2005-04-20 19:07:16 +00:00
|
|
|
|
2010-05-24 19:32:01 +00:00
|
|
|
policy_module(corenetwork, 1.14.0)
|
2005-04-26 17:00:25 +00:00
|
|
|
|
2005-06-30 18:54:08 +00:00
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
2006-05-26 13:49:13 +00:00
|
|
|
attribute client_packet_type;
|
2005-04-14 20:18:17 +00:00
|
|
|
attribute netif_type;
|
|
|
|
attribute node_type;
|
2006-05-22 20:47:05 +00:00
|
|
|
attribute packet_type;
|
2005-04-14 20:18:17 +00:00
|
|
|
attribute port_type;
|
|
|
|
attribute reserved_port_type;
|
2006-05-03 19:58:01 +00:00
|
|
|
attribute rpc_port_type;
|
2006-05-26 13:49:13 +00:00
|
|
|
attribute server_packet_type;
|
2005-04-14 20:18:17 +00:00
|
|
|
|
2006-04-10 21:04:51 +00:00
|
|
|
attribute corenet_unconfined_type;
|
|
|
|
|
2005-04-29 20:22:04 +00:00
|
|
|
type ppp_device_t;
|
2005-06-13 17:35:46 +00:00
|
|
|
dev_node(ppp_device_t)
|
2005-04-29 20:22:04 +00:00
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
|
|
|
# tun_tap_device_t is the type of /dev/net/tun/* and /dev/net/tap/*
|
|
|
|
#
|
|
|
|
type tun_tap_device_t;
|
2005-06-13 17:35:46 +00:00
|
|
|
dev_node(tun_tap_device_t)
|
2005-04-14 20:18:17 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2006-05-24 21:28:49 +00:00
|
|
|
# Ports and packets
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
|
|
|
|
2006-05-24 21:28:49 +00:00
|
|
|
#
|
2006-05-29 15:04:49 +00:00
|
|
|
# client_packet_t is the default type of IPv4 and IPv6 client packets.
|
2006-05-24 21:28:49 +00:00
|
|
|
#
|
2006-05-29 15:04:49 +00:00
|
|
|
type client_packet_t, packet_type, client_packet_type;
|
2006-05-24 21:28:49 +00:00
|
|
|
|
2007-06-27 15:23:21 +00:00
|
|
|
#
|
|
|
|
# The netlabel_peer_t is used by the kernel's NetLabel subsystem for network
|
|
|
|
# connections using NetLabel which do not carry full SELinux contexts.
|
|
|
|
#
|
|
|
|
type netlabel_peer_t;
|
|
|
|
sid netmsg gen_context(system_u:object_r:netlabel_peer_t,mls_systemhigh)
|
|
|
|
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
|
|
|
# port_t is the default type of INET port numbers.
|
|
|
|
#
|
|
|
|
type port_t, port_type;
|
2005-10-06 19:33:06 +00:00
|
|
|
sid port gen_context(system_u:object_r:port_t,s0)
|
2005-04-14 20:18:17 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# reserved_port_t is the type of INET port numbers below 1024.
|
|
|
|
#
|
|
|
|
type reserved_port_t, port_type, reserved_port_type;
|
|
|
|
|
2007-10-29 18:35:32 +00:00
|
|
|
#
|
|
|
|
# hi_reserved_port_t is the type of INET port numbers between 600-1023.
|
|
|
|
#
|
|
|
|
type hi_reserved_port_t, port_type, reserved_port_type, rpc_port_type;
