfix_postdrop_exec_t,s0)
/usr/sbin/postfix -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
/usr/sbin/postkick -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
-@@ -43,6 +41,7 @@
+@@ -43,6 +41,11 @@
/usr/sbin/postmap -- gen_context(system_u:object_r:postfix_map_exec_t,s0)
/usr/sbin/postqueue -- gen_context(system_u:object_r:postfix_postqueue_exec_t,s0)
/usr/sbin/postsuper -- gen_context(system_u:object_r:postfix_master_exec_t,s0)
++
+/var/lib/postfix(/.*)? gen_context(system_u:object_r:postfix_var_lib_t,s0)
++
++/var/run/postfix(/.*)? gen_context(system_u:object_r:postfix_var_run_t,s0)
++
/var/spool/postfix(/.*)? gen_context(system_u:object_r:postfix_spool_t,s0)
/var/spool/postfix/maildrop(/.*)? gen_context(system_u:object_r:postfix_spool_maildrop_t,s0)
/var/spool/postfix/pid/.* gen_context(system_u:object_r:postfix_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.if serefpolicy-3.3.1/policy/modules/services/postfix.if
--- nsaserefpolicy/policy/modules/services/postfix.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.if 2009-01-05 11:17:34.000000000 +0100
-@@ -206,9 +206,8 @@
++++ serefpolicy-3.3.1/policy/modules/services/postfix.if 2009-01-13 19:22:53.000000000 +0100
+@@ -46,6 +46,7 @@
+
+ allow postfix_$1_t postfix_etc_t:dir list_dir_perms;
+ read_files_pattern(postfix_$1_t,postfix_etc_t,postfix_etc_t)
++ read_lnk_files_pattern(postfix_$1_t, postfix_etc_t, postfix_etc_t)
+
+ can_exec(postfix_$1_t, postfix_$1_exec_t)
+
+@@ -206,9 +207,8 @@
type postfix_etc_t;
')
@@ -23712,7 +86632,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
files_search_etc($1)
')
-@@ -416,7 +415,7 @@
+@@ -416,7 +416,7 @@
##
##
#
@@ -23721,7 +86641,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
gen_require(`
type postfix_private_t;
')
-@@ -427,6 +426,26 @@
+@@ -427,6 +427,26 @@
########################################
##
@@ -23748,7 +86668,32 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
## Execute the master postfix program in the
## postfix_master domain.
##
-@@ -503,6 +522,44 @@
+@@ -482,6 +502,24 @@
+ files_search_spool($1)
+ ')
+
++#######################################
++##
++## Getattr postfix mail spool files.
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`postfix_getattr_spool_files',`
++ gen_require(`
++ attribute postfix_spool_type;
++ ')
++ files_search_spool($1)
++ getattr_files_pattern($1, postfix_spool_type, postfix_spool_type)
++')
++
+ ########################################
+ ##
+ ## Read postfix mail spool files.
+@@ -503,6 +541,44 @@
########################################
##
@@ -23793,7 +86738,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
## Execute postfix user mail programs
## in their respective domains.
##
-@@ -519,3 +576,22 @@
+@@ -519,3 +595,22 @@
typeattribute $1 postfix_user_domtrans;
')
@@ -23818,7 +86763,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.fc serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc
--- nsaserefpolicy/policy/modules/services/postfixpolicyd.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -3,3 +3,5 @@
/usr/sbin/policyd -- gen_context(system_u:object_r:postfix_policyd_exec_t, s0)
@@ -23827,7 +86772,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+/etc/rc\.d/init\.d/postfixpolicyd -- gen_context(system_u:object_r:postfixpolicyd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.if serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if
--- nsaserefpolicy/policy/modules/services/postfixpolicyd.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,68 @@
## Postfix policy server
+
@@ -23899,7 +86844,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfixpolicyd.te serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te
--- nsaserefpolicy/policy/modules/services/postfixpolicyd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfixpolicyd.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,9 @@
type postfix_policyd_var_run_t;
files_pid_file(postfix_policyd_var_run_t)
@@ -23912,7 +86857,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
# Local Policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postfix.te serefpolicy-3.3.1/policy/modules/services/postfix.te
--- nsaserefpolicy/policy/modules/services/postfix.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postfix.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postfix.te 2009-01-13 19:18:30.000000000 +0100
@@ -6,6 +6,14 @@
# Declarations
#
@@ -24190,7 +87135,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
corecmd_exec_bin(postfix_virtual_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.fc serefpolicy-3.3.1/policy/modules/services/postgresql.fc
--- nsaserefpolicy/policy/modules/services/postgresql.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.fc 2009-01-13 19:18:30.000000000 +0100
@@ -6,8 +6,8 @@
#
# /usr
@@ -24223,7 +87168,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+/etc/rc\.d/init\.d/postgresql -- gen_context(system_u:object_r:postgresql_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.if serefpolicy-3.3.1/policy/modules/services/postgresql.if
--- nsaserefpolicy/policy/modules/services/postgresql.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.if 2009-01-13 19:18:30.000000000 +0100
@@ -1,5 +1,205 @@
## PostgreSQL relational database
@@ -24573,7 +87518,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgresql.te serefpolicy-3.3.1/policy/modules/services/postgresql.te
--- nsaserefpolicy/policy/modules/services/postgresql.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgresql.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgresql.te 2009-01-13 19:18:30.000000000 +0100
@@ -1,13 +1,30 @@
-policy_module(postgresql,1.5.0)
@@ -24858,7 +87803,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+kernel_relabelfrom_unlabeled_database(sepgsql_unconfined_type)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.fc serefpolicy-3.3.1/policy/modules/services/postgrey.fc
--- nsaserefpolicy/policy/modules/services/postgrey.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.fc 2009-01-13 19:18:30.000000000 +0100
@@ -7,3 +7,7 @@
/var/run/postgrey(/.*)? gen_context(system_u:object_r:postgrey_var_run_t,s0)
@@ -24869,7 +87814,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+/var/spool/postfix/postgrey(/.*)? gen_context(system_u:object_r:postgrey_spool_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.if serefpolicy-3.3.1/policy/modules/services/postgrey.if
--- nsaserefpolicy/policy/modules/services/postgrey.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.if 2009-01-13 19:18:30.000000000 +0100
@@ -12,10 +12,100 @@
#
interface(`postgrey_stream_connect',`
@@ -24975,7 +87920,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/postgrey.te serefpolicy-3.3.1/policy/modules/services/postgrey.te
--- nsaserefpolicy/policy/modules/services/postgrey.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/postgrey.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/postgrey.te 2009-01-13 19:18:30.000000000 +0100
@@ -13,26 +13,38 @@
type postgrey_etc_t;
files_config_file(postgrey_etc_t)
@@ -25030,7 +87975,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/post
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.fc serefpolicy-3.3.1/policy/modules/services/ppp.fc
--- nsaserefpolicy/policy/modules/services/ppp.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,6 +1,8 @@
#
# /etc
@@ -25042,7 +87987,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
/etc/ppp/peers(/.*)? gen_context(system_u:object_r:pppd_etc_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.if serefpolicy-3.3.1/policy/modules/services/ppp.if
--- nsaserefpolicy/policy/modules/services/ppp.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.if 2009-01-13 19:18:30.000000000 +0100
@@ -39,6 +39,25 @@
########################################
@@ -25205,7 +88150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.te serefpolicy-3.3.1/policy/modules/services/ppp.te
--- nsaserefpolicy/policy/modules/services/ppp.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ppp.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ppp.te 2009-01-13 19:18:30.000000000 +0100
@@ -71,7 +71,7 @@
# PPPD Local policy
#
@@ -25325,7 +88270,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ppp.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.fc serefpolicy-3.3.1/policy/modules/services/prelude.fc
--- nsaserefpolicy/policy/modules/services/prelude.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/prelude.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,24 @@
+/sbin/audisp-prelude -- gen_context(system_u:object_r:prelude_audisp_exec_t,s0)
+
@@ -25353,7 +88298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.if serefpolicy-3.3.1/policy/modules/services/prelude.if
--- nsaserefpolicy/policy/modules/services/prelude.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/prelude.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,191 @@
+## Prelude hybrid intrusion detection system
+
@@ -25548,8 +88493,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prelude.te serefpolicy-3.3.1/policy/modules/services/prelude.te
--- nsaserefpolicy/policy/modules/services/prelude.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/prelude.te 2009-01-05 11:17:34.000000000 +0100
-@@ -0,0 +1,338 @@
++++ serefpolicy-3.3.1/policy/modules/services/prelude.te 2009-01-13 19:18:30.000000000 +0100
+@@ -0,0 +1,339 @@
+
+policy_module(prelude, 1.0.0)
+
@@ -25691,6 +88636,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
+# prelude_audisp local policy
+#
+allow prelude_audisp_t self:capability dac_override;
++allow prelude_audisp_t self:process signal;
+allow prelude_audisp_t self:fifo_file rw_file_perms;
+allow prelude_audisp_t self:unix_stream_socket create_stream_socket_perms;
+allow prelude_audisp_t self:unix_dgram_socket create_socket_perms;
@@ -25890,7 +88836,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/prel
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.fc serefpolicy-3.3.1/policy/modules/services/privoxy.fc
--- nsaserefpolicy/policy/modules/services/privoxy.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,6 +1,10 @@
/etc/privoxy/user\.action -- gen_context(system_u:object_r:privoxy_etc_rw_t,s0)
@@ -25904,7 +88850,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.if serefpolicy-3.3.1/policy/modules/services/privoxy.if
--- nsaserefpolicy/policy/modules/services/privoxy.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.if 2009-01-13 19:18:30.000000000 +0100
@@ -2,6 +2,25 @@
########################################
@@ -25963,7 +88909,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/privoxy.te serefpolicy-3.3.1/policy/modules/services/privoxy.te
--- nsaserefpolicy/policy/modules/services/privoxy.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/privoxy.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/privoxy.te 2009-01-13 19:18:30.000000000 +0100
@@ -19,6 +19,9 @@
type privoxy_var_run_t;
files_pid_file(privoxy_var_run_t)
@@ -25984,7 +88930,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/priv
corenet_sendrecv_http_cache_server_packets(privoxy_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.fc serefpolicy-3.3.1/policy/modules/services/procmail.fc
--- nsaserefpolicy/policy/modules/services/procmail.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,2 +1,5 @@
/usr/bin/procmail -- gen_context(system_u:object_r:procmail_exec_t,s0)
@@ -25993,7 +88939,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
+/var/log/procmail(/.*)? gen_context(system_u:object_r:procmail_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.if serefpolicy-3.3.1/policy/modules/services/procmail.if
--- nsaserefpolicy/policy/modules/services/procmail.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.if 2009-01-13 19:18:30.000000000 +0100
@@ -39,3 +39,41 @@
corecmd_search_bin($1)
can_exec($1,procmail_exec_t)
@@ -26038,7 +88984,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/procmail.te serefpolicy-3.3.1/policy/modules/services/procmail.te
--- nsaserefpolicy/policy/modules/services/procmail.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/procmail.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/procmail.te 2009-01-13 19:18:30.000000000 +0100
@@ -14,6 +14,10 @@
type procmail_tmp_t;
files_tmp_file(procmail_tmp_t)
@@ -26118,13 +89064,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/proc
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/publicfile.if serefpolicy-3.3.1/policy/modules/services/publicfile.if
--- nsaserefpolicy/policy/modules/services/publicfile.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/publicfile.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/publicfile.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,2 @@
## publicfile supplies files to the public through HTTP and FTP
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.fc serefpolicy-3.3.1/policy/modules/services/pyzor.fc
