[refpolicy] [PATCH/RFC 2/2] Add minidlna policy

Dominick Grift dominick.grift at gmail.com
Thu May 2 11:41:25 EDT 2013


On Wed, 2013-05-01 at 20:38 +0200, Sven Vermeulen wrote:

> +corenet_sendrecv_ssdp_client_packets(minidlna_t)
> +corenet_sendrecv_ssdp_server_packets(minidlna_t)
> +
> +corenet_tcp_bind_generic_node(minidlna_t)
> +corenet_tcp_sendrecv_generic_if(minidlna_t)
> +corenet_tcp_sendrecv_generic_node(minidlna_t)
> +
> +corenet_udp_bind_generic_node(minidlna_t)
> +corenet_udp_bind_ssdp_port(minidlna_t)
> +
> +corenet_sendrecv_trivnet1_client_packets(minidlna_t)
> +corenet_sendrecv_trivnet1_server_packets(minidlna_t)
> +corenet_tcp_bind_trivnet1_port(minidlna_t)
> +

Another oversight

You do not need the "client_packets" interface calls if the domain does
not connect to the port

In this case minidlna domain only binds tcp sockets to trivnet1 ports,
and udp sockets to ssdp ports

i think we also need these:

corenet_tcp_sendrecv_trivnet1_port(minidlna_t)
corenet_udp_sendrecv_ssdp_port(minidlna_t)



More information about the refpolicy mailing list