|
|
|
|
|
2006-05-29 15:04:49 +00:00
|
|
|
#
|
|
|
|
# server_packet_t is the default type of IPv4 and IPv6 server packets.
|
|
|
|
#
|
|
|
|
type server_packet_t, packet_type, server_packet_type;
|
|
|
|
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(afs_bos, udp,7007,s0)
|
|
|
|
network_port(afs_fs, tcp,2040,s0, udp,7000,s0, udp,7005,s0)
|
|
|
|
network_port(afs_ka, udp,7004,s0)
|
|
|
|
network_port(afs_pt, udp,7002,s0)
|
|
|
|
network_port(afs_vl, udp,7003,s0)
|
2009-05-14 14:41:50 +00:00
|
|
|
network_port(agentx, udp,705,s0, tcp,705,s0)
|
2010-04-13 15:55:04 +00:00
|
|
|
network_port(amanda, udp,10080-10082,s0, tcp,10080-10083,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(amavisd_recv, tcp,10024,s0)
|
|
|
|
network_port(amavisd_send, tcp,10025,s0)
|
2010-04-13 15:55:04 +00:00
|
|
|
network_port(aol, udp,5190-5193,s0, tcp,5190-5193,s0)
|
2007-05-15 15:43:00 +00:00
|
|
|
network_port(apcupsd, tcp,3551,s0, udp,3551,s0)
|
2009-12-18 15:37:52 +00:00
|
|
|
network_port(asterisk, tcp,1720,s0, udp,2427,s0, udp,2727,s0, udp,4569,s0)
|
2008-10-09 18:06:24 +00:00
|
|
|
network_port(audit, tcp,60,s0)
|
2005-09-12 21:40:56 +00:00
|
|
|
network_port(auth, tcp,113,s0)
|
2006-07-28 15:13:58 +00:00
|
|
|
network_port(bgp, tcp,179,s0, udp,179,s0, tcp,2605,s0, udp,2605,s0)
|
2005-10-24 14:15:29 +00:00
|
|
|
type biff_port_t, port_type, reserved_port_type; dnl network_port(biff) # no defined portcon in current strict
|
2009-05-06 14:26:20 +00:00
|
|
|
network_port(certmaster, tcp,51235,s0)
|
2010-02-16 19:53:59 +00:00
|
|
|
network_port(chronyd, udp,323,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(clamd, tcp,3310,s0)
|
|
|
|
network_port(clockspeed, udp,4041,s0)
|
2010-04-13 15:55:04 +00:00
|
|
|
network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006-50008,s0, udp,50006-50008,s0)
|
2010-01-05 15:26:14 +00:00
|
|
|
network_port(cobbler, tcp,25151,s0)
|
2005-10-24 03:21:26 +00:00
|
|
|
network_port(comsat, udp,512,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(cvs, tcp,2401,s0, udp,2401,s0)
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, tcp,6780-6799,s0, udp,32771,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(dbskkd, tcp,1178,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(dcc, udp,6276,s0, udp,6277,s0)
|
2009-07-27 14:18:50 +00:00
|
|
|
network_port(dccm, tcp,5679,s0, udp,5679,s0)
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(dhcpc, udp,68,s0, tcp,68,s0, udp,546,s0, tcp, 546,s0)
|
|
|
|
network_port(dhcpd, udp,67,s0, udp,547,s0, tcp, 547,s0, udp,548,s0, tcp, 548,s0, tcp,647,s0, udp,647,s0, tcp,847,s0, udp,847,s0, tcp,7911,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(dict, tcp,2628,s0)
|
2005-10-24 03:52:35 +00:00
|
|
|
network_port(distccd, tcp,3632,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(dns, udp,53,s0, tcp,53,s0)
|
2010-03-15 17:13:34 +00:00
|
|
|
network_port(epmap, tcp,135,s0, udp,135,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(fingerd, tcp,79,s0)
|
2010-02-11 13:42:00 +00:00
|
|
|
network_port(ftp, tcp,21,s0, tcp,990,s0, udp,990,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(ftp_data, tcp,20,s0)