--- nsaserefpolicy/policy/modules/services/pyzor.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,9 +1,11 @@
/etc/pyzor(/.*)? gen_context(system_u:object_r:pyzor_etc_t, s0)
@@ -26140,7 +89086,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
+/etc/rc\.d/init\.d/pyzord -- gen_context(system_u:object_r:pyzord_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.if serefpolicy-3.3.1/policy/modules/services/pyzor.if
--- nsaserefpolicy/policy/modules/services/pyzor.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.if 2009-01-13 19:18:30.000000000 +0100
@@ -25,16 +25,15 @@
#
template(`pyzor_per_role_template',`
@@ -26245,7 +89191,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzor.te serefpolicy-3.3.1/policy/modules/services/pyzor.te
--- nsaserefpolicy/policy/modules/services/pyzor.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/pyzor.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/pyzor.te 2009-01-13 19:18:30.000000000 +0100
@@ -17,7 +17,7 @@
init_daemon_domain(pyzord_t,pyzord_exec_t)
@@ -26304,7 +89250,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/pyzo
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.if serefpolicy-3.3.1/policy/modules/services/qmail.if
--- nsaserefpolicy/policy/modules/services/qmail.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/qmail.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/qmail.if 2009-01-13 19:18:30.000000000 +0100
@@ -197,3 +197,4 @@
domtrans_pattern(qmail_smtpd_t, $2, $1)
@@ -26312,7 +89258,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmail.te serefpolicy-3.3.1/policy/modules/services/qmail.te
--- nsaserefpolicy/policy/modules/services/qmail.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/qmail.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/qmail.te 2009-01-13 19:18:30.000000000 +0100
@@ -14,7 +14,7 @@
qmail_child_domain_template(qmail_clean, qmail_start_t)
@@ -26370,7 +89316,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/qmai
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.fc serefpolicy-3.3.1/policy/modules/services/radius.fc
--- nsaserefpolicy/policy/modules/services/radius.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.fc 2009-01-13 19:18:30.000000000 +0100
@@ -20,3 +20,5 @@
/var/run/radiusd(/.*)? gen_context(system_u:object_r:radiusd_var_run_t,s0)
@@ -26379,7 +89325,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
+/etc/rc\.d/init\.d/radiusd -- gen_context(system_u:object_r:radius_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.if serefpolicy-3.3.1/policy/modules/services/radius.if
--- nsaserefpolicy/policy/modules/services/radius.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.if 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,25 @@
########################################
@@ -26445,7 +89391,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radius.te serefpolicy-3.3.1/policy/modules/services/radius.te
--- nsaserefpolicy/policy/modules/services/radius.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radius.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radius.te 2009-01-13 19:18:30.000000000 +0100
@@ -25,6 +25,9 @@
type radiusd_var_run_t;
files_pid_file(radiusd_var_run_t)
@@ -26513,7 +89459,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radi
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.fc serefpolicy-3.3.1/policy/modules/services/radvd.fc
--- nsaserefpolicy/policy/modules/services/radvd.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.fc 2009-01-13 19:18:30.000000000 +0100
@@ -5,3 +5,4 @@
/var/run/radvd\.pid -- gen_context(system_u:object_r:radvd_var_run_t,s0)
@@ -26521,7 +89467,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
+/etc/rc\.d/init\.d/radvd -- gen_context(system_u:object_r:radvd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.if serefpolicy-3.3.1/policy/modules/services/radvd.if
--- nsaserefpolicy/policy/modules/services/radvd.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.if 2009-01-13 19:18:30.000000000 +0100
@@ -2,6 +2,25 @@
########################################
@@ -26577,7 +89523,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radvd.te serefpolicy-3.3.1/policy/modules/services/radvd.te
--- nsaserefpolicy/policy/modules/services/radvd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/radvd.te 2009-01-05 11:30:30.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/radvd.te 2009-01-13 19:18:30.000000000 +0100
@@ -15,11 +15,14 @@
type radvd_etc_t;
files_config_file(radvd_etc_t)
@@ -26604,7 +89550,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/radv
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.fc serefpolicy-3.3.1/policy/modules/services/razor.fc
--- nsaserefpolicy/policy/modules/services/razor.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,4 @@
-HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:ROLE_razor_home_t,s0)
+HOME_DIR/\.razor(/.*)? gen_context(system_u:object_r:user_razor_home_t,s0)
@@ -26613,7 +89559,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.if serefpolicy-3.3.1/policy/modules/services/razor.if
--- nsaserefpolicy/policy/modules/services/razor.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.if 2009-01-13 19:18:30.000000000 +0100
@@ -137,6 +137,7 @@
template(`razor_per_role_template',`
gen_require(`
@@ -26705,7 +89651,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razor.te serefpolicy-3.3.1/policy/modules/services/razor.te
--- nsaserefpolicy/policy/modules/services/razor.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/razor.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/razor.te 2009-01-13 19:18:30.000000000 +0100
@@ -23,6 +23,12 @@
razor_common_domain_template(razor)
@@ -26721,7 +89667,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/razo
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.if serefpolicy-3.3.1/policy/modules/services/rdisc.if
--- nsaserefpolicy/policy/modules/services/rdisc.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rdisc.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rdisc.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,20 @@
## Network router discovery daemon
+
@@ -26745,7 +89691,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdis
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdisc.te serefpolicy-3.3.1/policy/modules/services/rdisc.te
--- nsaserefpolicy/policy/modules/services/rdisc.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rdisc.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rdisc.te 2009-01-13 19:18:30.000000000 +0100
@@ -45,6 +45,8 @@
libs_use_ld_so(rdisc_t)
libs_use_shared_libs(rdisc_t)
@@ -26757,7 +89703,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rdis
sysnet_read_config(rdisc_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.if serefpolicy-3.3.1/policy/modules/services/remotelogin.if
--- nsaserefpolicy/policy/modules/services/remotelogin.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/remotelogin.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/remotelogin.if 2009-01-13 19:18:30.000000000 +0100
@@ -35,3 +35,4 @@
allow $1 remote_login_t:process signal;
@@ -26765,7 +89711,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remotelogin.te serefpolicy-3.3.1/policy/modules/services/remotelogin.te
--- nsaserefpolicy/policy/modules/services/remotelogin.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/remotelogin.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/remotelogin.te 2009-01-13 19:18:30.000000000 +0100
@@ -85,6 +85,7 @@
miscfiles_read_localization(remote_login_t)
@@ -26776,7 +89722,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/remo
# Only permit unprivileged user domains to be entered via rlogin,
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb.te serefpolicy-3.3.1/policy/modules/services/rhgb.te
--- nsaserefpolicy/policy/modules/services/rhgb.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rhgb.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rhgb.te 2009-01-13 19:18:30.000000000 +0100
@@ -92,6 +92,7 @@
term_getattr_pty_fs(rhgb_t)
@@ -26795,7 +89741,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rhgb
consoletype_exec(rhgb_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricci.if serefpolicy-3.3.1/policy/modules/services/ricci.if
--- nsaserefpolicy/policy/modules/services/ricci.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ricci.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ricci.if 2009-01-13 19:18:30.000000000 +0100
@@ -165,3 +165,4 @@
domtrans_pattern($1,ricci_modstorage_exec_t,ricci_modstorage_t)
@@ -26803,7 +89749,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ricc
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlogin.te serefpolicy-3.3.1/policy/modules/services/rlogin.te
--- nsaserefpolicy/policy/modules/services/rlogin.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rlogin.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rlogin.te 2009-01-13 19:18:30.000000000 +0100
@@ -36,6 +36,8 @@
allow rlogind_t rlogind_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty(rlogind_t,rlogind_devpts_t)
@@ -26843,7 +89789,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rlog
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.fc serefpolicy-3.3.1/policy/modules/services/roundup.fc
--- nsaserefpolicy/policy/modules/services/roundup.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.fc 2009-01-13 19:18:30.000000000 +0100
@@ -7,3 +7,5 @@
# /var
#
@@ -26852,7 +89798,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
+/etc/rc\.d/init\.d/roundup -- gen_context(system_u:object_r:roundup_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.if serefpolicy-3.3.1/policy/modules/services/roundup.if
--- nsaserefpolicy/policy/modules/services/roundup.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,68 @@
## Roundup Issue Tracking System policy
+
@@ -26924,7 +89870,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roundup.te serefpolicy-3.3.1/policy/modules/services/roundup.te
--- nsaserefpolicy/policy/modules/services/roundup.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/roundup.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/roundup.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,9 @@
type roundup_var_lib_t;
files_type(roundup_var_lib_t)
@@ -26937,7 +89883,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/roun
# Local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.fc serefpolicy-3.3.1/policy/modules/services/rpcbind.fc
--- nsaserefpolicy/policy/modules/services/rpcbind.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.fc 2009-01-13 19:18:30.000000000 +0100
@@ -5,3 +5,5 @@
/var/run/rpc.statd\.pid -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
/var/run/rpcbind\.lock -- gen_context(system_u:object_r:rpcbind_var_run_t,s0)
@@ -26946,7 +89892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+/etc/rc\.d/init\.d/rpcbind -- gen_context(system_u:object_r:rpcbind_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.if serefpolicy-3.3.1/policy/modules/services/rpcbind.if
--- nsaserefpolicy/policy/modules/services/rpcbind.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.if 2009-01-13 19:18:30.000000000 +0100
@@ -95,3 +95,70 @@
manage_files_pattern($1,rpcbind_var_lib_t,rpcbind_var_lib_t)
files_search_var_lib($1)
@@ -27020,7 +89966,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcbind.te serefpolicy-3.3.1/policy/modules/services/rpcbind.te
--- nsaserefpolicy/policy/modules/services/rpcbind.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpcbind.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpcbind.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,16 +16,21 @@
type rpcbind_var_lib_t;
files_type(rpcbind_var_lib_t)
@@ -27054,7 +90000,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpcb
corenet_all_recvfrom_unlabeled(rpcbind_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.fc serefpolicy-3.3.1/policy/modules/services/rpc.fc
--- nsaserefpolicy/policy/modules/services/rpc.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.fc 2009-01-13 19:18:30.000000000 +0100
@@ -12,6 +12,7 @@
# /usr
#
@@ -27065,7 +90011,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
/usr/sbin/rpc\.nfsd -- gen_context(system_u:object_r:nfsd_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.if serefpolicy-3.3.1/policy/modules/services/rpc.if
--- nsaserefpolicy/policy/modules/services/rpc.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.if 2009-01-13 19:18:30.000000000 +0100
@@ -88,8 +88,11 @@
# bind to arbitary unused ports
corenet_tcp_bind_generic_port($1_t)
@@ -27129,7 +90075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.te serefpolicy-3.3.1/policy/modules/services/rpc.te
--- nsaserefpolicy/policy/modules/services/rpc.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rpc.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rpc.te 2009-01-13 19:18:30.000000000 +0100
@@ -23,7 +23,7 @@
gen_tunable(allow_nfsd_anon_write,false)
@@ -27243,7 +90189,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rpc.
