From: sds@tycho.nsa.gov (Stephen Smalley)
Date: Fri, 22 May 2015 08:49:50 -0400
Subject: [refpolicy] [PATCH] contrib: networkmanager: allow
	netlink_generic_socket access
Message-ID: <1432298990-19866-1-git-send-email-sds@tycho.nsa.gov>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

refpolicy commit 58b302957652322288618ceda0771d39e74a9e46
defined the new netlink socket security classes introduced by
kernel commit 223ae516404a7a65f09e79a1c0291521c233336e.
NetworkManager requires netlink_generic_socket access when
running on a kernel with this change.  Add an allow rule for it,
while retaining the existing :netlink_socket rule for compatibility
on older kernels.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 networkmanager.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/networkmanager.te b/networkmanager.te
index abd35ac..7dc7cb7 100644
--- a/networkmanager.te
+++ b/networkmanager.te
@@ -47,6 +47,7 @@ allow NetworkManager_t self:unix_dgram_socket sendto;
 allow NetworkManager_t self:unix_stream_socket { accept listen };
 allow NetworkManager_t self:netlink_route_socket create_netlink_socket_perms;
 allow NetworkManager_t self:netlink_socket create_socket_perms;
+allow NetworkManager_t self:netlink_generic_socket create_socket_perms;
 allow NetworkManager_t self:netlink_kobject_uevent_socket create_socket_perms;
 allow NetworkManager_t self:tcp_socket { accept listen };
 allow NetworkManager_t self:tun_socket { create_socket_perms relabelfrom relabelto };
-- 
2.1.0