|
2005-10-24 03:52:35 +00:00
|
|
|
network_port(gatekeeper, udp,1718,s0, udp,1719,s0, tcp,1721,s0, tcp,7000,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(giftd, tcp,1213,s0)
|
2010-01-08 15:36:49 +00:00
|
|
|
network_port(git, tcp,9418,s0, udp,9418,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(gopher, tcp,70,s0, udp,70,s0)
|
2009-06-02 14:28:40 +00:00
|
|
|
network_port(gpsd, tcp,2947,s0)
|
2009-09-01 12:32:37 +00:00
|
|
|
network_port(hddtemp, tcp,7634,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(howl, tcp,5335,s0, udp,5353,s0)
|
2007-10-29 18:35:32 +00:00
|
|
|
network_port(hplip, tcp,1782,s0, tcp,2207,s0, tcp,2208,s0, tcp, 8290,s0, tcp,50000,s0, tcp,50002,s0, tcp,8292,s0, tcp,9100,s0, tcp,9101,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(http, tcp,80,s0, tcp,443,s0, tcp,488,s0, tcp,8008,s0, tcp,8009,s0, tcp,8443,s0) #8443 is mod_nss default port
|
2010-03-08 12:59:56 +00:00
|
|
|
network_port(http_cache, tcp,3128,s0, udp,3130,s0, tcp,8080,s0, tcp,8118,s0, tcp,10001-10010,s0) # 8118 is for privoxy
|
2005-12-01 18:50:00 +00:00
|
|
|
network_port(i18n_input, tcp,9010,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(imaze, tcp,5323,s0, udp,5323,s0)
|
2007-10-29 18:35:32 +00:00
|
|
|
network_port(inetd_child, tcp,1,s0, udp,1,s0, tcp,7,s0, udp,7,s0, tcp,9,s0, udp,9,s0, tcp,13,s0, udp,13,s0, tcp,19,s0, udp,19,s0, tcp,37,s0, udp,37,s0, tcp,512,s0, tcp,543,s0, tcp,544,s0, tcp,891,s0, udp,891,s0, tcp,892,s0, udp,892,s0, tcp,2105,s0, tcp,5666,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(innd, tcp,119,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(ipmi, udp,623,s0, udp,664,s0)
|
2010-03-08 16:04:40 +00:00
|
|
|
network_port(ipp, tcp,631,s0, udp,631,s0, tcp,8610-8614,s0, udp,8610-8614,s0)
|
2007-10-29 18:35:32 +00:00
|
|
|
network_port(ipsecnat, tcp,4500,s0, udp,4500,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(ircd, tcp,6667,s0)
|
|
|
|
network_port(isakmp, udp,500,s0)
|
2006-10-31 21:01:48 +00:00
|
|
|
network_port(iscsi, tcp,3260,s0)
|
2008-08-11 14:03:36 +00:00
|
|
|
network_port(isns, tcp,3205,s0, udp,3205,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(jabber_client, tcp,5222,s0, tcp,5223,s0)
|
|
|
|
network_port(jabber_interserver, tcp,5269,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(kerberos, tcp,88,s0, udp,88,s0, tcp,750,s0, udp,750,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(kerberos_admin, tcp,464,s0, udp,464,s0, tcp,749,s0)
|
|
|
|
network_port(kerberos_master, tcp,4444,s0, udp,4444,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(kismet, tcp,2501,s0)
|
2009-03-23 14:56:43 +00:00
|
|
|
network_port(kprop, tcp,754,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(ktalkd, udp,517,s0, udp,518,s0)
|
2007-10-29 18:35:32 +00:00
|
|
|
network_port(ldap, tcp,389,s0, udp,389,s0, tcp,636,s0, udp,636,s0, tcp,3268,s0)
|
2010-04-20 14:33:27 +00:00
|
|
|
network_port(lirc, tcp,8765,s0)
|
2006-08-29 02:41:00 +00:00
|
|
|
network_port(lmtp, tcp,24,s0, udp,24,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
type lrrd_port_t, port_type; dnl network_port(lrrd_port_t) # no defined portcon
