From: dominick.grift@gmail.com (Dominick Grift)
Date: Thu, 02 May 2013 17:41:25 +0200
Subject: [refpolicy] [PATCH/RFC 2/2] Add minidlna policy
In-Reply-To: <20130501183845.GC25116@siphos.be>
References: <20130501183657.GA25116@siphos.be>
	<20130501183845.GC25116@siphos.be>
Message-ID: <1367509285.27309.34.camel@d30>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2013-05-01 at 20:38 +0200, Sven Vermeulen wrote:

> +corenet_sendrecv_ssdp_client_packets(minidlna_t)
> +corenet_sendrecv_ssdp_server_packets(minidlna_t)
> +
> +corenet_tcp_bind_generic_node(minidlna_t)
> +corenet_tcp_sendrecv_generic_if(minidlna_t)
> +corenet_tcp_sendrecv_generic_node(minidlna_t)
> +
> +corenet_udp_bind_generic_node(minidlna_t)
> +corenet_udp_bind_ssdp_port(minidlna_t)
> +
> +corenet_sendrecv_trivnet1_client_packets(minidlna_t)
> +corenet_sendrecv_trivnet1_server_packets(minidlna_t)
> +corenet_tcp_bind_trivnet1_port(minidlna_t)
> +

Another oversight

You do not need the "client_packets" interface calls if the domain does
not connect to the port

In this case minidlna domain only binds tcp sockets to trivnet1 ports,
and udp sockets to ssdp ports

i think we also need these:

corenet_tcp_sendrecv_trivnet1_port(minidlna_t)
corenet_udp_sendrecv_ssdp_port(minidlna_t)