remove classes from gen_requires, and disable net_raw for now
This commit is contained in:
Chris PeBenito
parent
681c9a02e7
commit
0058418017
|
|
@ -15,7 +15,6 @@
|
|||
interface(`corenet_tcp_sendrecv_generic_if',`
|
||||
gen_require(`
|
||||
type netif_t;
|
||||
class netif { tcp_send tcp_recv };
|
||||
')
|
||||
|
||||
allow $1 netif_t:netif { tcp_send tcp_recv };
|
||||
|
|
@ -32,7 +31,6 @@ interface(`corenet_tcp_sendrecv_generic_if',`
|
|||
interface(`corenet_udp_send_generic_if',`
|
||||
gen_require(`
|
||||
type netif_t;
|
||||
class netif udp_send;
|
||||
')
|
||||
|
||||
allow $1 netif_t:netif udp_send;
|
||||
|
|
@ -49,7 +47,6 @@ interface(`corenet_udp_send_generic_if',`
|
|||
interface(`corenet_udp_receive_generic_if',`
|
||||
gen_require(`
|
||||
type netif_t;
|
||||
class netif udp_recv;
|
||||
')
|
||||
|
||||
allow $1 netif_t:netif udp_recv;
|
||||
|
|
@ -79,12 +76,13 @@ interface(`corenet_udp_sendrecv_generic_if',`
|
|||
interface(`corenet_raw_send_generic_if',`
|
||||
gen_require(`
|
||||
type netif_t;
|
||||
class netif rawip_send;
|
||||
class capability net_raw;
|
||||
')
|
||||
|
||||
allow $1 netif_t:netif rawip_send;
|
||||
allow $1 self:capability net_raw;
|
||||
|
||||
# cjp: comment out until raw access is
|
||||
# is fixed for network users
|
||||
#allow $1 self:capability net_raw;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
|
@ -98,7 +96,6 @@ interface(`corenet_raw_send_generic_if',`
|
|||
interface(`corenet_raw_receive_generic_if',`
|
||||
gen_require(`
|
||||
type netif_t;
|
||||
class netif rawip_recv;
|
||||
')
|
||||
|
||||
allow $1 netif_t:netif rawip_recv;
|
||||
|
|
@ -128,7 +125,6 @@ interface(`corenet_raw_sendrecv_generic_if',`
|
|||
interface(`corenet_tcp_sendrecv_all_if',`
|
||||
gen_require(`
|
||||
attribute netif_type;
|
||||
class netif { tcp_send tcp_recv };
|
||||
')
|
||||
|
||||
allow $1 netif_type:netif { tcp_send tcp_recv };
|
||||
|
|
@ -145,7 +141,6 @@ interface(`corenet_tcp_sendrecv_all_if',`
|
|||
interface(`corenet_udp_send_all_if',`
|
||||
gen_require(`
|
||||
attribute netif_type;
|
||||
class netif udp_send;
|
||||
')
|
||||
|
||||
allow $1 netif_type:netif udp_send;
|
||||
|
|
@ -162,7 +157,6 @@ interface(`corenet_udp_send_all_if',`
|
|||
interface(`corenet_udp_receive_all_if',`
|
||||
gen_require(`
|
||||
attribute netif_type;
|
||||
class netif udp_recv;
|
||||
')
|
||||
|
||||
allow $1 netif_type:netif udp_recv;
|
||||
|
|
@ -192,12 +186,13 @@ interface(`corenet_udp_sendrecv_all_if',`
|
|||
interface(`corenet_raw_send_all_if',`
|
||||
gen_require(`
|
||||
attribute netif_type;
|
||||
class netif rawip_send;
|
||||
class capability net_raw;
|
||||
')
|
||||
|
||||
allow $1 netif_type:netif rawip_send;
|
||||
allow $1 self:capability net_raw;
|
||||
|
||||
# cjp: comment out until raw access is
|
||||
# is fixed for network users
|
||||
#allow $1 self:capability net_raw;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
|
@ -211,7 +206,6 @@ interface(`corenet_raw_send_all_if',`
|
|||
interface(`corenet_raw_receive_all_if',`
|
||||
gen_require(`
|
||||
attribute netif_type;
|
||||
class netif rawip_recv;
|
||||
')
|
||||
|
||||
allow $1 netif_type:netif rawip_recv;
|
||||
|
|
