From 5ba29432782295ceaeb0085d0fe9123d7736b0f1 Mon Sep 17 00:00:00 2001
From: Nikola Knazekova <nknazeko@redhat.com>
Date: Mon, 22 Aug 2022 15:43:13 +0200
Subject: [PATCH] Update tor_bind_all_unreserved_ports interface

When enabled boolean tor_bind_all_unreserved_ports,
allow tor bind UDP sockets to all ports > 1024.

Fix: bz#2089486
---
 policy/modules/contrib/tor.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/policy/modules/contrib/tor.te b/policy/modules/contrib/tor.te
index 4b0554c374..0dc670b885 100644
--- a/policy/modules/contrib/tor.te
+++ b/policy/modules/contrib/tor.te
@@ -8,7 +8,7 @@ policy_module(tor, 1.9.0)
 ## <desc>
 ##	<p>
 ##	Determine whether tor can bind
-##	tcp sockets to all unreserved ports.
+##	tcp and udp sockets to all unreserved ports.
 ##	</p>
 ## </desc>
 gen_tunable(tor_bind_all_unreserved_ports, false)
@@ -131,6 +131,7 @@ logging_send_syslog_msg(tor_t)
 tunable_policy(`tor_bind_all_unreserved_ports',`
 	corenet_sendrecv_all_server_packets(tor_t)
 	corenet_tcp_bind_all_unreserved_ports(tor_t)
+	corenet_udp_bind_all_unreserved_ports(tor_t)
 ')
 
 tunable_policy(`tor_can_network_relay',`