From 74596f9220c904b756a5f610a8d4c9bd5fb5c76c Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Wed, 16 Nov 2011 16:06:55 -0500
Subject: [PATCH] We need to treat port_t and unreserved_port_t as generic_port
 types

---
 policy/modules/kernel/corenetwork.if.in | 52 ++++++++++++-------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index cf422f44..f4e36ee8 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -1239,10 +1239,10 @@ interface(`corenet_raw_bind_all_nodes',`
 #
 interface(`corenet_dccp_sendrecv_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	allow $1 port_t:dccp_socket { send_msg recv_msg };
+	allow $1 { port_t unreserved_port_t }:dccp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1257,10 +1257,10 @@ interface(`corenet_dccp_sendrecv_generic_port',`
 #
 interface(`corenet_tcp_sendrecv_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	allow $1 port_t:tcp_socket { send_msg recv_msg };
+	allow $1 { port_t unreserved_port_t }:tcp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1277,10 +1277,10 @@ interface(`corenet_tcp_sendrecv_generic_port',`
 #
 interface(`corenet_dontaudit_dccp_sendrecv_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	dontaudit $1 port_t:dccp_socket { send_msg recv_msg };
+	dontaudit $1 { port_t unreserved_port_t }:dccp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1295,10 +1295,10 @@ interface(`corenet_dontaudit_dccp_sendrecv_generic_port',`
 #
 interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	dontaudit $1 port_t:tcp_socket { send_msg recv_msg };
+	dontaudit $1 { port_t unreserved_port_t }:tcp_socket { send_msg recv_msg };
 ')
 
 ########################################
@@ -1313,10 +1313,10 @@ interface(`corenet_dontaudit_tcp_sendrecv_generic_port',`
 #
 interface(`corenet_udp_send_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	allow $1 port_t:udp_socket send_msg;
+	allow $1 { port_t unreserved_port_t }:udp_socket send_msg;
 ')
 
 ########################################
@@ -1331,10 +1331,10 @@ interface(`corenet_udp_send_generic_port',`
 #
 interface(`corenet_udp_receive_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	allow $1 port_t:udp_socket recv_msg;
+	allow $1 { port_t unreserved_port_t }:udp_socket recv_msg;
 ')
 
 ########################################
@@ -1364,11 +1364,11 @@ interface(`corenet_udp_sendrecv_generic_port',`
 #
 interface(`corenet_dccp_bind_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 		attribute defined_port_type;
 	')
 
-	allow $1 port_t:dccp_socket name_bind;
+	allow $1 { port_t unreserved_port_t }:dccp_socket name_bind;
 	dontaudit $1 defined_port_type:dccp_socket name_bind;
 ')
 
@@ -1384,11 +1384,11 @@ interface(`corenet_dccp_bind_generic_port',`
 #
 interface(`corenet_tcp_bind_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 		attribute defined_port_type;
 	')
 
-	allow $1 port_t:tcp_socket name_bind;
+	allow $1 { port_t unreserved_port_t }:tcp_socket name_bind;
 	dontaudit $1 defined_port_type:tcp_socket name_bind;
 ')
 
@@ -1405,10 +1405,10 @@ interface(`corenet_tcp_bind_generic_port',`
 #
 interface(`corenet_dontaudit_dccp_bind_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	dontaudit $1 port_t:dccp_socket name_bind;
+	dontaudit $1 { port_t unreserved_port_t }:dccp_socket name_bind;
 ')
 
 ########################################
@@ -1423,10 +1423,10 @@ interface(`corenet_dontaudit_dccp_bind_generic_port',`
 #
 interface(`corenet_dontaudit_tcp_bind_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	dontaudit $1 port_t:tcp_socket name_bind;
+	dontaudit $1 { port_t unreserved_port_t }:tcp_socket name_bind;
 ')
 
 ########################################
@@ -1441,11 +1441,11 @@ interface(`corenet_dontaudit_tcp_bind_generic_port',`
 #
 interface(`corenet_udp_bind_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 		attribute defined_port_type;
 	')
 
-	allow $1 port_t:udp_socket name_bind;
+	allow $1 { port_t unreserved_port_t }:udp_socket name_bind;
 	dontaudit $1 defined_port_type:udp_socket name_bind;
 ')
 
@@ -1461,10 +1461,10 @@ interface(`corenet_udp_bind_generic_port',`
 #
 interface(`corenet_dccp_connect_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	allow $1 port_t:dccp_socket name_connect;
+	allow $1 { port_t unreserved_port_t }:dccp_socket name_connect;
 ')
 
 ########################################
@@ -1479,10 +1479,10 @@ interface(`corenet_dccp_connect_generic_port',`
 #
 interface(`corenet_tcp_connect_generic_port',`
 	gen_require(`
-		type port_t;
+		type port_t, unreserved_port_t;
 	')
 
-	allow $1 port_t:tcp_socket name_connect;
+	allow $1 { port_t unreserved_port_t }:tcp_socket name_connect;
 ')
 
 ########################################
-- 
2.47.3