[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     202b3249febffbb02fc90263302c51d667f163e3
Author:     Luis Ressel <aranea <AT> aixah <DOT> de>
AuthorDate: Mon Aug 11 21:40:51 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Aug 19 20:06:40 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=202b3249

kernel/corenetwork.te: Add all registered IRC ports

IANA has registered 6665-9/tcp and 6697 for IRC.

---
 policy/modules/kernel/corenetwork.te.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 47efbdb..a8de5f2 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -152,7 +152,7 @@ network_port(ionixnetmon, tcp,7410,s0, udp,7410,s0)
 network_port(ipmi, udp,623,s0, udp,664,s0)
 network_port(ipp, tcp,631,s0, udp,631,s0, tcp,8610-8614,s0, udp,8610-8614,s0)
 network_port(ipsecnat, tcp,4500,s0, udp,4500,s0)
-network_port(ircd, tcp,6667,s0)
+network_port(ircd, tcp,6665,s0, tcp,6666,s0, tcp,6667,s0, tcp,6668,s0, tcp,6669,s0, tcp,6697,s0)
 network_port(isakmp, udp,500,s0)
 network_port(iscsi, tcp,3260,s0)
 network_port(isns, tcp,3205,s0, udp,3205,s0)

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     f21a2de7c6552dac39f6149c57bdef83ec80495e
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Mon Aug 18 19:21:49 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Aug 19 20:06:41 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f21a2de7

Module version bump for full IRC ports from Luis Ressel.

---
 policy/modules/kernel/corenetwork.te.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index a8de5f2..7fb8a5b 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -1,4 +1,4 @@
-policy_module(corenetwork, 1.20.1)
+policy_module(corenetwork, 1.20.2)
 
 ########################################
 #

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     a6e3727f6a44639b69ee0e63580611504dd29a65
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Tue Aug 19 20:23:13 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Aug 19 20:23:13 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=a6e3727f

Built from .te.in

---
 policy/modules/kernel/corenetwork.te | 39 +++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corenetwork.te b/policy/modules/kernel/corenetwork.te
index 83cdee2..f1830c7 100644
--- a/policy/modules/kernel/corenetwork.te
+++ b/policy/modules/kernel/corenetwork.te
@@ -2,7 +2,7 @@
 # This is a generated file!  Instead of modifying this file, the
 # corenetwork.te.in or corenetwork.te.m4 file should be modified.
 #
-policy_module(corenetwork, 1.19.0)
+policy_module(corenetwork, 1.20.2)
 
 ########################################
 #
@@ -460,6 +460,14 @@ portcon tcp 53 gen_context(system_u:object_r:dns_port_t,s0)
 portcon udp 53 gen_context(system_u:object_r:dns_port_t,s0)
 
 
+type dropbox_port_t, port_type, defined_port_type;
+type dropbox_client_packet_t, packet_type, client_packet_type;
+type dropbox_server_packet_t, packet_type, server_packet_type;
+typeattribute dropbox_port_t unreserved_port_type;
+portcon tcp 17500 gen_context(system_u:object_r:dropbox_port_t,s0)
+portcon udp 17500 gen_context(system_u:object_r:dropbox_port_t,s0)
+
+
 type efs_port_t, port_type, defined_port_type;
 type efs_client_packet_t, packet_type, client_packet_type;
 type efs_server_packet_t, packet_type, server_packet_type;
@@ -526,6 +534,15 @@ portcon tcp 1721 gen_context(system_u:object_r:gatekeeper_port_t,s0)
 portcon tcp 7000 gen_context(system_u:object_r:gatekeeper_port_t,s0)
 