@ -241,7 +235,6 @@ interface(`corenet_raw_sendrecv_all_if',`
|
|||
interface(`corenet_tcp_sendrecv_generic_node',`
|
||||
gen_require(`
|
||||
type node_t;
|
||||
class node { tcp_send tcp_recv };
|
||||
')
|
||||
|
||||
allow $1 node_t:node { tcp_send tcp_recv };
|
||||
|
|
@ -258,7 +251,6 @@ interface(`corenet_tcp_sendrecv_generic_node',`
|
|||
interface(`corenet_udp_send_generic_node',`
|
||||
gen_require(`
|
||||
type node_t;
|
||||
class node udp_send;
|
||||
')
|
||||
|
||||
allow $1 node_t:node udp_send;
|
||||
|
|
@ -275,7 +267,6 @@ interface(`corenet_udp_send_generic_node',`
|
|||
interface(`corenet_udp_receive_generic_node',`
|
||||
gen_require(`
|
||||
type node_t;
|
||||
class node udp_recv;
|
||||
')
|
||||
|
||||
allow $1 node_t:node udp_recv;
|
||||
|
|
@ -305,7 +296,6 @@ interface(`corenet_udp_sendrecv_generic_node',`
|
|||
interface(`corenet_raw_send_generic_node',`
|
||||
gen_require(`
|
||||
type node_t;
|
||||
class node rawip_send;
|
||||
')
|
||||
|
||||
allow $1 node_t:node rawip_send;
|
||||
|
|
@ -322,7 +312,6 @@ interface(`corenet_raw_send_generic_node',`
|
|||
interface(`corenet_raw_receive_generic_node',`
|
||||
gen_require(`
|
||||
type node_t;
|
||||
class node rawip_recv;
|
||||
')
|
||||
|
||||
allow $1 node_t:node rawip_recv;
|
||||
|
|
@ -352,7 +341,6 @@ interface(`corenet_raw_sendrecv_generic_node',`
|
|||
interface(`corenet_tcp_bind_generic_node',`
|
||||
gen_require(`
|
||||
type node_t;
|
||||
class tcp_socket node_bind;
|
||||
')
|
||||
|
||||
allow $1 node_t:tcp_socket node_bind;
|
||||
|
|
@ -369,7 +357,6 @@ interface(`corenet_tcp_bind_generic_node',`
|
|||
interface(`corenet_udp_bind_generic_node',`
|
||||
gen_require(`
|
||||
type node_t;
|
||||
class udp_socket node_bind;
|
||||
')
|
||||
|
||||
allow $1 node_t:udp_socket node_bind;
|
||||
|
|
@ -386,7 +373,6 @@ interface(`corenet_udp_bind_generic_node',`
|
|||
interface(`corenet_tcp_sendrecv_all_nodes',`
|
||||
gen_require(`
|
||||
attribute node_type;
|
||||
class node { tcp_send tcp_recv };
|
||||
')
|
||||
|
||||
allow $1 node_type:node { tcp_send tcp_recv };
|
||||
|
|
@ -403,7 +389,6 @@ interface(`corenet_tcp_sendrecv_all_nodes',`
|
|||
interface(`corenet_udp_send_all_nodes',`
|
||||
gen_require(`
|
||||
attribute node_type;
|
||||
class node udp_send;
|
||||
')
|
||||
|
||||
allow $1 node_type:node udp_send;
|
||||
|
|
@ -420,7 +405,6 @@ interface(`corenet_udp_send_all_nodes',`
|
|||
interface(`corenet_udp_receive_all_nodes',`
|
||||
gen_require(`
|
||||
attribute node_type;
|
||||
class node udp_recv;
|
||||
')
|
||||
|
||||
allow $1 node_type:node udp_recv;
|
||||
|
|
@ -450,7 +434,6 @@ interface(`corenet_udp_sendrecv_all_nodes',`
|
|||
interface(`corenet_raw_send_all_nodes',`
|
||||
gen_require(`
|
||||
attribute node_type;
|
||||
class node rawip_send;
|
||||
')
|
||||
|
||||
allow $1 node_type:node rawip_send;
|
||||
|
|
@ -467,7 +450,6 @@ interface(`corenet_raw_send_all_nodes',`
|
|||
interface(`corenet_raw_receive_all_nodes',`
|
||||
gen_require(`
|
||||
attribute node_type;
|
||||
class node rawip_recv;
|
||||
')
|
||||
|
||||
allow $1 node_type:node rawip_recv;
|
||||
|
|
@ -497,7 +479,6 @@ interface(`corenet_raw_sendrecv_all_nodes',`
|
|||
