From 8c23816640766f435f36d27add6cb18885e18aa1 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Mon, 28 Nov 2011 20:45:02 -0500
Subject: [PATCH] Change port 9050 to tor_socks_port_t and then allow openvpn
 to connect to it

---
 policy/modules/kernel/corenetwork.te.in | 3 ++-
 policy/modules/services/openvpn.te      | 1 +
 policy/modules/services/privoxy.te      | 1 +
 policy/modules/services/tor.te          | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 9c48de6a..630e5e27 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -270,7 +270,8 @@ network_port(syslogd, udp,514,s0, tcp,6514,s0, udp,6514,s0)
 network_port(tcs, tcp, 30003, s0)
 network_port(telnetd, tcp,23,s0)
 network_port(tftp, udp,69,s0)
-network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051,s0)
+network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9051,s0)
+network_port(tor_socks, tcp,9050,s0)
 network_port(traceroute, udp,64000-64010,s0)
 network_port(transproxy, tcp,8081,s0)
 network_port(ups, tcp,3493,s0)
diff --git a/policy/modules/services/openvpn.te b/policy/modules/services/openvpn.te
index ed5aae9c..6b730750 100644
--- a/policy/modules/services/openvpn.te
+++ b/policy/modules/services/openvpn.te
@@ -94,6 +94,7 @@ corenet_udp_bind_openvpn_port(openvpn_t)
 corenet_tcp_bind_http_port(openvpn_t)
 corenet_tcp_connect_openvpn_port(openvpn_t)
 corenet_tcp_connect_http_port(openvpn_t)
+corenet_tcp_connect_tor_socks_port(openvpn_t)
 corenet_tcp_connect_http_cache_port(openvpn_t)
 corenet_rw_tun_tap_dev(openvpn_t)
 corenet_sendrecv_openvpn_server_packets(openvpn_t)
diff --git a/policy/modules/services/privoxy.te b/policy/modules/services/privoxy.te
index 28d7fe57..83230048 100644
--- a/policy/modules/services/privoxy.te
+++ b/policy/modules/services/privoxy.te
@@ -63,6 +63,7 @@ corenet_tcp_connect_squid_port(privoxy_t)
 corenet_tcp_connect_ftp_port(privoxy_t)
 corenet_tcp_connect_pgpkeyserver_port(privoxy_t)
 corenet_tcp_connect_tor_port(privoxy_t)
+corenet_tcp_connect_tor_socks_port(privoxy_t)
 corenet_sendrecv_http_cache_client_packets(privoxy_t)
 corenet_sendrecv_squid_client_packets(privoxy_t)
 corenet_sendrecv_http_cache_server_packets(privoxy_t)
diff --git a/policy/modules/services/tor.te b/policy/modules/services/tor.te
index 1136b10a..037dd90e 100644
--- a/policy/modules/services/tor.te
+++ b/policy/modules/services/tor.te
@@ -88,6 +88,7 @@ corenet_tcp_sendrecv_all_reserved_ports(tor_t)
 corenet_tcp_bind_generic_node(tor_t)
 corenet_udp_bind_generic_node(tor_t)
 corenet_tcp_bind_tor_port(tor_t)
+corenet_tcp_bind_tor_socks_port(tor_t)
 corenet_udp_bind_dns_port(tor_t)
 corenet_sendrecv_tor_server_packets(tor_t)
 corenet_sendrecv_dns_server_packets(tor_t)
-- 
2.47.3