 
+type gdomap_port_t, port_type, defined_port_type;
+type gdomap_client_packet_t, packet_type, client_packet_type;
+type gdomap_server_packet_t, packet_type, server_packet_type;
+typeattribute gdomap_port_t reserved_port_type;
+typeattribute gdomap_port_t rpc_port_type;
+portcon tcp 538 gen_context(system_u:object_r:gdomap_port_t,s0)
+portcon udp 538 gen_context(system_u:object_r:gdomap_port_t,s0)
+
+
 type gds_db_port_t, port_type, defined_port_type;
 type gds_db_client_packet_t, packet_type, client_packet_type;
 type gds_db_server_packet_t, packet_type, server_packet_type;
@@ -746,7 +763,12 @@ type ircd_port_t, port_type, defined_port_type;
 type ircd_client_packet_t, packet_type, client_packet_type;
 type ircd_server_packet_t, packet_type, server_packet_type;
 typeattribute ircd_port_t unreserved_port_type;
+portcon tcp 6665 gen_context(system_u:object_r:ircd_port_t,s0)
+portcon tcp 6666 gen_context(system_u:object_r:ircd_port_t,s0)
 portcon tcp 6667 gen_context(system_u:object_r:ircd_port_t,s0)
+portcon tcp 6668 gen_context(system_u:object_r:ircd_port_t,s0)
+portcon tcp 6669 gen_context(system_u:object_r:ircd_port_t,s0)
+portcon tcp 6697 gen_context(system_u:object_r:ircd_port_t,s0)
 
 
 type isakmp_port_t, port_type, defined_port_type;
@@ -1318,6 +1340,13 @@ typeattribute razor_port_t unreserved_port_type;
 portcon tcp 2703 gen_context(system_u:object_r:razor_port_t,s0)
 
 
+type redis_port_t, port_type, defined_port_type;
+type redis_client_packet_t, packet_type, client_packet_type;
+type redis_server_packet_t, packet_type, server_packet_type;
+typeattribute redis_port_t unreserved_port_type;
+portcon tcp 6379 gen_context(system_u:object_r:redis_port_t,s0)
+
+
 type repository_port_t, port_type, defined_port_type;
 type repository_client_packet_t, packet_type, client_packet_type;
 type repository_server_packet_t, packet_type, server_packet_type;
@@ -1409,6 +1438,14 @@ typeattribute rwho_port_t rpc_port_type;
 portcon udp 513 gen_context(system_u:object_r:rwho_port_t,s0)
 
 
+type salt_port_t, port_type, defined_port_type;
+type salt_client_packet_t, packet_type, client_packet_type;
+type salt_server_packet_t, packet_type, server_packet_type;
+typeattribute salt_port_t unreserved_port_type;
+portcon tcp 4505 gen_context(system_u:object_r:salt_port_t,s0)
+portcon tcp 4506 gen_context(system_u:object_r:salt_port_t,s0)
+
+
 type sap_port_t, port_type, defined_port_type;
 type sap_client_packet_t, packet_type, client_packet_type;
 type sap_server_packet_t, packet_type, server_packet_type;

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     f9197659eb19f9e0c8c05129f2753169104ae71e
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sat Aug 23 11:35:47 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Aug 26 14:52:14 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=f9197659

Fix typo in fs_getattr_all_fs description

---
 policy/modules/kernel/filesystem.if | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policy/modules/kernel/filesystem.if b/policy/modules/kernel/filesystem.if
index 5b80ee2..b6b7063 100644
--- a/policy/modules/kernel/filesystem.if
+++ b/policy/modules/kernel/filesystem.if
@@ -4625,7 +4625,7 @@ interface(`fs_unmount_all_fs',`
 ## <desc>
 ##	<p>
 ##	Allow the specified domain to
-##	et the attributes of all filesystems.
+##	get the attributes of all filesystems.
 ##	Example attributes:
 ##	</p>
 ##	<ul>

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     9ac5c5fd0b882e1bccdce448fb06d11e8660ff50
Author:     Chris PeBenito <cpebenito <AT> tresys <DOT> com>
AuthorDate: Tue Aug 26 13:14:44 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Aug 26 14:52:17 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=9ac5c5fd

Module version bump for misc fixes from Nicolas Iooss.

---
 policy/modules/kernel/corecommands.te | 2 +-
 policy/modules/kernel/files.te        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/policy/modules/kernel/corecommands.te b/policy/modules/kernel/corecommands.te
index 00fbc3d..873031e 100644
--- a/policy/modules/kernel/corecommands.te
+++ b/policy/modules/kernel/corecommands.te
@@ -1,4 +1,4 @@
-policy_module(corecommands, 1.19.3)
+policy_module(corecommands, 1.19.4)
 
 ########################################
 #

diff --git a/policy/modules/kernel/files.te b/policy/modules/kernel/files.te
index 9a4eb58..6397fec 100644
--- a/policy/modules/kernel/files.te
+++ b/policy/modules/kernel/files.te
@@ -1,4 +1,4 @@
-policy_module(files, 1.19.1)
+policy_module(files, 1.19.2)
 
 ########################################
 #

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     7f17bb6538aa58f6199373fb8a4f3f34db25915d
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sat Aug 23 11:35:45 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Aug 26 14:52:06 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=7f17bb65

Label /usr/lib/networkmanager/ like /usr/lib/NetworkManager/

On ArchLinux the directory name of Network Manager in /usr/lib is
written in lowercase but not the files in /usr/bin, /var/lib, etc.