interface(`corenet_tcp_bind_all_nodes',`
|
||||
gen_require(`
|
||||
attribute node_type;
|
||||
class tcp_socket node_bind;
|
||||
')
|
||||
|
||||
allow $1 node_type:tcp_socket node_bind;
|
||||
|
|
@ -514,7 +495,6 @@ interface(`corenet_tcp_bind_all_nodes',`
|
|||
interface(`corenet_udp_bind_all_nodes',`
|
||||
gen_require(`
|
||||
attribute node_type;
|
||||
class udp_socket node_bind;
|
||||
')
|
||||
|
||||
allow $1 node_type:udp_socket node_bind;
|
||||
|
|
@ -531,7 +511,6 @@ interface(`corenet_udp_bind_all_nodes',`
|
|||
interface(`corenet_tcp_sendrecv_generic_port',`
|
||||
gen_require(`
|
||||
type port_t;
|
||||
class tcp_socket { send_msg recv_msg };
|
||||
')
|
||||
|
||||
allow $1 port_t:tcp_socket { send_msg recv_msg };
|
||||
|
|
@ -548,7 +527,6 @@ interface(`corenet_tcp_sendrecv_generic_port',`
|
|||
interface(`corenet_udp_send_generic_port',`
|
||||
gen_require(`
|
||||
type port_t;
|
||||
class udp_socket send_msg;
|
||||
')
|
||||
|
||||
allow $1 port_t:udp_socket send_msg;
|
||||
|
|
@ -565,7 +543,6 @@ interface(`corenet_udp_send_generic_port',`
|
|||
interface(`corenet_udp_receive_generic_port',`
|
||||
gen_require(`
|
||||
type port_t;
|
||||
class udp_socket recv_msg;
|
||||
')
|
||||
|
||||
allow $1 port_t:udp_socket recv_msg;
|
||||
|
|
@ -595,7 +572,6 @@ interface(`corenet_udp_sendrecv_generic_port',`
|
|||
interface(`corenet_tcp_bind_generic_port',`
|
||||
gen_require(`
|
||||
type port_t;
|
||||
class tcp_socket name_bind;
|
||||
')
|
||||
|
||||
allow $1 port_t:tcp_socket name_bind;
|
||||
|
|
@ -612,7 +588,6 @@ interface(`corenet_tcp_bind_generic_port',`
|
|||
interface(`corenet_udp_bind_generic_port',`
|
||||
gen_require(`
|
||||
type port_t;
|
||||
class udp_socket name_bind;
|
||||
')
|
||||
|
||||
allow $1 port_t:udp_socket name_bind;
|
||||
|
|
@ -629,7 +604,6 @@ interface(`corenet_udp_bind_generic_port',`
|
|||
interface(`corenet_tcp_connect_generic_port',`
|
||||
gen_require(`
|
||||
type port_t;
|
||||
class tcp_socket name_connect;
|
||||
')
|
||||
|
||||
allow $1 port_t:tcp_socket name_connect;
|
||||
|
|
@ -646,7 +620,6 @@ interface(`corenet_tcp_connect_generic_port',`
|
|||
interface(`corenet_tcp_sendrecv_all_ports',`
|
||||
gen_require(`
|
||||
attribute port_type;
|
||||
class tcp_socket { send_msg recv_msg };
|
||||
')
|
||||
|
||||
allow $1 port_type:tcp_socket { send_msg recv_msg };
|
||||
|
|
@ -663,7 +636,6 @@ interface(`corenet_tcp_sendrecv_all_ports',`
|
|||
interface(`corenet_udp_send_all_ports',`
|
||||
gen_require(`
|
||||
attribute port_type;
|
||||
class udp_socket send_msg;
|
||||
')
|
||||
|
||||
allow $1 port_type:udp_socket send_msg;
|
||||
|
|
@ -680,7 +652,6 @@ interface(`corenet_udp_send_all_ports',`
|
|||
interface(`corenet_udp_receive_all_ports',`
|
||||
gen_require(`
|
||||
attribute port_type;
|
||||
class udp_socket recv_msg;
|
||||
')
|
||||
|
||||
allow $1 port_type:udp_socket recv_msg;
|
||||
|
|
@ -710,7 +681,6 @@ interface(`corenet_udp_sendrecv_all_ports',`
|
|||
interface(`corenet_tcp_bind_all_ports',`
|
||||
gen_require(`
|
||||
attribute port_type;
|
||||
class tcp_socket name_bind;
|
||||
')
|
||||
|
||||
allow $1 port_type:tcp_socket name_bind;
|
||||
|
|
@ -727,7 +697,6 @@ interface(`corenet_tcp_bind_all_ports',`