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(mail, tcp,2000,s0, tcp,3905,s0)
|
2008-10-09 14:01:53 +00:00
|
|
|
network_port(memcache, tcp,11211,s0, udp,11211,s0)
|
2007-09-17 14:33:40 +00:00
|
|
|
network_port(mmcc, tcp,5050,s0, udp,5050,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(monopd, tcp,1234,s0)
|
2007-10-29 18:35:32 +00:00
|
|
|
network_port(msnp, tcp,1863,s0, udp,1863,s0)
|
2010-04-05 14:57:52 +00:00
|
|
|
network_port(mssql, tcp,1433,s0, tcp,1434,s0, udp,1433,s0, udp,1434,s0)
|
2009-07-14 14:30:22 +00:00
|
|
|
network_port(munin, tcp,4949,s0, udp,4949,s0)
|
2010-04-13 15:55:04 +00:00
|
|
|
network_port(mysqld, tcp,1186,s0, tcp,3306,s0, tcp,63132-63163,s0)
|
2010-02-23 05:07:42 +00:00
|
|
|
network_port(mysqlmanagerd, tcp,2273,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(nessus, tcp,1241,s0)
|
2010-05-07 14:57:56 +00:00
|
|
|
network_port(netport, tcp,3129,s0, udp,3129,s0)
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(netsupport, tcp,5404,s0, udp,5404,s0, tcp,5405,s0, udp,5405,s0)
|
2007-04-11 17:56:03 +00:00
|
|
|
network_port(nmbd, udp,137,s0, udp,138,s0)
|
2010-04-08 14:28:53 +00:00
|
|
|
network_port(ntop, tcp,3000,s0, udp,3000,s0, tcp,3001,s0, udp,3001,s0)
|
2010-04-12 19:31:43 +00:00
|
|
|
network_port(ntp, udp,123,s0)
|
2006-12-04 20:10:56 +00:00
|
|
|
network_port(ocsp, tcp,9080,s0)
|
2007-02-16 23:01:42 +00:00
|
|
|
network_port(openvpn, tcp,1194,s0, udp,1194,s0)
|
2005-10-13 20:59:36 +00:00
|
|
|
network_port(pegasus_http, tcp,5988,s0)
|
|
|
|
network_port(pegasus_https, tcp,5989,s0)
|
2008-09-15 13:31:28 +00:00
|
|
|
network_port(pgpkeyserver, udp, 11371,s0, tcp,11371,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(pingd, tcp,9125,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(pop, tcp,106,s0, tcp,109,s0, tcp,110,s0, tcp,143,s0, tcp,220,s0, tcp,993,s0, tcp,995,s0, tcp,1109,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(portmap, udp,111,s0, tcp,111,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(postfix_policyd, tcp,10031,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(postgresql, tcp,5432,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(postgrey, tcp,60000,s0)
|
2009-05-06 14:26:20 +00:00
|
|
|
network_port(prelude, tcp,4690,s0, udp,4690,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(printer, tcp,515,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(ptal, tcp,5703,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(pulseaudio, tcp,4713,s0)
|
2009-11-09 22:54:00 +00:00
|
|
|
network_port(puppet, tcp, 8140, s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(pxe, udp,4011,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(pyzor, udp,24441,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(radacct, udp,1646,s0, udp,1813,s0)
|
|
|
|
network_port(radius, udp,1645,s0, udp,1812,s0)
|
2009-02-23 13:41:28 +00:00
|
|
|
network_port(radsec, tcp,2083,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(razor, tcp,2703,s0)
|
2006-11-16 20:56:24 +00:00
|
|
|
network_port(ricci, tcp,11111,s0, udp,11111,s0)
|
|
|
|
network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
|
2005-10-24 03:52:35 +00:00
|
