rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
08eb9d1a33
selinux-policy/strict/types/network.te

123 lines
3.6 KiB
Plaintext
Raw Normal View History

initial commit
2005-04-29 17:45:15 +00:00
#
# Authors: Stephen Smalley <sds@epoch.ncsc.mil> and Timothy Fraser
#
# Modified by Reino Wallin <reino@oribium.com>
# Multi NIC, and IPSEC features
# Modified by Russell Coker
# Move port types to their respective domains, add ifdefs, other cleanups.
# generally we do not want to define port types in this file, but some things
# are insanely difficult to do elsewhere, xserver_port_t is a good example
# getting the type defined is the easy part for X, conditional code for many
# other domains (including one that starts with a) is the hard part.
ifdef(`xdm.te', `define(`use_x_ports')')
ifdef(`startx.te', `define(`use_x_ports')')
ifdef(`xauth.te', `define(`use_x_ports')')
ifdef(`xserver.te', `define(`use_x_ports')')
ifdef(`use_x_ports', `
type xserver_port_t, port_type;
')
#
# Defines used by the te files need to be defined outside of net_constraints
#
ifdef(`named.te', `define(`use_dns')')
ifdef(`nsd.te', `define(`use_dns')')
ifdef(`tinydns.te', `define(`use_dns')')
ifdef(`dnsmasq.te', `define(`use_dns')')
ifdef(`use_dns', `
type dns_port_t, port_type;
')
ifdef(`dhcpd.te', `define(`use_dhcpd')')
ifdef(`dnsmasq.te', `define(`use_dhcpd')')
ifdef(`use_dhcpd', `
type dhcpd_port_t, port_type;
')
ifdef(`cyrus.te', `define(`use_pop')')
ifdef(`courier.te', `define(`use_pop')')
ifdef(`perdition.te', `define(`use_pop')')
ifdef(`dovecot.te', `define(`use_pop')')
ifdef(`uwimapd.te', `define(`use_pop')')
ifdef(`use_pop', `
type pop_port_t, port_type, reserved_port_type;
')
ifdef(`apache.te', `define(`use_http_cache')')
ifdef(`squid.te', `define(`use_http_cache')')
ifdef(`use_http_cache', `
type http_cache_port_t, port_type;
')
ifdef(`dhcpd.te', `define(`use_pxe')')
ifdef(`pxe.te', `define(`use_pxe')')
############################################
#
# Network types
#
#
# mail_port_t is for generic mail ports shared by different mail servers
#
type mail_port_t, port_type;
#
# Ports used to communicate with kerberos server
#
type kerberos_port_t, port_type, reserved_port_type;
type kerberos_admin_port_t, port_type, reserved_port_type;
type kerberos_master_port_t, port_type;
#
# port_t is the default type of INET port numbers.
# The *_port_t types are used for specific port
# numbers in net_contexts or net_contexts.mls.
#
type port_t, port_type;
# reserved_port_t is the default type for INET reserved ports
# that are not otherwise mapped to a specific port type.
type reserved_port_t, port_type;
#
# netif_t is the default type of network interfaces.
# The netif_*_t types are used for specific network
# interfaces in net_contexts or net_contexts.mls.
#
type netif_t, netif_type;
type netif_eth0_t, netif_type;
type netif_eth1_t, netif_type;
type netif_eth2_t, netif_type;
type netif_lo_t, netif_type;
type netif_ippp0_t, netif_type;
type netif_ipsec0_t, netif_type;
type netif_ipsec1_t, netif_type;
type netif_ipsec2_t, netif_type;
#
# node_t is the default type of network nodes.
# The node_*_t types are used for specific network
# nodes in net_contexts or net_contexts.mls.
#
type node_t, node_type;
type node_lo_t, node_type;
type node_internal_t, node_type;
type node_inaddr_any_t, node_type;
type node_unspec_t, node_type;
type node_link_local_t, node_type;
type node_site_local_t, node_type;
type node_multicast_t, node_type;
type node_mapped_ipv4_t, node_type;
type node_compat_ipv4_t, node_type;
# Kernel-generated traffic, e.g. ICMP replies.
allow kernel_t netif_type:netif { rawip_send rawip_recv };
allow kernel_t node_type:node { rawip_send rawip_recv };
# Kernel-generated traffic, e.g. TCP resets.
allow kernel_t netif_type:netif { tcp_send tcp_recv };
allow kernel_t node_type:node { tcp_send tcp_recv };
Reference in New Issue Copy Permalink