blob: e95d675f5d29a91c83e5a3b5b0729c4ca2e89a6e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From b1599e01fe3f3e7a1c2048d1c466e3e842952924 Mon Sep 17 00:00:00 2001
From: Dominick Grift <dominick.grift@gmail.com>
Date: Fri, 27 Sep 2013 11:35:41 +0200
Subject: [PATCH] sysnetwork: dhcpc binds socket to random high udp ports
sysnetwork: do not audit attempts by ifconfig to read, and
write dhcpc udp sockets (looks like a leaked fd)
Upstream-Status: backport
Signed-off-by: Dominick Grift <dominick.grift@gmail.com>
---
policy/modules/system/sysnetwork.te | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/policy/modules/system/sysnetwork.te b/policy/modules/system/sysnetwork.te
index f9dce11..67709b5 100644
--- a/policy/modules/system/sysnetwork.te
+++ b/policy/modules/system/sysnetwork.te
@@ -111,7 +111,9 @@ corenet_tcp_bind_dhcpc_port(dhcpc_t)
corenet_udp_bind_dhcpc_port(dhcpc_t)
corenet_tcp_connect_all_ports(dhcpc_t)
corenet_sendrecv_dhcpd_client_packets(dhcpc_t)
-corenet_sendrecv_dhcpc_server_packets(dhcpc_t)
+
+corenet_sendrecv_all_server_packets(dhcpc_t)
+corenet_udp_bind_all_unreserved_ports(dhcpc_t)
dev_read_sysfs(dhcpc_t)
# for SSP:
@@ -313,6 +315,8 @@ modutils_domtrans_insmod(ifconfig_t)
seutil_use_runinit_fds(ifconfig_t)
+sysnet_dontaudit_rw_dhcpc_udp_sockets(ifconfig_t)
+
userdom_use_user_terminals(ifconfig_t)
userdom_use_all_users_fds(ifconfig_t)
--
1.7.10.4
|
