policy/test_sctp.te: add missing corenet_inout_generic_if() calls

These are only needed when peer labeling is enabled, which is normally true only in some parts of the testsuite, but nothing prevents it from being enabled the whole time (either by configuration or policy capability), so better add the missing rules. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
SELinuxProject · Nov 4, 2024 · 000b2bf · 000b2bf
1 parent d75675e
commit 000b2bf
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/policy/test_sctp.te b/policy/test_sctp.te
@@ -122,6 +122,7 @@ typeattribute test_sctp_connectx_t sctpsocketdomain;
 allow test_sctp_connectx_t self:sctp_socket create_stream_socket_perms;
 corenet_sctp_bind_all_nodes(test_sctp_connectx_t)
 corenet_inout_generic_node(test_sctp_connectx_t)
+corenet_inout_generic_if(test_sctp_connectx_t)
 
 #
 ############################# Deny Connectx #################################
@@ -132,6 +133,7 @@ typeattribute test_sctp_deny_connectx_t sctpsocketdomain;
 allow test_sctp_deny_connectx_t self:sctp_socket { create listen accept bind ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(test_sctp_deny_connectx_t)
 corenet_inout_generic_node(test_sctp_deny_connectx_t)
+corenet_inout_generic_if(test_sctp_deny_connectx_t)
 
 #
 ############################## Bindx #####################################
@@ -142,6 +144,7 @@ typeattribute test_sctp_bindx_t sctpsocketdomain;
 allow test_sctp_bindx_t self:sctp_socket create_stream_socket_perms;
 corenet_sctp_bind_all_nodes(test_sctp_bindx_t)
 corenet_inout_generic_node(test_sctp_bindx_t)
+corenet_inout_generic_if(test_sctp_bindx_t)
 
 #
 ############################## Deny Bindx ###################################
@@ -152,6 +155,7 @@ typeattribute test_sctp_deny_bindx_t sctpsocketdomain;
 allow test_sctp_deny_bindx_t self:sctp_socket { create ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(test_sctp_deny_bindx_t)
 corenet_inout_generic_node(test_sctp_deny_bindx_t)
+corenet_inout_generic_if(test_sctp_deny_bindx_t)
 
 #
 ############################# ASCONF Server ##############################
@@ -162,6 +166,7 @@ typeattribute sctp_asconf_params_server_t sctpsocketdomain;
 allow sctp_asconf_params_server_t self:sctp_socket { create listen bind ioctl read getattr write getopt setopt };
 corenet_sctp_bind_all_nodes(sctp_asconf_params_server_t)
 corenet_inout_generic_node(sctp_asconf_params_server_t)
+corenet_inout_generic_if(sctp_asconf_params_server_t)
 
 #
 ############################# ASCONF Client ##############################