From 65c1a66265908f3d5a39fa201d6b6f9f2a2981a4 Mon Sep 17 00:00:00 2001
From: Patrik Koncity <pkoncity@redhat.com>
Date: Tue, 11 Aug 2020 13:51:55 +0200
Reference: https://github.com/fedora-selinux/selinux-policy/commit/65c1a66265908f3d5a39fa201d6b6f9f2a2981a4
Conflict: NA
Subject: [PATCH] Create macro corenet_icmp_bind_generic_node()

This macro allowing bind ICMP sockets to generic nodes in node_t domain.
---
 policy/modules/kernel/corenetwork.if.in | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index 1ed5283..1858e41 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -863,6 +863,24 @@ interface(`corenet_sctp_bind_generic_node',`
 
 ########################################
 ## <summary>
+##	Bind ICMP sockets to generic nodes.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_icmp_bind_generic_node',`
+	gen_require(`
+		type node_t;
+	')
+
+	allow $1 node_t:icmp_socket node_bind;
+')
+
+########################################
+## <summary>
 ##	Bind TCP sockets to generic nodes.
 ## </summary>
 ## <desc>
-- 
1.8.3.1