We need to treat port_t and unreserved_port_t as generic_port types

diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index cf422f44e83a4f303e2e9f940985d67205552051..f4e36ee8a8ffb3394c8cddea7469ee41458e207e 100644 (file)
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -1239,10 +1239,10 @@ interface(`corenet_raw_bind_all_nodes',`
 #
 interface(`corenet_dccp_sendrecv_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       allow $1 port_t:dccp_socket { send_msg recv_msg };
+       allow $1 { port_t unreserved_port_t }:dccp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1257,10 +1257,10 @@ interface(`corenet_dccp_sendrecv_generic_port',`
 #
 interface(`corenet_tcp_sendrecv_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       allow $1 port_t:tcp_socket { send_msg recv_msg };
+       allow $1 { port_t unreserved_port_t }:tcp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1277,10 +1277,10 @@ interface(`corenet_tcp_sendrecv_generic_port',`
 #
 interface(`corenet_dontaudit_dccp_sendrecv_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       dontaudit $1 port_t:dccp_socket { send_msg recv_msg };
+       dontaudit $1 { port_t unreserved_port_t }:dccp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1295,10 +1295,10 @@ interface(`corenet_dontaudit_dccp_sendrecv_generic_port',`
 #
 interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       dontaudit $1 port_t:tcp_socket { send_msg recv_msg };
+       dontaudit $1 { port_t unreserved_port_t }:tcp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1313,10 +1313,10 @@ interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
 #
 interface(`corenet_udp_send_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       allow $1 port_t:udp_socket send_msg;
+       allow $1 { port_t unreserved_port_t }:udp_socket send_msg;
 ')
 
 ########################################
@@ -1331,10 +1331,10 @@ interface(`corenet_udp_send_generic_port',`
 #
 interface(`corenet_udp_receive_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       allow $1 port_t:udp_socket recv_msg;
+       allow $1 { port_t unreserved_port_t }:udp_socket recv_msg;
 ')
 
 ########################################
@@ -1364,11 +1364,11 @@ interface(`corenet_udp_sendrecv_generic_port',`
 #
 interface(`corenet_dccp_bind_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
                attribute defined_port_type;
        ')
 
-       allow $1 port_t:dccp_socket name_bind;
+       allow $1 { port_t unreserved_port_t }:dccp_socket name_bind;
        dontaudit $1 defined_port_type:dccp_socket name_bind;
 ')
 
@@ -1384,11 +1384,11 @@ interface(`corenet_dccp_bind_generic_port',`
 #
 interface(`corenet_tcp_bind_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
                attribute defined_port_type;
        ')
 
-       allow $1 port_t:tcp_socket name_bind;
+       allow $1 { port_t unreserved_port_t }:tcp_socket name_bind;
        dontaudit $1 defined_port_type:tcp_socket name_bind;
 ')
 
@@ -1405,10 +1405,10 @@ interface(`corenet_tcp_bind_generic_port',`
 #
 interface(`corenet_dontaudit_dccp_bind_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       dontaudit $1 port_t:dccp_socket name_bind;
+       dontaudit $1 { port_t unreserved_port_t }:dccp_socket name_bind;
 ')
 
 ########################################
@@ -1423,10 +1423,10 @@ interface(`corenet_dontaudit_dccp_bind_generic_port',`
 #
 interface(`corenet_dontaudit_tcp_bind_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       dontaudit $1 port_t:tcp_socket name_bind;
+       dontaudit $1 { port_t unreserved_port_t }:tcp_socket name_bind;
 ')
 
 ########################################
@@ -1441,11 +1441,11 @@ interface(`corenet_dontaudit_tcp_bind_generic_port',`
 #
 interface(`corenet_udp_bind_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
                attribute defined_port_type;
        ')
 
-       allow $1 port_t:udp_socket name_bind;
+       allow $1 { port_t unreserved_port_t }:udp_socket name_bind;
        dontaudit $1 defined_port_type:udp_socket name_bind;
 ')
 
@@ -1461,10 +1461,10 @@ interface(`corenet_udp_bind_generic_port',`
 #
 interface(`corenet_dccp_connect_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       allow $1 port_t:dccp_socket name_connect;
+       allow $1 { port_t unreserved_port_t }:dccp_socket name_connect;
 ')
 
 ########################################
@@ -1479,10 +1479,10 @@ interface(`corenet_dccp_connect_generic_port',`
 #
 interface(`corenet_tcp_connect_generic_port',`
        gen_require(`
-               type port_t;
+               type port_t, unreserved_port_t;
        ')
 
-       allow $1 port_t:tcp_socket name_connect;
+       allow $1 { port_t unreserved_port_t }:tcp_socket name_connect;
 ')
 
 ########################################