|
|
network_port(rlogind, tcp,513,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(rndc, tcp,953,s0)
|
2008-09-03 14:46:10 +00:00
|
|
|
network_port(router, udp,520,s0, udp,521,s0, tcp,521,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(rsh, tcp,514,s0)
|
|
|
|
network_port(rsync, tcp,873,s0, udp,873,s0)
|
2007-04-30 17:39:01 +00:00
|
|
|
network_port(rwho, udp,513,s0)
|
2009-07-21 14:05:38 +00:00
|
|
|
network_port(sap, tcp,9875,s0, udp,9875,s0)
|
2010-05-03 19:14:50 +00:00
|
|
|
network_port(sieve, tcp,4190,s0)
|
2009-12-18 15:37:52 +00:00
|
|
|
network_port(sip, tcp,5060,s0, udp,5060,s0, tcp,5061,s0, udp,5061,s0)
|
2008-09-03 14:46:10 +00:00
|
|
|
network_port(smbd, tcp,137-139,s0, tcp,445,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0, tcp, 1161, s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
type socks_port_t, port_type; dnl network_port(socks) # no defined portcon
|
|
|
|
network_port(soundd, tcp,8000,s0, tcp,9433,s0, tcp, 16001, s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(spamd, tcp,783,s0)
|
2009-07-27 13:11:12 +00:00
|
|
|
network_port(speech, tcp,8036,s0)
|
2009-07-20 15:17:31 +00:00
|
|
|
network_port(squid, udp,3401,s0, tcp,3401,s0, udp,4827,s0, tcp,4827,s0) # snmp and htcp
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(ssh, tcp,22,s0)
|
2005-10-24 03:21:26 +00:00
|
|
|
type stunnel_port_t, port_type; dnl network_port(stunnel) # no defined portcon in current strict
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(swat, tcp,901,s0)
|
|
|
|
network_port(syslogd, udp,514,s0)
|
|
|
|
network_port(telnetd, tcp,23,s0)
|
|
|
|
network_port(tftp, udp,69,s0)
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(tor, tcp, 6969, s0, tcp,9001,s0, tcp,9030,s0, tcp,9050,s0, tcp,9051,s0)
|
2010-04-13 15:55:04 +00:00
|
|
|
network_port(traceroute, udp,64000-64010,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(transproxy, tcp,8081,s0)
|
2010-02-08 16:29:12 +00:00
|
|
|
network_port(ups, tcp,3493,s0)
|
2005-10-24 03:52:35 +00:00
|
|
|
type utcpserver_port_t, port_type; dnl network_port(utcpserver) # no defined portcon
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(uucpd, tcp,540,s0)
|
2009-06-30 17:48:15 +00:00
|
|
|
network_port(varnishd, tcp,6081,s0, tcp,6082,s0)
|
2010-02-09 15:28:17 +00:00
|
|
|
network_port(virt, tcp,16509,s0, udp,16509,s0, tcp,16514,s0, udp,16514,s0)
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(virt_migration, tcp,49152-49216,s0)
|
2005-05-20 20:23:25 +00:00
|
|
|
network_port(vnc, tcp,5900,s0)
|
2007-10-29 18:35:32 +00:00
|
|
|
network_port(wccp, udp,2048,s0)
|
2010-03-05 18:46:46 +00:00
|
|
|
network_port(whois, tcp,43,s0, udp,43,s0, tcp, 4321, s0 , udp, 4321, s0 )
|
2007-10-29 18:35:32 +00:00
|
|
|
network_port(xdmcp, udp,177,s0, tcp,177,s0)
|
2006-03-23 19:19:38 +00:00
|
|
|
network_port(xen, tcp,8002,s0)
|
2007-10-11 18:12:29 +00:00
|
|
|
network_port(xfs, tcp,7100,s0)
|
2010-04-13 15:55:04 +00:00
|
|
|
network_port(xserver, tcp,6000-6020,s0)
|
|
|
|
network_port(zebra, tcp,2600-2604,s0, tcp,2606,s0, udp,2600-2604,s0, udp,2606,s0)
|
2005-09-13 13:06:07 +00:00
|
|
|
network_port(zope, tcp,8021,s0)
