From: debian@mikapflueger.de (=?UTF-8?q?Mika=20Pfl=C3=BCger?=)
Date: Mon, 15 Oct 2012 22:55:49 +0200
Subject: [refpolicy] [PATCH] Label port 5546 as dhcpc_port_t and allow
	dhcpc_t to bind to TCP for client control
Message-ID: <1350334549-25166-1-git-send-email-debian@mikapflueger.de>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

From: Russell Coker <russell@coker.com.au>

Client control is used by the wide dhcp6 client, which can be controlled
via dhcp6ctl. This works by communicating over port 5546.
---
 policy/modules/kernel/corenetwork.te.in |    2 +-
 policy/modules/system/sysnetwork.te     |    1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index c054304..fbdcbce 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -115,7 +115,7 @@ network_port(daap, tcp,3689,s0, udp,3689,s0)
 network_port(dbskkd, tcp,1178,s0)
 network_port(dcc, udp,6276,s0, udp,6277,s0)
 network_port(dccm, tcp,5679,s0, udp,5679,s0)
-network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
+network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0, udp,5546,s0, tcp,5546,s0)
 network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
 network_port(dict, tcp,2628,s0)
 network_port(distccd, tcp,3632,s0)
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index 8f9d08d..4e255b4 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -103,6 +103,7 @@ corenet_tcp_sendrecv_all_ports(dhcpc_t)
 corenet_udp_sendrecv_all_ports(dhcpc_t)
 corenet_tcp_bind_all_nodes(dhcpc_t)
 corenet_udp_bind_all_nodes(dhcpc_t)
+corenet_tcp_bind_dhcpc_port(dhcpc_t)
 corenet_udp_bind_dhcpc_port(dhcpc_t)
 corenet_tcp_connect_all_ports(dhcpc_t)
 corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
-- 
1.7.10.4