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd.te serefpolicy-3.3.1/policy/modules/services/rshd.te
--- nsaserefpolicy/policy/modules/services/rshd.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rshd.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rshd.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,7 +16,7 @@
#
# Local policy
@@ -27307,7 +90253,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rshd
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.fc serefpolicy-3.3.1/policy/modules/services/rsync.fc
--- nsaserefpolicy/policy/modules/services/rsync.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,2 +1,6 @@
/usr/bin/rsync -- gen_context(system_u:object_r:rsync_exec_t,s0)
@@ -27317,7 +90263,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+/var/run/rsyncd\.lock -- gen_context(system_u:object_r:rsync_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.if serefpolicy-3.3.1/policy/modules/services/rsync.if
--- nsaserefpolicy/policy/modules/services/rsync.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.if 2009-01-13 19:18:30.000000000 +0100
@@ -103,3 +103,5 @@
can_exec($1,rsync_exec_t)
@@ -27326,7 +90272,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsync.te serefpolicy-3.3.1/policy/modules/services/rsync.te
--- nsaserefpolicy/policy/modules/services/rsync.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rsync.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rsync.te 2009-01-13 19:18:30.000000000 +0100
@@ -31,6 +31,9 @@
type rsync_data_t;
files_type(rsync_data_t)
@@ -27374,7 +90320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rsyn
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.fc serefpolicy-3.3.1/policy/modules/services/rwho.fc
--- nsaserefpolicy/policy/modules/services/rwho.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.fc 2009-01-13 19:18:30.000000000 +0100
@@ -3,3 +3,5 @@
/var/spool/rwho(/.*)? gen_context(system_u:object_r:rwho_spool_t,s0)
@@ -27383,7 +90329,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
+/etc/rc\.d/init\.d/rwhod -- gen_context(system_u:object_r:rwho_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.if serefpolicy-3.3.1/policy/modules/services/rwho.if
--- nsaserefpolicy/policy/modules/services/rwho.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.if 2009-01-13 19:18:30.000000000 +0100
@@ -118,6 +118,25 @@
########################################
@@ -27436,7 +90382,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho.te serefpolicy-3.3.1/policy/modules/services/rwho.te
--- nsaserefpolicy/policy/modules/services/rwho.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/rwho.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/rwho.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,9 @@
type rwho_spool_t;
files_type(rwho_spool_t)
@@ -27449,7 +90395,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/rwho
# rwho local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.fc serefpolicy-3.3.1/policy/modules/services/samba.fc
--- nsaserefpolicy/policy/modules/services/samba.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.fc 2009-01-13 19:18:30.000000000 +0100
@@ -15,6 +15,7 @@
/usr/bin/ntlm_auth -- gen_context(system_u:object_r:winbind_helper_exec_t,s0)
/usr/bin/smbmount -- gen_context(system_u:object_r:smbmount_exec_t,s0)
@@ -27473,7 +90419,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.if serefpolicy-3.3.1/policy/modules/services/samba.if
--- nsaserefpolicy/policy/modules/services/samba.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.if 2009-01-13 19:18:30.000000000 +0100
@@ -33,8 +33,8 @@
')
@@ -27842,7 +90788,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samba.te serefpolicy-3.3.1/policy/modules/services/samba.te
--- nsaserefpolicy/policy/modules/services/samba.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/samba.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/samba.te 2009-01-13 19:18:30.000000000 +0100
@@ -17,6 +17,13 @@
##
@@ -28301,7 +91247,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/samb
+allow smbcontrol_t nmbd_var_run_t:file { read lock };
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.fc serefpolicy-3.3.1/policy/modules/services/sasl.fc
--- nsaserefpolicy/policy/modules/services/sasl.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.fc 2009-01-13 19:18:30.000000000 +0100
@@ -8,3 +8,5 @@
# /var
#
@@ -28310,7 +91256,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
+/etc/rc\.d/init\.d/sasl -- gen_context(system_u:object_r:sasl_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.if serefpolicy-3.3.1/policy/modules/services/sasl.if
--- nsaserefpolicy/policy/modules/services/sasl.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.if 2009-01-13 19:18:30.000000000 +0100
@@ -21,6 +21,25 @@
########################################
@@ -28378,7 +91324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl.te serefpolicy-3.3.1/policy/modules/services/sasl.te
--- nsaserefpolicy/policy/modules/services/sasl.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sasl.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sasl.te 2009-01-13 19:18:30.000000000 +0100
@@ -23,6 +23,9 @@
type saslauthd_var_run_t;
files_pid_file(saslauthd_var_run_t)
@@ -28411,7 +91357,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sasl
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.if serefpolicy-3.3.1/policy/modules/services/sendmail.if
--- nsaserefpolicy/policy/modules/services/sendmail.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.if 2009-01-13 19:18:30.000000000 +0100
@@ -149,3 +149,104 @@
logging_log_filetrans($1,sendmail_log_t,file)
@@ -28519,7 +91465,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/sendmail.te serefpolicy-3.3.1/policy/modules/services/sendmail.te
--- nsaserefpolicy/policy/modules/services/sendmail.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/sendmail.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/sendmail.te 2009-01-13 19:18:30.000000000 +0100
@@ -20,13 +20,17 @@
mta_mailserver_delivery(sendmail_t)
mta_mailserver_sender(sendmail_t)
@@ -28680,7 +91626,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/send
-') dnl end TODO
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.fc serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc
--- nsaserefpolicy/policy/modules/services/setroubleshoot.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.fc 2009-01-13 19:18:30.000000000 +0100
@@ -5,3 +5,5 @@
/var/log/setroubleshoot(/.*)? gen_context(system_u:object_r:setroubleshoot_var_log_t,s0)
@@ -28689,7 +91635,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
+/etc/rc\.d/init\.d/setroubleshoot -- gen_context(system_u:object_r:setroubleshoot_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.if serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if
--- nsaserefpolicy/policy/modules/services/setroubleshoot.if 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.if 2009-01-13 19:18:30.000000000 +0100
@@ -16,14 +16,13 @@
')
@@ -28789,7 +91735,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setroubleshoot.te serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te
--- nsaserefpolicy/policy/modules/services/setroubleshoot.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/setroubleshoot.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,13 +22,16 @@
type setroubleshoot_var_run_t;
files_pid_file(setroubleshoot_var_run_t)
@@ -28871,13 +91817,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/setr
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.fc serefpolicy-3.3.1/policy/modules/services/slattach.fc
--- nsaserefpolicy/policy/modules/services/slattach.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,2 @@
+
+/sbin/slattach -- gen_context(system_u:object_r:slattach_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.if serefpolicy-3.3.1/policy/modules/services/slattach.if
--- nsaserefpolicy/policy/modules/services/slattach.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,22 @@
+
+## policy for slattach
@@ -28903,7 +91849,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slat
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slattach.te serefpolicy-3.3.1/policy/modules/services/slattach.te
--- nsaserefpolicy/policy/modules/services/slattach.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/slattach.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/slattach.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,31 @@
+policy_module(slattach,1.0.0)
+
@@ -28938,7 +91884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/slat
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.fc serefpolicy-3.3.1/policy/modules/services/smartmon.fc
--- nsaserefpolicy/policy/modules/services/smartmon.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.fc 2009-01-13 19:18:30.000000000 +0100
@@ -8,3 +8,4 @@
#
/var/run/smartd\.pid -- gen_context(system_u:object_r:fsdaemon_var_run_t,s0)
@@ -28946,7 +91892,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
+/etc/rc\.d/init\.d/smartd -- gen_context(system_u:object_r:fsdaemon_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.if serefpolicy-3.3.1/policy/modules/services/smartmon.if
--- nsaserefpolicy/policy/modules/services/smartmon.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.if 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,25 @@
########################################
@@ -29003,7 +91949,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smartmon.te serefpolicy-3.3.1/policy/modules/services/smartmon.te
--- nsaserefpolicy/policy/modules/services/smartmon.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/smartmon.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/smartmon.te 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,10 @@
type fsdaemon_tmp_t;
files_tmp_file(fsdaemon_tmp_t)
@@ -29042,7 +91988,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/smar
userdom_dontaudit_search_sysadm_home_dirs(fsdaemon_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.fc serefpolicy-3.3.1/policy/modules/services/snmp.fc
--- nsaserefpolicy/policy/modules/services/snmp.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.fc 2009-01-13 19:18:30.000000000 +0100
@@ -8,6 +8,7 @@
#
# /var
@@ -29060,7 +92006,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
+/etc/rc\.d/init\.d/snmptrapd -- gen_context(system_u:object_r:snmp_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.if serefpolicy-3.3.1/policy/modules/services/snmp.if
--- nsaserefpolicy/policy/modules/services/snmp.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.if 2009-01-13 19:18:30.000000000 +0100
@@ -87,6 +87,25 @@
########################################
@@ -29123,7 +92069,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp.te serefpolicy-3.3.1/policy/modules/services/snmp.te
--- nsaserefpolicy/policy/modules/services/snmp.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snmp.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snmp.te 2009-01-13 19:18:30.000000000 +0100
@@ -18,12 +18,16 @@
type snmpd_var_lib_t;
files_type(snmpd_var_lib_t)
@@ -29206,7 +92152,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snmp