|
|||
interface(`corenet_udp_bind_all_ports',`
|
||||
gen_require(`
|
||||
attribute port_type;
|
||||
class udp_socket name_bind;
|
||||
')
|
||||
|
||||
allow $1 port_type:udp_socket name_bind;
|
||||
|
|
@ -744,7 +713,6 @@ interface(`corenet_udp_bind_all_ports',`
|
|||
interface(`corenet_tcp_connect_all_ports',`
|
||||
gen_require(`
|
||||
attribute port_type;
|
||||
class tcp_socket name_connect;
|
||||
')
|
||||
|
||||
allow $1 port_type:tcp_socket name_connect;
|
||||
|
|
@ -761,7 +729,6 @@ interface(`corenet_tcp_connect_all_ports',`
|
|||
interface(`corenet_tcp_sendrecv_reserved_port',`
|
||||
gen_require(`
|
||||
type reserved_port_t;
|
||||
class tcp_socket { send_msg recv_msg };
|
||||
')
|
||||
|
||||
allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
|
||||
|
|
@ -778,7 +745,6 @@ interface(`corenet_tcp_sendrecv_reserved_port',`
|
|||
interface(`corenet_udp_send_reserved_port',`
|
||||
gen_require(`
|
||||
type reserved_port_t;
|
||||
class udp_socket send_msg;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_t:udp_socket send_msg;
|
||||
|
|
@ -795,7 +761,6 @@ interface(`corenet_udp_send_reserved_port',`
|
|||
interface(`corenet_udp_receive_reserved_port',`
|
||||
gen_require(`
|
||||
type reserved_port_t;
|
||||
class udp_socket recv_msg;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_t:udp_socket recv_msg;
|
||||
|
|
@ -825,8 +790,6 @@ interface(`corenet_udp_sendrecv_reserved_port',`
|
|||
interface(`corenet_tcp_bind_reserved_port',`
|
||||
gen_require(`
|
||||
type reserved_port_t;
|
||||
class tcp_socket name_bind;
|
||||
class capability net_bind_service;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_t:tcp_socket name_bind;
|
||||
|
|
@ -844,8 +807,6 @@ interface(`corenet_tcp_bind_reserved_port',`
|
|||
interface(`corenet_udp_bind_reserved_port',`
|
||||
gen_require(`
|
||||
type reserved_port_t;
|
||||
class udp_socket name_bind;
|
||||
class capability net_bind_service;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_t:udp_socket name_bind;
|
||||
|
|
@ -863,7 +824,6 @@ interface(`corenet_udp_bind_reserved_port',`
|
|||
interface(`corenet_tcp_connect_reserved_port',`
|
||||
gen_require(`
|
||||
type reserved_port_t;
|
||||
class tcp_socket name_connect;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_t:tcp_socket name_connect;
|
||||
|
|
@ -880,7 +840,6 @@ interface(`corenet_tcp_connect_reserved_port',`
|
|||
interface(`corenet_tcp_sendrecv_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class tcp_socket { send_msg recv_msg };
|
||||
')
|
||||
|
||||
allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
|
||||
|
|
@ -897,7 +856,6 @@ interface(`corenet_tcp_sendrecv_all_reserved_ports',`
|
|||
interface(`corenet_udp_send_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class udp_socket send_msg;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_type:udp_socket send_msg;
|
||||
|
|
@ -914,7 +872,6 @@ interface(`corenet_udp_send_all_reserved_ports',`
|
|||
interface(`corenet_udp_receive_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class udp_socket recv_msg;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_type:udp_socket recv_msg;
|
||||
|
|
