[PATCH testsuite] policy/test_sctp.te: add missing corenet_inout_generic_if() calls

Ondrej Mosnacek <omosnace@xxxxxxxxxx> · Wed, 6 Nov 2024 16:44:54 +0100

These are only needed when peer labeling is enabled, which is normally
true only in some parts of the testsuite, but nothing prevents it from
being enabled the whole time (either by configuration or policy
capability), so better add the missing rules.

Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
---
 policy/test_sctp.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/policy/test_sctp.te b/policy/test_sctp.te
index 8db84a3..fb057b9 100644
--- a/policy/test_sctp.te
+++ b/policy/test_sctp.te
@@ -122,6 +122,7 @@ typeattribute test_sctp_connectx_t sctpsocketdomain;
 allow test_sctp_connectx_t self:sctp_socket create_stream_socket_perms;
 corenet_sctp_bind_all_nodes(test_sctp_connectx_t)
 corenet_inout_generic_node(test_sctp_connectx_t)
+corenet_inout_generic_if(test_sctp_connectx_t)
 
 #
 ############################# Deny Connectx #################################
@@ -132,6 +133,7 @@ typeattribute test_sctp_deny_connectx_t sctpsocketdomain;
 allow test_sctp_deny_connectx_t self:sctp_socket { create listen accept bind ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(test_sctp_deny_connectx_t)
 corenet_inout_generic_node(test_sctp_deny_connectx_t)
+corenet_inout_generic_if(test_sctp_deny_connectx_t)
 
 #
 ############################## Bindx #####################################
@@ -142,6 +144,7 @@ typeattribute test_sctp_bindx_t sctpsocketdomain;
 allow test_sctp_bindx_t self:sctp_socket create_stream_socket_perms;
 corenet_sctp_bind_all_nodes(test_sctp_bindx_t)
 corenet_inout_generic_node(test_sctp_bindx_t)
+corenet_inout_generic_if(test_sctp_bindx_t)
 
 #
 ############################## Deny Bindx ###################################
@@ -152,6 +155,7 @@ typeattribute test_sctp_deny_bindx_t sctpsocketdomain;
 allow test_sctp_deny_bindx_t self:sctp_socket { create ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(test_sctp_deny_bindx_t)
 corenet_inout_generic_node(test_sctp_deny_bindx_t)
+corenet_inout_generic_if(test_sctp_deny_bindx_t)
 
 #
 ############################# ASCONF Server ##############################
@@ -162,6 +166,7 @@ typeattribute sctp_asconf_params_server_t sctpsocketdomain;
 allow sctp_asconf_params_server_t self:sctp_socket { create listen bind ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(sctp_asconf_params_server_t)
 corenet_inout_generic_node(sctp_asconf_params_server_t)
+corenet_inout_generic_if(sctp_asconf_params_server_t)
 
 #
 ############################# ASCONF Client ##############################
-- 
2.47.0