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.fc serefpolicy-3.3.1/policy/modules/services/snort.fc
--- nsaserefpolicy/policy/modules/services/snort.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,6 +1,10 @@
+/usr/s?bin/snort -- gen_context(system_u:object_r:snort_exec_t,s0)
+/usr/sbin/snort-plain -- gen_context(system_u:object_r:snort_exec_t,s0)
@@ -29223,7 +92169,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
+/etc/rc\.d/init\.d/snortd -- gen_context(system_u:object_r:snort_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.if serefpolicy-3.3.1/policy/modules/services/snort.if
--- nsaserefpolicy/policy/modules/services/snort.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,95 @@
-## Snort network intrusion detection system
+## SELinux policy for Snort IDS
@@ -29323,7 +92269,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snort.te serefpolicy-3.3.1/policy/modules/services/snort.te
--- nsaserefpolicy/policy/modules/services/snort.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/snort.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/snort.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,10 +8,13 @@
type snort_t;
@@ -29374,7 +92320,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/snor
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.fc serefpolicy-3.3.1/policy/modules/services/soundserver.fc
--- nsaserefpolicy/policy/modules/services/soundserver.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,10 +1,12 @@
-/etc/nas(/.*)? gen_context(system_u:object_r:soundd_etc_t,s0)
-/etc/yiff(/.*)? gen_context(system_u:object_r:soundd_etc_t,s0)
@@ -29393,7 +92339,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
+/etc/rc\.d/init\.d/nasd -- gen_context(system_u:object_r:soundd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.if serefpolicy-3.3.1/policy/modules/services/soundserver.if
--- nsaserefpolicy/policy/modules/services/soundserver.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.if 2009-01-13 19:18:30.000000000 +0100
@@ -13,3 +13,74 @@
interface(`soundserver_tcp_connect',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -29471,7 +92417,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soundserver.te serefpolicy-3.3.1/policy/modules/services/soundserver.te
--- nsaserefpolicy/policy/modules/services/soundserver.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/soundserver.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/soundserver.te 2009-01-13 19:18:30.000000000 +0100
@@ -10,9 +10,6 @@
type soundd_exec_t;
init_daemon_domain(soundd_t,soundd_exec_t)
@@ -29542,7 +92488,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/soun
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.fc serefpolicy-3.3.1/policy/modules/services/spamassassin.fc
--- nsaserefpolicy/policy/modules/services/spamassassin.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,4 @@
-HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:ROLE_spamassassin_home_t,s0)
+HOME_DIR/\.spamassassin(/.*)? gen_context(system_u:object_r:user_spamassassin_home_t,s0)
@@ -29570,7 +92516,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+/etc/rc\.d/init\.d/spamd -- gen_context(system_u:object_r:spamd_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.if serefpolicy-3.3.1/policy/modules/services/spamassassin.if
--- nsaserefpolicy/policy/modules/services/spamassassin.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.if 2009-01-13 19:18:30.000000000 +0100
@@ -34,10 +34,11 @@
# cjp: when tunables are available, spamc stuff should be
# toggled on activation of spamc, and similarly for spamd.
@@ -30139,7 +93085,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spamassassin.te serefpolicy-3.3.1/policy/modules/services/spamassassin.te
--- nsaserefpolicy/policy/modules/services/spamassassin.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2009-01-05 11:33:33.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/spamassassin.te 2009-01-13 19:18:30.000000000 +0100
@@ -21,8 +21,10 @@
gen_tunable(spamd_enable_home_dirs,true)
@@ -30499,7 +93445,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/spam
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.fc serefpolicy-3.3.1/policy/modules/services/squid.fc
--- nsaserefpolicy/policy/modules/services/squid.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.fc 2009-01-13 19:18:30.000000000 +0100
@@ -12,3 +12,8 @@
/var/run/squid\.pid -- gen_context(system_u:object_r:squid_var_run_t,s0)
@@ -30511,7 +93457,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.if serefpolicy-3.3.1/policy/modules/services/squid.if
--- nsaserefpolicy/policy/modules/services/squid.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.if 2009-01-13 19:18:30.000000000 +0100
@@ -131,3 +131,95 @@
interface(`squid_use',`
refpolicywarn(`$0($*) has been deprecated.')
@@ -30610,7 +93556,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squid.te serefpolicy-3.3.1/policy/modules/services/squid.te
--- nsaserefpolicy/policy/modules/services/squid.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/squid.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/squid.te 2009-01-13 19:18:30.000000000 +0100
@@ -31,12 +31,15 @@
type squid_var_run_t;
files_pid_file(squid_var_run_t)
@@ -30697,7 +93643,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/squi
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.fc serefpolicy-3.3.1/policy/modules/services/ssh.fc
--- nsaserefpolicy/policy/modules/services/ssh.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,4 @@
-HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:ROLE_home_ssh_t,s0)
+HOME_DIR/\.ssh(/.*)? gen_context(system_u:object_r:user_ssh_home_t,s0)
@@ -30706,7 +93652,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
/etc/ssh/ssh_host_key -- gen_context(system_u:object_r:sshd_key_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.if serefpolicy-3.3.1/policy/modules/services/ssh.if
--- nsaserefpolicy/policy/modules/services/ssh.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.if 2009-01-13 19:18:30.000000000 +0100
@@ -36,6 +36,7 @@
gen_require(`
attribute ssh_server;
@@ -30961,7 +93907,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.te serefpolicy-3.3.1/policy/modules/services/ssh.te
--- nsaserefpolicy/policy/modules/services/ssh.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/ssh.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/ssh.te 2009-01-13 19:18:30.000000000 +0100
@@ -24,7 +24,7 @@
# Type for the ssh-agent executable.
@@ -31023,7 +93969,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/ssh.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.fc serefpolicy-3.3.1/policy/modules/services/stunnel.fc
--- nsaserefpolicy/policy/modules/services/stunnel.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.fc 2009-01-13 19:18:30.000000000 +0100
@@ -2,5 +2,6 @@
/etc/stunnel(/.*)? gen_context(system_u:object_r:stunnel_etc_t,s0)
@@ -31033,7 +93979,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
/var/run/stunnel(/.*)? gen_context(system_u:object_r:stunnel_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.if serefpolicy-3.3.1/policy/modules/services/stunnel.if
--- nsaserefpolicy/policy/modules/services/stunnel.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,25 @@
## SSL Tunneling Proxy
+
@@ -31062,7 +94008,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stunnel.te serefpolicy-3.3.1/policy/modules/services/stunnel.te
--- nsaserefpolicy/policy/modules/services/stunnel.te 2008-02-26 14:23:11.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/stunnel.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/stunnel.te 2009-01-13 19:18:30.000000000 +0100
@@ -20,7 +20,7 @@
')
@@ -31083,7 +94029,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/stun
corenet_tcp_sendrecv_all_if(stunnel_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/telnet.te serefpolicy-3.3.1/policy/modules/services/telnet.te
--- nsaserefpolicy/policy/modules/services/telnet.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/telnet.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/telnet.te 2009-01-13 19:18:30.000000000 +0100
@@ -37,6 +37,8 @@
allow telnetd_t telnetd_devpts_t:chr_file { rw_chr_file_perms setattr };
term_create_pty(telnetd_t,telnetd_devpts_t)
@@ -31135,7 +94081,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/teln
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.fc serefpolicy-3.3.1/policy/modules/services/tftp.fc
--- nsaserefpolicy/policy/modules/services/tftp.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.fc 2009-01-13 19:18:30.000000000 +0100
@@ -4,5 +4,5 @@
/tftpboot -d gen_context(system_u:object_r:tftpdir_t,s0)
@@ -31145,7 +94091,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.if serefpolicy-3.3.1/policy/modules/services/tftp.if
--- nsaserefpolicy/policy/modules/services/tftp.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.if 2009-01-13 19:18:30.000000000 +0100
@@ -24,17 +24,17 @@
#
interface(`tftp_admin',`
@@ -31173,7 +94119,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp.te serefpolicy-3.3.1/policy/modules/services/tftp.te
--- nsaserefpolicy/policy/modules/services/tftp.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tftp.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tftp.te 2009-01-13 19:18:30.000000000 +0100
@@ -37,7 +37,6 @@
allow tftpd_t self:udp_socket create_socket_perms;
allow tftpd_t self:unix_dgram_socket create_socket_perms;
@@ -31218,13 +94164,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tftp
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/timidity.if serefpolicy-3.3.1/policy/modules/services/timidity.if
--- nsaserefpolicy/policy/modules/services/timidity.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/timidity.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/timidity.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,2 @@
## MIDI to WAV converter and player configured as a service
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.fc serefpolicy-3.3.1/policy/modules/services/tor.fc
--- nsaserefpolicy/policy/modules/services/tor.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,8 +1,10 @@
/etc/tor(/.*)? gen_context(system_u:object_r:tor_etc_t,s0)
@@ -31239,7 +94185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
+/etc/rc\.d/init\.d/tor -- gen_context(system_u:object_r:tor_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.if serefpolicy-3.3.1/policy/modules/services/tor.if
--- nsaserefpolicy/policy/modules/services/tor.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.if 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,25 @@
########################################
@@ -31303,7 +94249,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.te serefpolicy-3.3.1/policy/modules/services/tor.te
--- nsaserefpolicy/policy/modules/services/tor.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/tor.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/tor.te 2009-01-13 19:18:30.000000000 +0100
@@ -26,11 +26,15 @@
type tor_var_run_t;
files_pid_file(tor_var_run_t)
@@ -31338,7 +94284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/tor.