@ -944,8 +901,6 @@ interface(`corenet_udp_sendrecv_all_reserved_ports',`
|
|||
interface(`corenet_tcp_bind_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class tcp_socket name_bind;
|
||||
class capability net_bind_service;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_type:tcp_socket name_bind;
|
||||
|
|
@ -963,7 +918,6 @@ interface(`corenet_tcp_bind_all_reserved_ports',`
|
|||
interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class tcp_socket name_bind;
|
||||
')
|
||||
|
||||
dontaudit $1 reserved_port_type:tcp_socket name_bind;
|
||||
|
|
@ -980,8 +934,6 @@ interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
|
|||
interface(`corenet_udp_bind_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class udp_socket name_bind;
|
||||
class self:capability net_bind_service;
|
||||
')
|
||||
|
||||
allow $1 reserved_port_type:udp_socket name_bind;
|
||||
|
|
@ -999,7 +951,6 @@ interface(`corenet_udp_bind_all_reserved_ports',`
|
|||
interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class udp_socket name_bind;
|
||||
')
|
||||
|
||||
dontaudit $1 reserved_port_type:udp_socket name_bind;
|
||||
|
|
@ -1017,7 +968,6 @@ interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
|
|||
interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
|
||||
gen_require(`
|
||||
attribute reserved_port_type;
|
||||
class tcp_socket name_connect;
|
||||
')
|
||||
|
||||
dontaudit $1 reserved_port_type:tcp_socket name_connect;
|
||||
|
|
@ -1034,7 +984,6 @@ interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
|
|||
interface(`corenet_use_tun_tap_device',`
|
||||
gen_require(`
|
||||
type tun_tap_device_t;
|
||||
class chr_file { read write ioctl };
|
||||
')
|
||||
|
||||
dev_list_all_dev_nodes($1)
|
||||
|
|
@ -1052,9 +1001,6 @@ interface(`corenet_use_tun_tap_device',`
|
|||
interface(`corenet_unconfined',`
|
||||
gen_require(`
|
||||
attribute node_type, netif_type, port_type;
|
||||
class tcp_socket { send_msg recv_msg node_bind name_bind name_connect };
|
||||
class udp_socket { send_msg recv_msg node_bind name_bind };
|
||||
class rawip_socket node_bind;
|
||||
')
|
||||
|
||||
allow $1 node_type:node *;
|
||||
|
|
|
|||
|
|
@ -17,7 +17,6 @@ define(`create_netif_interfaces',``
|
|||
interface(`corenet_tcp_sendrecv_$1',`
|
||||
gen_require(`
|
||||
type $1_netif_t;
|
||||
class netif { tcp_send tcp_recv };
|
||||
')
|
||||
|
||||
allow dollarsone $1_netif_t:netif { tcp_send tcp_recv };
|
||||
|
|
@ -35,7 +34,6 @@ interface(`corenet_tcp_sendrecv_$1',`
|
|||
interface(`corenet_udp_send_$1',`
|
||||
gen_require(`
|
||||
type $1_netif_t;
|
||||
class netif udp_send;
|
||||
')
|
||||
|
||||
allow dollarsone $1_netif_t:netif udp_send;
|
||||
|
|
@ -53,7 +51,6 @@ interface(`corenet_udp_send_$1',`
|
|||
interface(`corenet_udp_receive_$1',`
|
||||
gen_require(`
|
||||
type $1_netif_t;
|
||||
class netif udp_recv;
|
||||
')
|
||||
|
||||
allow dollarsone $1_netif_t:netif udp_recv;
|
||||
|
|
@ -85,12 +82,13 @@ interface(`corenet_udp_sendrecv_$1',`
|
|||
interface(`corenet_raw_send_$1',`
|
||||
gen_require(`
|
||||
type $1_netif_t;
|
||||
class netif rawip_send;
|
||||
class capability net_raw;
|
||||
')
|
||||
|
||||
allow dollarsone $1_netif_t:netif rawip_send;
|
