PERFORCE change 113428 for review

Todd Miller millert at FreeBSD.org
Mon Jan 22 20:20:56 UTC 2007


http://perforce.freebsd.org/chv.cgi?CH=113428

Change 113428 by millert at millert_macbook on 2007/01/22 20:20:40

	Add TCP/UDP netif permissions as needed.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#9 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#19 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#8 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#9 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/DirectoryService.te#9 (text+ko) ====

@@ -134,4 +134,7 @@
 # Search /var/vm
 files_search_vm(DirectoryService_t)
 
+# Networking
 corenet_tcp_connect_smbd_port(DirectoryService_t)
+corenet_tcp_sendrecv_all_if(DirectoryService_t)
+corenet_udp_sendrecv_all_if(DirectoryService_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/configd.te#19 (text+ko) ====

@@ -47,6 +47,7 @@
 
 ## Networking basics (adjust to your needs!)
 sysnet_dns_name_resolve(configd_t)
+corenet_raw_send_all_if(configd_t)
 corenet_tcp_sendrecv_all_if(configd_t)
 corenet_tcp_sendrecv_all_nodes(configd_t)
 corenet_tcp_sendrecv_all_ports(configd_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/lookupd.te#8 (text+ko) ====

@@ -107,3 +107,7 @@
 # Read /var
 files_list_var(lookupd_t)
 files_read_var_files(lookupd_t)
+
+# TCP/UDP send/receive
+corenet_tcp_sendrecv_all_if(lookupd_t)
+corenet_udp_send_all_if(lookupd_t)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/refpolicy/policy/modules/darwin/mDNSResponder.te#9 (text+ko) ====

@@ -94,3 +94,6 @@
 
 # Read /sbin
 allow mDNSResponder_t sbin_t:dir { getattr read search };
+
+# UDP send/receive
+corenet_udp_sendrecv_all_if(mDNSResponder_t)


More information about the trustedbsd-cvs mailing list