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.if serefpolicy-3.3.1/policy/modules/services/uucp.if
--- nsaserefpolicy/policy/modules/services/uucp.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/uucp.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/uucp.if 2009-01-13 19:18:30.000000000 +0100
@@ -85,27 +85,27 @@
#
interface(`uucp_admin',`
@@ -31380,7 +94326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp.te serefpolicy-3.3.1/policy/modules/services/uucp.te
--- nsaserefpolicy/policy/modules/services/uucp.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/uucp.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/uucp.te 2009-01-13 19:18:30.000000000 +0100
@@ -116,6 +116,8 @@
files_read_etc_files(uux_t)
@@ -31400,13 +94346,13 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/uucp
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.fc serefpolicy-3.3.1/policy/modules/services/w3c.fc
--- nsaserefpolicy/policy/modules/services/w3c.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,2 @@
+/usr/share/w3c-markup-validator(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_content_t,s0)
+/usr/share/w3c-markup-validator/cgi-bin(/.*)? gen_context(system_u:object_r:httpd_w3c_validator_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.if serefpolicy-3.3.1/policy/modules/services/w3c.if
--- nsaserefpolicy/policy/modules/services/w3c.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,20 @@
+## W3C
+
@@ -31430,7 +94376,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.te serefpolicy-3.3.1/policy/modules/services/w3c.te
--- nsaserefpolicy/policy/modules/services/w3c.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/w3c.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/w3c.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,14 @@
+policy_module(w3c,1.2.1)
+
@@ -31448,19 +94394,19 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/w3c.
+miscfiles_read_certs(httpd_w3c_validator_script_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/watchdog.if serefpolicy-3.3.1/policy/modules/services/watchdog.if
--- nsaserefpolicy/policy/modules/services/watchdog.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/watchdog.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/watchdog.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,2 @@
## Software watchdog
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xprint.if serefpolicy-3.3.1/policy/modules/services/xprint.if
--- nsaserefpolicy/policy/modules/services/xprint.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xprint.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xprint.if 2009-01-13 19:18:30.000000000 +0100
@@ -1 +1,2 @@
## X print server
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.fc serefpolicy-3.3.1/policy/modules/services/xserver.fc
--- nsaserefpolicy/policy/modules/services/xserver.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,13 +1,13 @@
#
# HOME_DIR
@@ -31531,7 +94477,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
/var/lib/pam_devperm/:0 -- gen_context(system_u:object_r:xdm_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.if serefpolicy-3.3.1/policy/modules/services/xserver.if
--- nsaserefpolicy/policy/modules/services/xserver.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.if 2009-01-13 19:18:30.000000000 +0100
@@ -12,9 +12,15 @@
##
##
@@ -33021,7 +95967,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xserver.te serefpolicy-3.3.1/policy/modules/services/xserver.te
--- nsaserefpolicy/policy/modules/services/xserver.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/xserver.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,6 +8,14 @@
##
@@ -33688,7 +96634,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/xser
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.fc serefpolicy-3.3.1/policy/modules/services/zabbix.fc
--- nsaserefpolicy/policy/modules/services/zabbix.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,5 +1,8 @@
+
/usr/bin/zabbix_server -- gen_context(system_u:object_r:zabbix_exec_t,s0)
@@ -33700,7 +96646,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
+/etc/rc\.d/init\.d/zabbix -- gen_context(system_u:object_r:zabbix_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.if serefpolicy-3.3.1/policy/modules/services/zabbix.if
--- nsaserefpolicy/policy/modules/services/zabbix.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.if 2009-01-13 19:18:30.000000000 +0100
@@ -79,6 +79,25 @@
########################################
@@ -33759,7 +96705,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabbix.te serefpolicy-3.3.1/policy/modules/services/zabbix.te
--- nsaserefpolicy/policy/modules/services/zabbix.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zabbix.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zabbix.te 2009-01-13 19:18:30.000000000 +0100
@@ -18,6 +18,9 @@
type zabbix_var_run_t;
files_pid_file(zabbix_var_run_t)
@@ -33772,7 +96718,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zabb
# zabbix local policy
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.fc serefpolicy-3.3.1/policy/modules/services/zebra.fc
--- nsaserefpolicy/policy/modules/services/zebra.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.fc 2009-01-13 19:18:30.000000000 +0100
@@ -14,3 +14,10 @@
/var/run/\.zebra -s gen_context(system_u:object_r:zebra_var_run_t,s0)
/var/run/\.zserv -s gen_context(system_u:object_r:zebra_var_run_t,s0)
@@ -33786,7 +96732,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
+/etc/rc\.d/init\.d/zebra -- gen_context(system_u:object_r:zebra_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.if serefpolicy-3.3.1/policy/modules/services/zebra.if
--- nsaserefpolicy/policy/modules/services/zebra.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.if 2009-01-13 19:18:30.000000000 +0100
@@ -18,12 +18,32 @@
files_search_etc($1)
@@ -33863,7 +96809,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebra.te serefpolicy-3.3.1/policy/modules/services/zebra.te
--- nsaserefpolicy/policy/modules/services/zebra.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/services/zebra.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/services/zebra.te 2009-01-13 19:18:30.000000000 +0100
@@ -30,6 +30,9 @@
type zebra_var_run_t;
files_pid_file(zebra_var_run_t)
@@ -33893,7 +96839,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/zebr
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/application.te serefpolicy-3.3.1/policy/modules/system/application.te
--- nsaserefpolicy/policy/modules/system/application.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/application.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/application.te 2009-01-13 19:18:30.000000000 +0100
@@ -7,6 +7,12 @@
# Executables to be run by user
attribute application_exec_type;
@@ -33909,7 +96855,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/applic
ssh_rw_stream_sockets(application_domain_type)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.fc serefpolicy-3.3.1/policy/modules/system/authlogin.fc
--- nsaserefpolicy/policy/modules/system/authlogin.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.fc 2009-01-13 19:18:30.000000000 +0100
@@ -7,12 +7,10 @@
/etc/passwd\.lock -- gen_context(system_u:object_r:shadow_t,s0)
/etc/shadow.* -- gen_context(system_u:object_r:shadow_t,s0)
@@ -33938,7 +96884,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+/var/cache/coolkey(/.*)? gen_context(system_u:object_r:auth_cache_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.if serefpolicy-3.3.1/policy/modules/system/authlogin.if
--- nsaserefpolicy/policy/modules/system/authlogin.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.if 2009-01-13 19:18:30.000000000 +0100
@@ -56,10 +56,6 @@
miscfiles_read_localization($1_chkpwd_t)
@@ -34234,7 +97180,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlogin.te serefpolicy-3.3.1/policy/modules/system/authlogin.te
--- nsaserefpolicy/policy/modules/system/authlogin.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/authlogin.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/authlogin.te 2009-01-13 19:18:30.000000000 +0100
@@ -59,6 +59,9 @@
type utempter_exec_t;
application_domain(utempter_t,utempter_exec_t)
@@ -34337,7 +97283,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/authlo
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.fc serefpolicy-3.3.1/policy/modules/system/fstools.fc
--- nsaserefpolicy/policy/modules/system/fstools.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,3 @@
-/sbin/badblocks -- gen_context(system_u:object_r:fsadm_exec_t,s0)
/sbin/blkid -- gen_context(system_u:object_r:fsadm_exec_t,s0)
@@ -34353,7 +97299,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
/sbin/partx -- gen_context(system_u:object_r:fsadm_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.if serefpolicy-3.3.1/policy/modules/system/fstools.if
--- nsaserefpolicy/policy/modules/system/fstools.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.if 2009-01-13 19:18:30.000000000 +0100
@@ -142,3 +142,21 @@
allow $1 swapfile_t:file getattr;
@@ -34378,7 +97324,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstools.te serefpolicy-3.3.1/policy/modules/system/fstools.te
--- nsaserefpolicy/policy/modules/system/fstools.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/fstools.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/fstools.te 2009-01-13 19:18:30.000000000 +0100
@@ -97,6 +97,10 @@
fs_getattr_tmpfs_dirs(fsadm_t)
fs_read_tmpfs_symlinks(fsadm_t)
@@ -34402,7 +97348,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/fstool
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.fc serefpolicy-3.3.1/policy/modules/system/getty.fc
--- nsaserefpolicy/policy/modules/system/getty.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.fc 2009-01-13 19:18:30.000000000 +0100
@@ -8,5 +8,5 @@
/var/run/mgetty\.pid.* -- gen_context(system_u:object_r:getty_var_run_t,s0)
@@ -34413,7 +97359,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
+/var/spool/voice(/.*)? gen_context(system_u:object_r:getty_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.te serefpolicy-3.3.1/policy/modules/system/getty.te
--- nsaserefpolicy/policy/modules/system/getty.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/getty.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/getty.te 2009-01-13 19:18:30.000000000 +0100
@@ -9,6 +9,7 @@
type getty_t;
type getty_exec_t;
@@ -34424,7 +97370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/getty.