|
2005-04-14 20:18:17 +00:00
|
|
|
|
|
|
|
# Defaults for reserved ports. Earlier portcon entries take precedence;
|
2005-09-26 20:24:44 +00:00
|
|
|
# these entries just cover any remaining reserved ports not otherwise declared.
|
2007-10-29 18:35:32 +00:00
|
|
|
|
|
|
|
portcon tcp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
|
|
|
|
portcon udp 600-1023 gen_context(system_u:object_r:hi_reserved_port_t, s0)
|
|
|
|
portcon tcp 1-599 gen_context(system_u:object_r:reserved_port_t, s0)
|
|
|
|
portcon udp 1-599 gen_context(system_u:object_r:reserved_port_t, s0)
|
2005-04-14 20:18:17 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Network nodes
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# node_t is the default type of network nodes.
|
|
|
|
# The node_*_t types are used for specific network
|
|
|
|
# nodes in net_contexts or net_contexts.mls.
|
|
|
|
#
|
|
|
|
type node_t, node_type;
|
2010-03-05 18:46:46 +00:00
|
|
|
typealias node_t alias { compat_ipv4_node_t lo_node_t link_local_node_t inaddr_any_node_t unspec_node_t };
|
2006-10-04 17:25:34 +00:00
|
|
|
sid node gen_context(system_u:object_r:node_t,s0 - mls_systemhigh)
|
2005-04-14 20:18:17 +00:00
|
|
|
|
2009-01-09 19:48:02 +00:00
|
|
|
# network_node examples:
|
|
|
|
#network_node(lo, s0 - mls_systemhigh, 127.0.0.1, 255.255.255.255)
|
|
|
|
#network_node(multicast, s0 - mls_systemhigh, ff00::, ff00::)
|
2005-04-14 20:18:17 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
2006-05-23 18:31:02 +00:00
|
|
|
# Network Interfaces
|
2005-04-14 20:18:17 +00:00
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# netif_t is the default type of network interfaces.
|
|
|
|
#
|
|
|
|
type netif_t, netif_type;
|
2006-10-04 17:25:34 +00:00
|
|
|
sid netif gen_context(system_u:object_r:netif_t,s0 - mls_systemhigh)
|
2005-04-14 20:18:17 +00:00
|
|
|
|
2006-09-29 17:37:57 +00:00
|
|
|
build_option(`enable_mls',`
|
2009-06-26 14:40:13 +00:00
|
|
|
network_interface(lo, lo, s0 - mls_systemhigh)
|
2007-02-16 23:01:42 +00:00
|
|
|
',`
|
2008-01-10 16:39:36 +00:00
|
|
|
typealias netif_t alias { lo_netif_t netif_lo_t };
|
2006-01-06 22:51:40 +00:00
|
|
|
')
|
2006-04-10 21:04:51 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Unconfined access to this module
|
|
|
|
#
|
|
|
|
|
|
|
|
allow corenet_unconfined_type node_type:node *;
|
|
|
|
allow corenet_unconfined_type netif_type:netif *;
|
2006-05-22 20:47:05 +00:00
|
|
|
allow corenet_unconfined_type packet_type:packet *;
|
2006-04-10 21:04:51 +00:00
|
|
|
allow corenet_unconfined_type port_type:tcp_socket { send_msg recv_msg name_connect };
|
|
|
|
allow corenet_unconfined_type port_type:udp_socket { send_msg recv_msg };
|
|
|
|
|
|
|
|
# Bind to any network address.
|
|
|
|
allow corenet_unconfined_type port_type:{ tcp_socket udp_socket } name_bind;
|
2006-10-31 21:01:48 +00:00
|
|
|
allow corenet_unconfined_type node_type:{ tcp_socket udp_socket rawip_socket } node_bind;
|