From 59702592ab2888410465c08e0cf72faa282df9cd Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 29 Oct 2013 14:42:37 -0400
Subject: [PATCH] Make mtp permissive or unconfined.

Also add rules from our policy.

Change-Id: I096025c1820f0b51f1abdf249c744cba387e0a65
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 mtp.te | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/mtp.te b/mtp.te
index 48a552579..9681daf49 100644
--- a/mtp.te
+++ b/mtp.te
@@ -1,7 +1,16 @@
 # vpn tunneling protocol manager
 type mtp, domain;
+permissive_or_unconfined(mtp)
 type mtp_exec, exec_type, file_type;
 
 init_daemon_domain(mtp)
 net_domain(mtp)
-unconfined_domain(mtp)
+
+# pptp policy
+allow mtp self:tcp_socket create_socket_perms;
+allow mtp self:socket create_socket_perms;
+allow mtp self:rawip_socket create_socket_perms;
+allow mtp self:capability net_raw;
+allow mtp ppp:process signal;
+allow mtp port:tcp_socket name_connect;
+allow mtp vpn_data_file:dir search;
-- 
GitLab