type getty_etc_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostname.te serefpolicy-3.3.1/policy/modules/system/hostname.te
--- nsaserefpolicy/policy/modules/system/hostname.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hostname.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hostname.te 2009-01-13 19:18:30.000000000 +0100
@@ -8,7 +8,9 @@
type hostname_t;
@@ -34438,7 +97384,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hostna
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplug.te serefpolicy-3.3.1/policy/modules/system/hotplug.te
--- nsaserefpolicy/policy/modules/system/hotplug.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/hotplug.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/hotplug.te 2009-01-13 19:18:30.000000000 +0100
@@ -120,6 +120,7 @@
optional_policy(`
# for arping used for static IP addresses on PCMCIA ethernet
@@ -34457,7 +97403,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/hotplu
optional_policy(`
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.fc serefpolicy-3.3.1/policy/modules/system/init.fc
--- nsaserefpolicy/policy/modules/system/init.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.fc 2009-01-13 19:18:30.000000000 +0100
@@ -4,8 +4,7 @@
/etc/init\.d/.* -- gen_context(system_u:object_r:initrc_exec_t,s0)
@@ -34475,7 +97421,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.f
-
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.if serefpolicy-3.3.1/policy/modules/system/init.if
--- nsaserefpolicy/policy/modules/system/init.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.if 2009-01-13 19:18:30.000000000 +0100
@@ -211,6 +211,16 @@
kernel_dontaudit_use_fds($1)
')
@@ -34853,7 +97799,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.te serefpolicy-3.3.1/policy/modules/system/init.te
--- nsaserefpolicy/policy/modules/system/init.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/init.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/init.te 2009-01-13 19:18:30.000000000 +0100
@@ -10,6 +10,20 @@
# Declarations
#
@@ -35190,7 +98136,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/init.t
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.fc serefpolicy-3.3.1/policy/modules/system/ipsec.fc
--- nsaserefpolicy/policy/modules/system/ipsec.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.fc 2009-01-13 19:18:30.000000000 +0100
@@ -16,6 +16,8 @@
/usr/lib(64)?/ipsec/pluto -- gen_context(system_u:object_r:ipsec_exec_t,s0)
/usr/lib(64)?/ipsec/spi -- gen_context(system_u:object_r:ipsec_exec_t,s0)
@@ -35210,7 +98156,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.if serefpolicy-3.3.1/policy/modules/system/ipsec.if
--- nsaserefpolicy/policy/modules/system/ipsec.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.if 2009-01-13 19:18:30.000000000 +0100
@@ -152,6 +152,25 @@
########################################
@@ -35239,7 +98185,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
##
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.te serefpolicy-3.3.1/policy/modules/system/ipsec.te
--- nsaserefpolicy/policy/modules/system/ipsec.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/ipsec.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/ipsec.te 2009-01-13 19:18:30.000000000 +0100
@@ -55,11 +55,13 @@
allow ipsec_t self:capability { net_admin dac_override dac_read_search };
@@ -35269,7 +98215,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/ipsec.
can_exec(ipsec_t, ipsec_mgmt_exec_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.if serefpolicy-3.3.1/policy/modules/system/iptables.if
--- nsaserefpolicy/policy/modules/system/iptables.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.if 2009-01-13 19:18:30.000000000 +0100
@@ -49,6 +49,12 @@
iptables_domtrans($1)
role $2 types iptables_t;
@@ -35285,7 +98231,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptables.te serefpolicy-3.3.1/policy/modules/system/iptables.te
--- nsaserefpolicy/policy/modules/system/iptables.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iptables.te 2009-01-13 19:18:30.000000000 +0100
@@ -27,7 +27,7 @@
allow iptables_t self:process { sigchld sigkill sigstop signull signal };
allow iptables_t self:rawip_socket create_socket_perms;
@@ -35327,7 +98273,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iptabl
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.fc serefpolicy-3.3.1/policy/modules/system/iscsi.fc
--- nsaserefpolicy/policy/modules/system/iscsi.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,5 +1,5 @@
/sbin/iscsid -- gen_context(system_u:object_r:iscsid_exec_t,s0)
@@ -35338,7 +98284,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
/var/run/iscsid\.pid -- gen_context(system_u:object_r:iscsi_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.te serefpolicy-3.3.1/policy/modules/system/iscsi.te
--- nsaserefpolicy/policy/modules/system/iscsi.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/iscsi.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/iscsi.te 2009-01-13 19:18:30.000000000 +0100
@@ -28,8 +28,8 @@
# iscsid local policy
#
@@ -35369,7 +98315,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/iscsi.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.fc serefpolicy-3.3.1/policy/modules/system/libraries.fc
--- nsaserefpolicy/policy/modules/system/libraries.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.fc 2009-01-13 19:18:30.000000000 +0100
@@ -69,8 +69,10 @@
ifdef(`distro_gentoo',`
# despite the extensions, they are actually libs
@@ -35483,7 +98429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/libraries.te serefpolicy-3.3.1/policy/modules/system/libraries.te
--- nsaserefpolicy/policy/modules/system/libraries.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/libraries.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/libraries.te 2009-01-13 19:18:30.000000000 +0100
@@ -23,6 +23,9 @@
init_system_domain(ldconfig_t,ldconfig_exec_t)
role system_r types ldconfig_t;
@@ -35562,7 +98508,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/librar
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locallogin.te serefpolicy-3.3.1/policy/modules/system/locallogin.te
--- nsaserefpolicy/policy/modules/system/locallogin.te 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/locallogin.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/locallogin.te 2009-01-13 19:18:30.000000000 +0100
@@ -131,6 +131,7 @@
miscfiles_read_localization(local_login_t)
@@ -35631,7 +98577,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/locall
-')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.fc serefpolicy-3.3.1/policy/modules/system/logging.fc
--- nsaserefpolicy/policy/modules/system/logging.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.fc 2009-01-13 19:18:30.000000000 +0100
@@ -4,6 +4,8 @@
/etc/syslog.conf gen_context(system_u:object_r:syslog_conf_t,s0)
/etc/audit(/.*)? gen_context(system_u:object_r:auditd_etc_t,mls_systemhigh)
@@ -35679,7 +98625,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+/var/cfengine/outputs(/.*)? gen_context(system_u:object_r:var_log_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.if serefpolicy-3.3.1/policy/modules/system/logging.if
--- nsaserefpolicy/policy/modules/system/logging.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.if 2009-01-13 19:18:30.000000000 +0100
@@ -213,12 +213,7 @@
##
#
@@ -35694,7 +98640,33 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -596,6 +591,8 @@
+@@ -513,6 +508,25 @@
+ dontaudit $1 logfile:file getattr;
+ ')
+
++#######################################
++##
++## Getattr generic log files (/var/log/).
++##
++##
++##
++## Domain allowed access.
++##
++##
++#
++interface(`logging_getattr_generic_log_files',`
++ gen_require(`
++ type var_log_t;
++ ')
++
++ logging_search_logs($1)
++ getattr_files_pattern($1, var_log_t, var_log_t)
++')
++
+ ########################################
+ ##
+ ## Append to all log files.
+@@ -596,6 +610,8 @@
files_search_var($1)
manage_files_pattern($1,logfile,logfile)
read_lnk_files_pattern($1,logfile,logfile)
@@ -35703,7 +98675,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -641,6 +638,25 @@
+@@ -641,6 +657,25 @@
########################################
##
@@ -35729,7 +98701,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
## Read and write generic log files.
##
##
-@@ -705,6 +721,7 @@
+@@ -705,6 +740,7 @@
interface(`logging_admin_audit',`
gen_require(`
type auditd_t, auditd_etc_t, auditd_log_t;
@@ -35737,7 +98709,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
type auditd_var_run_t;
')
-@@ -719,6 +736,15 @@
+@@ -719,6 +755,15 @@
manage_dirs_pattern($1, auditd_var_run_t, auditd_var_run_t)
manage_files_pattern($1, auditd_var_run_t, auditd_var_run_t)
@@ -35753,7 +98725,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -749,6 +775,7 @@
+@@ -749,6 +794,7 @@
type syslogd_tmp_t, syslogd_var_lib_t;
type syslogd_var_run_t, klogd_var_run_t;
type klogd_tmp_t, var_log_t;
@@ -35761,7 +98733,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
allow $1 syslogd_t:process { ptrace signal_perms };
-@@ -776,6 +803,13 @@
+@@ -776,6 +822,13 @@
manage_files_pattern($1, syslogd_var_run_t, syslogd_var_run_t)
logging_manage_all_logs($1)
@@ -35775,7 +98747,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
')
########################################
-@@ -804,3 +838,128 @@
+@@ -804,3 +857,128 @@
logging_admin_audit($1, $2, $3)
logging_admin_syslog($1, $2, $3)
')
@@ -35906,7 +98878,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/logging.te serefpolicy-3.3.1/policy/modules/system/logging.te
--- nsaserefpolicy/policy/modules/system/logging.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/logging.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/logging.te 2009-01-13 19:18:30.000000000 +0100
@@ -61,10 +61,29 @@
logging_log_file(var_log_t)
files_mountpoint(var_log_t)
@@ -36159,7 +99131,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/loggin
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc serefpolicy-3.3.1/policy/modules/system/lvm.fc
--- nsaserefpolicy/policy/modules/system/lvm.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.fc 2009-01-13 19:18:30.000000000 +0100
@@ -55,6 +55,7 @@
/sbin/lvs -- gen_context(system_u:object_r:lvm_exec_t,s0)
/sbin/lvscan -- gen_context(system_u:object_r:lvm_exec_t,s0)
@@ -36175,7 +99147,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.fc
+/var/run/dmevent.* gen_context(system_u:object_r:lvm_var_run_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te serefpolicy-3.3.1/policy/modules/system/lvm.te
--- nsaserefpolicy/policy/modules/system/lvm.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/lvm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/lvm.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,7 +22,7 @@
role system_r types lvm_t;
@@ -36354,7 +99326,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/lvm.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.fc serefpolicy-3.3.1/policy/modules/system/miscfiles.fc
--- nsaserefpolicy/policy/modules/system/miscfiles.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.fc 2009-01-13 19:18:30.000000000 +0100
@@ -11,6 +11,7 @@
/etc/avahi/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
/etc/localtime -- gen_context(system_u:object_r:locale_t,s0)
@@ -36370,7 +99342,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
+HOME_DIR/\.fontconfig(/.*)? gen_context(system_u:object_r:user_fonts_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.if serefpolicy-3.3.1/policy/modules/system/miscfiles.if
--- nsaserefpolicy/policy/modules/system/miscfiles.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.if 2009-01-13 19:18:30.000000000 +0100
@@ -489,3 +489,65 @@
manage_lnk_files_pattern($1,locale_t,locale_t)
')
@@ -36439,7 +99411,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfiles.te serefpolicy-3.3.1/policy/modules/system/miscfiles.te
--- nsaserefpolicy/policy/modules/system/miscfiles.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/miscfiles.te 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,14 @@
files_type(fonts_t)
@@ -36457,7 +99429,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/miscfi
type hwdata_t;
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.if serefpolicy-3.3.1/policy/modules/system/modutils.if
--- nsaserefpolicy/policy/modules/system/modutils.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.if 2009-01-13 19:18:30.000000000 +0100
@@ -66,6 +66,25 @@
########################################
@@ -36494,7 +99466,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
########################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/modutils.te serefpolicy-3.3.1/policy/modules/system/modutils.te
--- nsaserefpolicy/policy/modules/system/modutils.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/modutils.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/modutils.te 2009-01-13 19:18:30.000000000 +0100
@@ -22,6 +22,8 @@
type insmod_exec_t;
application_domain(insmod_t,insmod_exec_t)
@@ -36637,7 +99609,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/moduti
#################################
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.fc serefpolicy-3.3.1/policy/modules/system/mount.fc
--- nsaserefpolicy/policy/modules/system/mount.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,6 @@
/bin/mount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
/bin/umount.* -- gen_context(system_u:object_r:mount_exec_t,s0)
@@ -36649,7 +99621,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+/usr/bin/fusermount -- gen_context(system_u:object_r:mount_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.if serefpolicy-3.3.1/policy/modules/system/mount.if
--- nsaserefpolicy/policy/modules/system/mount.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.if 2009-01-13 19:18:30.000000000 +0100
@@ -48,7 +48,9 @@
mount_domtrans($1)
@@ -36663,7 +99635,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
samba_run_smbmount($1, $2, $3)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.te serefpolicy-3.3.1/policy/modules/system/mount.te
--- nsaserefpolicy/policy/modules/system/mount.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/mount.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/mount.te 2009-01-13 19:18:30.000000000 +0100
@@ -18,17 +18,18 @@
init_system_domain(mount_t,mount_exec_t)
role system_r types mount_t;
@@ -36824,7 +99796,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/mount.