While at it, remove a useless backslash before a minus character.

---
 policy/modules/kernel/corecommands.fc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 433040b..52cb3ee 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -232,7 +232,8 @@ ifdef(`distro_gentoo',`
 /usr/lib/misc/sftp-server	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/nagios/plugins(/.*)?		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/netsaint/plugins(/.*)?		gen_context(system_u:object_r:bin_t,s0)
-/usr/lib/NetworkManager/nm\-.*	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/NetworkManager/nm-.*	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/networkmanager/nm-.*	--	gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/news/bin(/.*)?			gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/nspluginwrapper/np.*		gen_context(system_u:object_r:bin_t,s0)
 /usr/lib/portage/bin(/.*)?		gen_context(system_u:object_r:bin_t,s0)

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     c1cf5db371b24eaaed3fbb1f8eaf713f371a61fa
Author:     Nicolas Iooss <nicolas.iooss <AT> m4x <DOT> org>
AuthorDate: Sat Aug 23 11:35:51 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Aug 26 14:52:10 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=c1cf5db3

Label (/var)?/tmp/systemd-private-.../tmp like /tmp

Such directories are used by systemd as private mountpoints for
services.

---
 policy/modules/kernel/files.fc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/policy/modules/kernel/files.fc b/policy/modules/kernel/files.fc
index 1a83f34..3c61990 100644
--- a/policy/modules/kernel/files.fc
+++ b/policy/modules/kernel/files.fc
@@ -191,6 +191,10 @@ ifdef(`distro_debian',`
 /tmp/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
 /tmp/lost\+found/.*		<<none>>
 
+/tmp/systemd-private-[^/]+	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/tmp/systemd-private-[^/]+/tmp	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/tmp/systemd-private-[^/]+/tmp/.*	<<none>>
+
 #
 # /usr
 #
@@ -265,6 +269,9 @@ ifndef(`distro_redhat',`
 /var/tmp/.*			<<none>>
 /var/tmp/lost\+found	-d	gen_context(system_u:object_r:lost_found_t,mls_systemhigh)
 /var/tmp/lost\+found/.*		<<none>>
+/var/tmp/systemd-private-[^/]+	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/var/tmp/systemd-private-[^/]+/tmp	-d	gen_context(system_u:object_r:tmp_t,s0-mls_systemhigh)
+/var/tmp/systemd-private-[^/]+/tmp/.*	<<none>>
 /var/tmp/vi\.recover	-d	gen_context(system_u:object_r:tmp_t,s0)
 
 ifdef(`distro_debian',`

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     3a6d2a23dd689eaac41d3534c954c24e9c2dc3f2
Author:     Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be>
AuthorDate: Sun Aug 31 18:26:32 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Sun Aug 31 18:26:32 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=3a6d2a23

Python-exec wrappers has scripts in specific location, mark those as bin_t

---
 policy/modules/kernel/corecommands.fc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/policy/modules/kernel/corecommands.fc b/policy/modules/kernel/corecommands.fc
index 52cb3ee..7e1b58c 100644
--- a/policy/modules/kernel/corecommands.fc
+++ b/policy/modules/kernel/corecommands.fc
@@ -422,5 +422,8 @@ ifdef(`distro_suse',`
 ')
 
 ifdef(`distro_gentoo',`
+/usr/lib/python-exec/python-exec2	--	gen_context(system_u:object_r:bin_t,s0)
+/usr/lib/python-exec/python.*/.*	--	gen_context(system_u:object_r:bin_t,s0)
+
 /usr/lib/xfce4/notifyd/xfce4-notifyd	--	gen_context(system_u:object_r:bin_t,s0)
 ')

