2014-06-07 19:44:32

by sven.vermeulen

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] Add dropbox_port_t support

The dropbox application has a feature called "LAN Sync" which works on
TCP & UDP port 17500. Marking this port as dropbox_port_t (instead of
the currently default unreserved_port_t) allows for more fine-grained
access control to this resource.

Signed-off-by: Sven Vermeulen <[email protected]>
---
policy/modules/kernel/corenetwork.te.in | 1 +
1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7fe89bc..5f28977 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -120,6 +120,7 @@ network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0,
network_port(dict, tcp,2628,s0)
network_port(distccd, tcp,3632,s0)
network_port(dns, tcp,53,s0, udp,53,s0)
+network_port(dropbox, tcp,17500,s0, udp,17500,s0)
network_port(efs, tcp,520,s0)
network_port(embrace_dp_c, tcp,3198,s0, udp,3198,s0)
network_port(epmap, tcp,135,s0, udp,135,s0)
--
1.8.5.5


2014-06-09 15:02:07

by cpebenito

[permalink] [raw]
Subject: [refpolicy] [PATCH 1/1] Add dropbox_port_t support

On 06/07/2014 03:44 PM, Sven Vermeulen wrote:
> The dropbox application has a feature called "LAN Sync" which works on
> TCP & UDP port 17500. Marking this port as dropbox_port_t (instead of
> the currently default unreserved_port_t) allows for more fine-grained
> access control to this resource.
>
> Signed-off-by: Sven Vermeulen <[email protected]>
> ---
> policy/modules/kernel/corenetwork.te.in | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
> index 7fe89bc..5f28977 100644
> --- a/policy/modules/kernel/corenetwork.te.in
> +++ b/policy/modules/kernel/corenetwork.te.in
> @@ -120,6 +120,7 @@ network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0,
> network_port(dict, tcp,2628,s0)
> network_port(distccd, tcp,3632,s0)
> network_port(dns, tcp,53,s0, udp,53,s0)
> +network_port(dropbox, tcp,17500,s0, udp,17500,s0)
> network_port(efs, tcp,520,s0)
> network_port(embrace_dp_c, tcp,3198,s0, udp,3198,s0)
> network_port(epmap, tcp,135,s0, udp,135,s0)

Merged.

--
Chris PeBenito
Tresys Technology, LLC
http://www.tresys.com | oss.tresys.com