Split-off EPMD-related rules

Signed-off-by: Peter Lemenkov <[email protected]>

ejabberd.te

@@ -31,12 +31,12 @@ auth_use_nsswitch(ejabberd_t)
 corecmd_exec_bin(ejabberd_t)
 corecmd_exec_shell(ejabberd_t)
 
-corenet_tcp_bind_epmd_port(ejabberd_t)
+epmd_query(rabbitmq_t)
+
 corenet_tcp_bind_generic_node(ejabberd_t)
 corenet_tcp_bind_generic_port(ejabberd_t)
 corenet_tcp_bind_jabber_client_port(ejabberd_t)
 corenet_tcp_bind_jabber_interserver_port(ejabberd_t)
-corenet_tcp_connect_epmd_port(ejabberd_t)
 corenet_tcp_connect_generic_port(ejabberd_t)
 corenet_tcp_connect_jabber_interserver_port(ejabberd_t)
 

epmd.if

@@ -0,0 +1,12 @@
+interface(`epmd_query',`
+	gen_require(`
+		type epmd_port_t;
+		class tcp_socket { name_bind name_connect };
+	')
+
+	corenet_tcp_bind_epmd_port($1)
+	corenet_tcp_connect_epmd_port($1)
+
+	corenet_sendrecv_epmd_client_packets($1)
+	corenet_tcp_sendrecv_epmd_port($1)
+')

rabbitmq.te

@@ -75,20 +75,18 @@ corenet_tcp_bind_generic_node(rabbitmq_t)
 corenet_tcp_connect_all_ephemeral_ports(rabbitmq_t)
 corenet_tcp_bind_all_ephemeral_ports(rabbitmq_t)
 corenet_sendrecv_amqp_server_packets(rabbitmq_t)
-corenet_sendrecv_epmd_client_packets(rabbitmq_t)
 corenet_tcp_sendrecv_amqp_port(rabbitmq_t)
 corenet_tcp_bind_amqp_port(rabbitmq_t)
-corenet_tcp_bind_epmd_port(rabbitmq_t)
 corenet_tcp_bind_jabber_client_port(rabbitmq_t)
 corenet_tcp_bind_jabber_interserver_port(rabbitmq_t)
 corenet_tcp_bind_rabbitmq_port(rabbitmq_t)
 corenet_tcp_connect_amqp_port(rabbitmq_t)
-corenet_tcp_connect_epmd_port(rabbitmq_t)
 corenet_tcp_connect_jabber_interserver_port(rabbitmq_t)
-corenet_tcp_sendrecv_epmd_port(rabbitmq_t)
 corenet_tcp_connect_http_port(rabbitmq_t)
 corenet_tcp_connect_rabbitmq_port(rabbitmq_t)
 
+epmd_query(rabbitmq_t)
+
 domain_read_all_domains_state(rabbitmq_t)
 
 auth_read_passwd(rabbitmq_t)