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     05215b2ddd6e0a938a4c58d08b5c927d87e2a8f6
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Oct  7 19:08:07 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Tue Oct  7 19:08:07 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=05215b2d

Add port for ADB (Android Debug Bridge)

---
 policy/modules/kernel/corenetwork.te.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7fb8a5b..a118109 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -73,6 +73,7 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
 #
 type server_packet_t, packet_type, server_packet_type;
 
+network_port(adb, tcp,5037,s0)
 network_port(afs_bos, udp,7007,s0)
 network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
 network_port(afs_ka, udp,7004,s0)

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     39751155c3c38f3b73467dd8ee242cd237e0748a
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Oct  7 19:08:07 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Wed Oct  8 16:40:59 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=39751155

Add port for ADB (Android Debug Bridge)

---
 policy/modules/kernel/corenetwork.te.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7fb8a5b..a118109 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -73,6 +73,7 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
 #
 type server_packet_t, packet_type, server_packet_type;
 
+network_port(adb, tcp,5037,s0)
 network_port(afs_bos, udp,7007,s0)
 network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
 network_port(afs_ka, udp,7004,s0)

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     6b653f7723d7621a5b6a17bd7c16f0dec841217f
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Oct  7 19:08:07 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Sun Oct 12 08:27:18 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=6b653f77

Add port for ADB (Android Debug Bridge)

---
 policy/modules/kernel/corenetwork.te.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7fb8a5b..a118109 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -73,6 +73,7 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
 #
 type server_packet_t, packet_type, server_packet_type;
 
+network_port(adb, tcp,5037,s0)
 network_port(afs_bos, udp,7007,s0)
 network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
 network_port(afs_ka, udp,7004,s0)

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     342060e2976143e4e99ca9f63db8bd36c78fa1eb
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Tue Oct  7 19:08:07 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Sun Oct 12 09:51:25 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=342060e2

Add port for ADB (Android Debug Bridge)

---
 policy/modules/kernel/corenetwork.te.in | 1 +
 1 file changed, 1 insertion(+)

diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 7fb8a5b..a118109 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -73,6 +73,7 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
 #
 type server_packet_t, packet_type, server_packet_type;
 
+network_port(adb, tcp,5037,s0)
 network_port(afs_bos, udp,7007,s0)
 network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
 network_port(afs_ka, udp,7004,s0)

[gentoo-commits] proj/hardened-refpolicy:perfinion commit in: policy/modules/kernel/

[Jason Zaman]

commit:     85b4cc48c489b4f2cb3591d0650d0182974aa691
Author:     Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Sat Oct 25 19:19:22 2014 +0000
Commit:     Jason Zaman <gentoo <AT> perfinion <DOT> com>
CommitDate: Sat Oct 25 19:19:22 2014 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=85b4cc48

regenerated corenetwork.te after adding adb ports

---
 policy/modules/kernel/corenetwork.if | 443 +++++++++++++++++++++++++++++++++++
 policy/modules/kernel/corenetwork.te |   7 +
 2 files changed, 450 insertions(+)

diff --git a/policy/modules/kernel/corenetwork.if b/policy/modules/kernel/corenetwork.if
index 5431c56..3385d83 100644
--- a/policy/modules/kernel/corenetwork.if
+++ b/policy/modules/kernel/corenetwork.if
@@ -3161,6 +3161,449 @@ interface(`corenet_unconfined',`
 