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlabel.te serefpolicy-3.3.1/policy/modules/system/netlabel.te
--- nsaserefpolicy/policy/modules/system/netlabel.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/netlabel.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/netlabel.te 2009-01-13 19:18:30.000000000 +0100
@@ -9,6 +9,7 @@
type netlabel_mgmt_t;
type netlabel_mgmt_exec_t;
@@ -36835,14 +99807,14 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/netlab
#
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.fc serefpolicy-3.3.1/policy/modules/system/qemu.fc
--- nsaserefpolicy/policy/modules/system/qemu.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,3 @@
+
+/usr/bin/qemu -- gen_context(system_u:object_r:qemu_exec_t,s0)
+/usr/bin/qemu-kvm -- gen_context(system_u:object_r:qemu_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.if serefpolicy-3.3.1/policy/modules/system/qemu.if
--- nsaserefpolicy/policy/modules/system/qemu.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,336 @@
+
+## policy for qemu
@@ -37182,7 +100154,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.te serefpolicy-3.3.1/policy/modules/system/qemu.te
--- nsaserefpolicy/policy/modules/system/qemu.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/qemu.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/qemu.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,79 @@
+policy_module(qemu,1.0.0)
+
@@ -37265,7 +100237,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/qemu.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.te serefpolicy-3.3.1/policy/modules/system/raid.te
--- nsaserefpolicy/policy/modules/system/raid.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/raid.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/raid.te 2009-01-13 19:18:30.000000000 +0100
@@ -19,7 +19,7 @@
# Local policy
#
@@ -37293,7 +100265,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/raid.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.fc serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc
--- nsaserefpolicy/policy/modules/system/selinuxutil.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.fc 2009-01-13 19:18:30.000000000 +0100
@@ -38,7 +38,7 @@
/usr/sbin/restorecond -- gen_context(system_u:object_r:restorecond_exec_t,s0)
/usr/sbin/run_init -- gen_context(system_u:object_r:run_init_exec_t,s0)
@@ -37314,7 +100286,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+/var/lib/selinux(/.*)? gen_context(system_u:object_r:selinux_var_lib_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.if serefpolicy-3.3.1/policy/modules/system/selinuxutil.if
--- nsaserefpolicy/policy/modules/system/selinuxutil.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.if 2009-01-13 19:18:30.000000000 +0100
@@ -389,7 +389,7 @@
##
##
@@ -37814,7 +100786,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinuxutil.te serefpolicy-3.3.1/policy/modules/system/selinuxutil.te
--- nsaserefpolicy/policy/modules/system/selinuxutil.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/selinuxutil.te 2009-01-13 19:18:30.000000000 +0100
@@ -23,6 +23,9 @@
type selinux_config_t;
files_type(selinux_config_t)
@@ -38177,7 +101149,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/selinu
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.fc serefpolicy-3.3.1/policy/modules/system/setrans.fc
--- nsaserefpolicy/policy/modules/system/setrans.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,3 +1,5 @@
/sbin/mcstransd -- gen_context(system_u:object_r:setrans_exec_t,s0)
@@ -38186,7 +101158,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
+/etc/rc\.d/init\.d/mcstrans -- gen_context(system_u:object_r:setrans_script_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.if serefpolicy-3.3.1/policy/modules/system/setrans.if
--- nsaserefpolicy/policy/modules/system/setrans.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.if 2009-01-13 19:18:30.000000000 +0100
@@ -13,6 +13,7 @@
interface(`setrans_translate_context',`
gen_require(`
@@ -38221,7 +101193,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setrans.te serefpolicy-3.3.1/policy/modules/system/setrans.te
--- nsaserefpolicy/policy/modules/system/setrans.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/setrans.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/setrans.te 2009-01-13 19:18:30.000000000 +0100
@@ -14,6 +14,9 @@
files_pid_file(setrans_var_run_t)
mls_trusted_object(setrans_var_run_t)
@@ -38251,7 +101223,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/setran
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.fc serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc
--- nsaserefpolicy/policy/modules/system/sysnetwork.fc 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.fc 2009-01-13 19:18:30.000000000 +0100
@@ -57,3 +57,5 @@
ifdef(`distro_gentoo',`
/var/lib/dhcpc(/.*)? gen_context(system_u:object_r:dhcpc_state_t,s0)
@@ -38260,7 +101232,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+/etc/firestarter/firestarter\.sh gen_context(system_u:object_r:dhcpc_helper_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.if serefpolicy-3.3.1/policy/modules/system/sysnetwork.if
--- nsaserefpolicy/policy/modules/system/sysnetwork.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.if 2009-01-13 19:18:30.000000000 +0100
@@ -145,6 +145,25 @@
########################################
@@ -38398,7 +101370,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnetwork.te serefpolicy-3.3.1/policy/modules/system/sysnetwork.te
--- nsaserefpolicy/policy/modules/system/sysnetwork.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/sysnetwork.te 2009-01-13 19:18:30.000000000 +0100
@@ -20,6 +20,10 @@
init_daemon_domain(dhcpc_t,dhcpc_exec_t)
role system_r types dhcpc_t;
@@ -38599,7 +101571,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/sysnet
xen_append_log(ifconfig_t)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.if serefpolicy-3.3.1/policy/modules/system/udev.if
--- nsaserefpolicy/policy/modules/system/udev.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.if 2009-01-13 19:18:30.000000000 +0100
@@ -96,6 +96,24 @@
########################################
@@ -38655,7 +101627,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.i
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.te serefpolicy-3.3.1/policy/modules/system/udev.te
--- nsaserefpolicy/policy/modules/system/udev.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/udev.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/udev.te 2009-01-13 19:18:30.000000000 +0100
@@ -83,6 +83,7 @@
kernel_rw_unix_dgram_sockets(udev_t)
kernel_dgram_send(udev_t)
@@ -38713,7 +101685,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/udev.t
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.fc serefpolicy-3.3.1/policy/modules/system/unconfined.fc
--- nsaserefpolicy/policy/modules/system/unconfined.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,16 +1,26 @@
# Add programs here which should not be confined by SELinux
# e.g.:
@@ -38749,7 +101721,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+/opt/real/(.*/)?realplay\.bin -- gen_context(system_u:object_r:unconfined_execmem_exec_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.if serefpolicy-3.3.1/policy/modules/system/unconfined.if
--- nsaserefpolicy/policy/modules/system/unconfined.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.if 2009-01-13 19:18:30.000000000 +0100
@@ -12,14 +12,13 @@
#
interface(`unconfined_domain_noaudit',`
@@ -39105,7 +102077,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconfined.te serefpolicy-3.3.1/policy/modules/system/unconfined.te
--- nsaserefpolicy/policy/modules/system/unconfined.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/unconfined.te 2009-01-13 19:18:30.000000000 +0100
@@ -6,35 +6,72 @@
# Declarations
#
@@ -39446,7 +102418,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/unconf
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.fc serefpolicy-3.3.1/policy/modules/system/userdomain.fc
--- nsaserefpolicy/policy/modules/system/userdomain.fc 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.fc 2009-01-13 19:18:30.000000000 +0100
@@ -1,4 +1,5 @@
-HOME_DIR -d gen_context(system_u:object_r:ROLE_home_dir_t,s0-mls_systemhigh)
-HOME_DIR/.+ gen_context(system_u:object_r:ROLE_home_t,s0)
@@ -39459,7 +102431,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+/root(/.*)? gen_context(system_u:object_r:admin_home_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.if serefpolicy-3.3.1/policy/modules/system/userdomain.if
--- nsaserefpolicy/policy/modules/system/userdomain.if 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.if 2009-01-13 19:18:30.000000000 +0100
@@ -29,9 +29,14 @@
')
@@ -42616,7 +105588,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdomain.te serefpolicy-3.3.1/policy/modules/system/userdomain.te
--- nsaserefpolicy/policy/modules/system/userdomain.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/userdomain.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/userdomain.te 2009-01-13 19:18:30.000000000 +0100
@@ -2,12 +2,7 @@
policy_module(userdomain,2.5.0)
@@ -42942,7 +105914,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/userdo
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.fc serefpolicy-3.3.1/policy/modules/system/virt.fc
--- nsaserefpolicy/policy/modules/system/virt.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,13 @@
+
+/usr/sbin/libvirtd -- gen_context(system_u:object_r:virtd_exec_t,s0)
@@ -42959,7 +105931,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.f
+/etc/libvirt/.*/.* gen_context(system_u:object_r:virt_etc_rw_t,s0)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.if serefpolicy-3.3.1/policy/modules/system/virt.if
--- nsaserefpolicy/policy/modules/system/virt.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,343 @@
+
+## policy for virt
@@ -43306,7 +106278,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.i
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.te serefpolicy-3.3.1/policy/modules/system/virt.te
--- nsaserefpolicy/policy/modules/system/virt.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/virt.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/virt.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,204 @@
+
+policy_module(virt,1.0.0)
@@ -43514,7 +106486,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/virt.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if serefpolicy-3.3.1/policy/modules/system/xen.if
--- nsaserefpolicy/policy/modules/system/xen.if 2008-02-26 14:23:10.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.if 2009-01-13 19:18:30.000000000 +0100
@@ -167,11 +167,14 @@
#
interface(`xen_stream_connect',`
@@ -43558,7 +106530,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.if
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te serefpolicy-3.3.1/policy/modules/system/xen.te
--- nsaserefpolicy/policy/modules/system/xen.te 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/system/xen.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/system/xen.te 2009-01-13 19:18:30.000000000 +0100
@@ -6,6 +6,13 @@
# Declarations
#
@@ -43768,17 +106740,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/system/xen.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.fc serefpolicy-3.3.1/policy/modules/users/auditadm.fc
