From aa522c3ee7f6d02f5eeeb1d2c5fc443846126d3d Mon Sep 17 00:00:00 2001
From: Drew Northup <drew.northup@maine.edu>
Date: Mon, 2 Oct 2023 10:33:38 -0400
Subject: [PATCH] SELINUX: Add squid_port_t to the policy tunables

As Squid is a popular Forward Proxy platform, and security binaries
should be compiled by trusted partners, add use of squid_port_t to the
supplied SELINUX policy object.

Satisfies Issue #162
---
 pam_duo/authlogin_duo.te | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pam_duo/authlogin_duo.te b/pam_duo/authlogin_duo.te
index 21b2d98..9a1720a 100644
--- a/pam_duo/authlogin_duo.te
+++ b/pam_duo/authlogin_duo.te
@@ -27,14 +27,15 @@ gen_require(`
     type http_cache_port_t;
     type http_port_t;
     type local_login_t;
+    type squid_port_t;
     type sshd_t;
     class tcp_socket name_connect;
     ')
 
 tunable_policy(`pam_duo_permit_sshd',`
-    allow sshd_t {http_port_t http_cache_port_t}:tcp_socket name_connect;
+    allow sshd_t {http_port_t http_cache_port_t squid_port_t}:tcp_socket name_connect;
 ')
 
 tunable_policy(`pam_duo_permit_local_login',`
-    allow local_login_t {http_port_t http_cache_port_t}:tcp_socket name_connect;
+    allow local_login_t {http_port_t http_cache_port_t squid_port_t}:tcp_socket name_connect;
 ')