 ########################################
 ## <summary>
+##	Send and receive TCP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+interface(`corenet_tcp_sendrecv_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:tcp_socket { send_msg recv_msg };
+')
+
+########################################
+## <summary>
+##	Send UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+interface(`corenet_udp_send_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:udp_socket send_msg;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to send UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_udp_send_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	dontaudit $1 adb_port_t:udp_socket send_msg;
+')
+
+########################################
+## <summary>
+##	Receive UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+interface(`corenet_udp_receive_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:udp_socket recv_msg;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to receive UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_udp_receive_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	dontaudit $1 adb_port_t:udp_socket recv_msg;
+')
+
+########################################
+## <summary>
+##	Send and receive UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+interface(`corenet_udp_sendrecv_adb_port',`
+	corenet_udp_send_adb_port($1)
+	corenet_udp_receive_adb_port($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive
+##	UDP traffic on the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_udp_sendrecv_adb_port',`
+	corenet_dontaudit_udp_send_adb_port($1)
+	corenet_dontaudit_udp_receive_adb_port($1)
+')
+
+########################################
+## <summary>
+##	Bind TCP sockets to the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_tcp_bind_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:tcp_socket name_bind;
+	
+')
+
+########################################
+## <summary>
+##	Bind UDP sockets to the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_udp_bind_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:udp_socket name_bind;
+	
+')
+
+########################################
+## <summary>
+##	Make a TCP connection to the adb port.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_tcp_connect_adb_port',`
+	gen_require(`
+		type adb_port_t;
+	')
+
+	allow $1 adb_port_t:tcp_socket name_connect;
+')
+
+
+########################################
+## <summary>
+##	Send adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+interface(`corenet_send_adb_client_packets',`
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	allow $1 adb_client_packet_t:packet send;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to send adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_send_adb_client_packets',`
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	dontaudit $1 adb_client_packet_t:packet send;
+')
+
+########################################
+## <summary>
+##	Receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+interface(`corenet_receive_adb_client_packets',`
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	allow $1 adb_client_packet_t:packet recv;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_receive_adb_client_packets',`
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	dontaudit $1 adb_client_packet_t:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+interface(`corenet_sendrecv_adb_client_packets',`
+	corenet_send_adb_client_packets($1)
+	corenet_receive_adb_client_packets($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive adb_client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_sendrecv_adb_client_packets',`
+	corenet_dontaudit_send_adb_client_packets($1)
+	corenet_dontaudit_receive_adb_client_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to adb_client the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_adb_client_packets',`
+	gen_require(`
+		type adb_client_packet_t;
+	')
+
+	allow $1 adb_client_packet_t:packet relabelto;
+')
+
+
+########################################
+## <summary>
+##	Send adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="write" weight="10"/>
+#
+interface(`corenet_send_adb_server_packets',`
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	allow $1 adb_server_packet_t:packet send;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to send adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_send_adb_server_packets',`
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	dontaudit $1 adb_server_packet_t:packet send;
+')
+
+########################################
+## <summary>
+##	Receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="read" weight="10"/>
+#
+interface(`corenet_receive_adb_server_packets',`
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	allow $1 adb_server_packet_t:packet recv;
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_receive_adb_server_packets',`
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	dontaudit $1 adb_server_packet_t:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+## <infoflow type="both" weight="10"/>
+#
+interface(`corenet_sendrecv_adb_server_packets',`
+	corenet_send_adb_server_packets($1)
+	corenet_receive_adb_server_packets($1)
+')
+
+########################################
+## <summary>
+##	Do not audit attempts to send and receive adb_server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain to not audit.
+##	</summary>
+## </param>
+## <infoflow type="none"/>
+#
+interface(`corenet_dontaudit_sendrecv_adb_server_packets',`
+	corenet_dontaudit_send_adb_server_packets($1)
+	corenet_dontaudit_receive_adb_server_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to adb_server the packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_adb_server_packets',`
+	gen_require(`
+		type adb_server_packet_t;
+	')
+
+	allow $1 adb_server_packet_t:packet relabelto;
+')
+
+
+
+
+########################################
+## <summary>
 ##	Send and receive TCP traffic on the afs_bos port.
 ## </summary>
 ## <param name="domain">

diff --git a/policy/modules/kernel/corenetwork.te b/policy/modules/kernel/corenetwork.te
index f1830c7..1bbf3c5 100644
--- a/policy/modules/kernel/corenetwork.te
+++ b/policy/modules/kernel/corenetwork.te
@@ -78,6 +78,13 @@ type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
 type server_packet_t, packet_type, server_packet_type;
 
 
+type adb_port_t, port_type, defined_port_type;
+type adb_client_packet_t, packet_type, client_packet_type;
+type adb_server_packet_t, packet_type, server_packet_type;
+typeattribute adb_port_t unreserved_port_type;
+portcon tcp 5037 gen_context(system_u:object_r:adb_port_t,s0)
+
+
 type afs_bos_port_t, port_type, defined_port_type;
 type afs_bos_client_packet_t, packet_type, client_packet_type;
 type afs_bos_server_packet_t, packet_type, server_packet_type;