--- nsaserefpolicy/policy/modules/users/auditadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No auditadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.if serefpolicy-3.3.1/policy/modules/users/auditadm.if
--- nsaserefpolicy/policy/modules/users/auditadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for auditadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditadm.te serefpolicy-3.3.1/policy/modules/users/auditadm.te
--- nsaserefpolicy/policy/modules/users/auditadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/auditadm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/auditadm.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,25 @@
+policy_module(auditadm,1.0.1)
+gen_require(`
@@ -43807,17 +106779,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/auditad
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.fc serefpolicy-3.3.1/policy/modules/users/guest.fc
--- nsaserefpolicy/policy/modules/users/guest.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No guest file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.if serefpolicy-3.3.1/policy/modules/users/guest.if
--- nsaserefpolicy/policy/modules/users/guest.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for guest user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.te serefpolicy-3.3.1/policy/modules/users/guest.te
--- nsaserefpolicy/policy/modules/users/guest.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/guest.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/guest.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,33 @@
+policy_module(guest,1.0.1)
+userdom_restricted_user_template(guest)
@@ -43854,17 +106826,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/guest.t
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.fc serefpolicy-3.3.1/policy/modules/users/logadm.fc
--- nsaserefpolicy/policy/modules/users/logadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No logadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.if serefpolicy-3.3.1/policy/modules/users/logadm.if
--- nsaserefpolicy/policy/modules/users/logadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for logadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.te serefpolicy-3.3.1/policy/modules/users/logadm.te
--- nsaserefpolicy/policy/modules/users/logadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/logadm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/logadm.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,11 @@
+policy_module(logadm,1.0.0)
+
@@ -43879,22 +106851,22 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/logadm.
+logging_admin(logadm_t, logadm_r, { logadm_devpts_t logadm_tty_device_t })
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/metadata.xml serefpolicy-3.3.1/policy/modules/users/metadata.xml
--- nsaserefpolicy/policy/modules/users/metadata.xml 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/metadata.xml 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/metadata.xml 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+Policy modules for users
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.fc serefpolicy-3.3.1/policy/modules/users/secadm.fc
--- nsaserefpolicy/policy/modules/users/secadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No secadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.if serefpolicy-3.3.1/policy/modules/users/secadm.if
--- nsaserefpolicy/policy/modules/users/secadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for secadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.te serefpolicy-3.3.1/policy/modules/users/secadm.te
--- nsaserefpolicy/policy/modules/users/secadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/secadm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/secadm.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,39 @@
+policy_module(secadm,1.0.1)
+gen_require(`
@@ -43937,17 +106909,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/secadm.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.fc serefpolicy-3.3.1/policy/modules/users/staff.fc
--- nsaserefpolicy/policy/modules/users/staff.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No staff file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.if serefpolicy-3.3.1/policy/modules/users/staff.if
--- nsaserefpolicy/policy/modules/users/staff.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for staff user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.te serefpolicy-3.3.1/policy/modules/users/staff.te
--- nsaserefpolicy/policy/modules/users/staff.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/staff.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/staff.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,30 @@
+policy_module(staff,1.0.1)
+userdom_admin_login_user_template(staff)
@@ -43981,17 +106953,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/staff.t
+
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.fc serefpolicy-3.3.1/policy/modules/users/user.fc
--- nsaserefpolicy/policy/modules/users/user.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No user file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.if serefpolicy-3.3.1/policy/modules/users/user.if
--- nsaserefpolicy/policy/modules/users/user.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for user user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te serefpolicy-3.3.1/policy/modules/users/user.te
--- nsaserefpolicy/policy/modules/users/user.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/user.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/user.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,18 @@
+policy_module(user,1.0.1)
+userdom_unpriv_user_template(user)
@@ -44013,17 +106985,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/user.te
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.fc serefpolicy-3.3.1/policy/modules/users/webadm.fc
--- nsaserefpolicy/policy/modules/users/webadm.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No webadm file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.if serefpolicy-3.3.1/policy/modules/users/webadm.if
--- nsaserefpolicy/policy/modules/users/webadm.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for webadm user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.te serefpolicy-3.3.1/policy/modules/users/webadm.te
--- nsaserefpolicy/policy/modules/users/webadm.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/webadm.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/webadm.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,41 @@
+policy_module(webadm,1.0.0)
+
@@ -44068,17 +107040,17 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/webadm.
+userdom_role_change_template(staff, webadm)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.fc serefpolicy-3.3.1/policy/modules/users/xguest.fc
--- nsaserefpolicy/policy/modules/users/xguest.fc 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.fc 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.fc 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+# No xguest file contexts.
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.if serefpolicy-3.3.1/policy/modules/users/xguest.if
--- nsaserefpolicy/policy/modules/users/xguest.if 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.if 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.if 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1 @@
+## Policy for xguest user
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.te serefpolicy-3.3.1/policy/modules/users/xguest.te
--- nsaserefpolicy/policy/modules/users/xguest.te 1970-01-01 01:00:00.000000000 +0100
-+++ serefpolicy-3.3.1/policy/modules/users/xguest.te 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/modules/users/xguest.te 2009-01-13 19:18:30.000000000 +0100
@@ -0,0 +1,69 @@
+policy_module(xguest,1.0.1)
+
@@ -44151,7 +107123,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/users/xguest.
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns.spt serefpolicy-3.3.1/policy/support/file_patterns.spt
--- nsaserefpolicy/policy/support/file_patterns.spt 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/file_patterns.spt 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/file_patterns.spt 2009-01-13 19:18:30.000000000 +0100
@@ -537,3 +537,23 @@
allow $1 $2:dir rw_dir_perms;
type_transition $1 $2:$4 $3;
@@ -44178,7 +107150,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/file_patterns
+')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets.spt serefpolicy-3.3.1/policy/support/obj_perm_sets.spt
--- nsaserefpolicy/policy/support/obj_perm_sets.spt 2008-02-26 14:23:09.000000000 +0100
-+++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/support/obj_perm_sets.spt 2009-01-13 19:18:30.000000000 +0100
@@ -193,7 +193,7 @@
define(`create_dir_perms',`{ getattr create }')
define(`rename_dir_perms',`{ getattr rename }')
@@ -44258,7 +107230,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/support/obj_perm_sets
+define(`manage_key_perms', `{ create link read search setattr view write } ')
diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3.1/policy/users
--- nsaserefpolicy/policy/users 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/policy/users 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/policy/users 2009-01-13 19:18:30.000000000 +0100
@@ -16,7 +16,7 @@
# and a user process should never be assigned the system user
# identity.
@@ -44294,7 +107266,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/users serefpolicy-3.3
+gen_user(root, user, unconfined_r sysadm_r staff_r ifdef(`enable_mls',`secadm_r auditadm_r') system_r, s0, s0 - mls_systemhigh, mcs_allcats)
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.3.1/Rules.modular
--- nsaserefpolicy/Rules.modular 2008-02-26 14:23:12.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.modular 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/Rules.modular 2009-01-13 19:18:30.000000000 +0100
@@ -73,8 +73,8 @@
$(tmpdir)/%.mod: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf %.te
@echo "Compliling $(NAME) $(@F) module"
@@ -44326,7 +107298,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.modular serefpolicy-3.
$(tmpdir)/all_te_files.conf: $(m4support) $(tmpdir)/generated_definitions.conf $(tmpdir)/all_interfaces.conf $(base_te_files) $(tmpdir)/rolemap.conf
diff --exclude-from=exclude -N -u -r nsaserefpolicy/Rules.monolithic serefpolicy-3.3.1/Rules.monolithic
--- nsaserefpolicy/Rules.monolithic 2008-02-26 14:23:13.000000000 +0100
-+++ serefpolicy-3.3.1/Rules.monolithic 2009-01-05 11:17:34.000000000 +0100
++++ serefpolicy-3.3.1/Rules.monolithic 2009-01-13 19:18:30.000000000 +0100
@@ -96,7 +96,7 @@
#
# Load the binary policy
diff --git a/selinux-policy.spec b/selinux-policy.spec
index cb2ab15..2f554e1 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -20,7 +20,7 @@
Summary: SELinux policy configuration
Name: selinux-policy
Version: 3.3.1
-Release: 117%{?dist}
+Release: 118%{?dist}
License: GPLv2+
Group: System Environment/Base
Source: serefpolicy-%{version}.tgz
@@ -443,6 +443,10 @@ exit 0
%endif
%changelog
+* Tue Jan 13 2009 Miroslav Grepl 3.3.1-118
+- Allow kismet read generic files in /usr
+- Lots of fixes for munin
+
* Mon Jan 5 2009 Miroslav Grepl 3.3.1-117
- Add label to /var/run/mod_.*
- Add label to /var/turboprint(/.*)?