||||
allow dollarsone self:capability net_raw;
|
||||
|
||||
# cjp: comment out until raw access is
|
||||
# is fixed for network users
|
||||
#allow dollarsone self:capability net_raw;
|
||||
')
|
||||
|
||||
########################################
|
||||
|
|
@ -105,7 +103,6 @@ interface(`corenet_raw_send_$1',`
|
|||
interface(`corenet_raw_receive_$1',`
|
||||
gen_require(`
|
||||
type $1_netif_t;
|
||||
class netif rawip_recv;
|
||||
')
|
||||
|
||||
allow dollarsone $1_netif_t:netif rawip_recv;
|
||||
|
|
@ -145,7 +142,6 @@ define(`create_node_interfaces',``
|
|||
interface(`corenet_tcp_sendrecv_$1_node',`
|
||||
gen_require(`
|
||||
type $1_node_t;
|
||||
class node { tcp_send tcp_recv };
|
||||
')
|
||||
|
||||
allow dollarsone $1_node_t:node { tcp_send tcp_recv };
|
||||
|
|
@ -163,7 +159,6 @@ interface(`corenet_tcp_sendrecv_$1_node',`
|
|||
interface(`corenet_udp_send_$1_node',`
|
||||
gen_require(`
|
||||
type $1_node_t;
|
||||
class node udp_send;
|
||||
')
|
||||
|
||||
allow dollarsone $1_node_t:node udp_send;
|
||||
|
|
@ -181,7 +176,6 @@ interface(`corenet_udp_send_$1_node',`
|
|||
interface(`corenet_udp_receive_$1_node',`
|
||||
gen_require(`
|
||||
type $1_node_t;
|
||||
class node udp_recv;
|
||||
')
|
||||
|
||||
allow dollarsone $1_node_t:node udp_recv;
|
||||
|
|
@ -213,7 +207,6 @@ interface(`corenet_udp_sendrecv_$1_node',`
|
|||
interface(`corenet_raw_send_$1_node',`
|
||||
gen_require(`
|
||||
type $1_node_t;
|
||||
class node rawip_send;
|
||||
')
|
||||
|
||||
allow dollarsone $1_node_t:node rawip_send;
|
||||
|
|
@ -231,7 +224,6 @@ interface(`corenet_raw_send_$1_node',`
|
|||
interface(`corenet_raw_receive_$1_node',`
|
||||
gen_require(`
|
||||
type $1_node_t;
|
||||
class node rawip_recv;
|
||||
')
|
||||
|
||||
allow dollarsone $1_node_t:node rawip_recv;
|
||||
|
|
@ -263,7 +255,6 @@ interface(`corenet_raw_sendrecv_$1_node',`
|
|||
interface(`corenet_tcp_bind_$1_node',`
|
||||
gen_require(`
|
||||
type $1_node_t;
|
||||
class tcp_socket node_bind;
|
||||
')
|
||||
|
||||
allow dollarsone $1_node_t:tcp_socket node_bind;
|
||||
|
|
@ -281,7 +272,6 @@ interface(`corenet_tcp_bind_$1_node',`
|
|||
interface(`corenet_udp_bind_$1_node',`
|
||||
gen_require(`
|
||||
type $1_node_t;
|
||||
class udp_socket node_bind;
|
||||
')
|
||||
|
||||
allow dollarsone $1_node_t:udp_socket node_bind;
|
||||
|
|
@ -307,7 +297,6 @@ define(`create_port_interfaces',``
|
|||
interface(`corenet_tcp_sendrecv_$1_port',`
|
||||
gen_require(`
|
||||
type $1_port_t;
|
||||
class tcp_socket { send_msg recv_msg };
|
||||
')
|
||||
|
||||
allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg };
|
||||
|
|
@ -325,7 +314,6 @@ interface(`corenet_tcp_sendrecv_$1_port',`
|
|||
interface(`corenet_udp_send_$1_port',`
|
||||
gen_require(`
|
||||
type $1_port_t;
|
||||
class udp_socket send_msg;
|
||||
')
|
||||
|
||||
allow dollarsone $1_port_t:udp_socket send_msg;
|
||||
|
|
@ -343,7 +331,6 @@ interface(`corenet_udp_send_$1_port',`
|
|||
interface(`corenet_udp_receive_$1_port',`
|
||||
gen_require(`
|
||||
type $1_port_t;
|
||||
class udp_socket recv_msg;
|
||||
')
|
||||
|
||||
allow dollarsone $1_port_t:udp_socket recv_msg;
|
||||
|
|
@ -375,8 +362,6 @@ interface(`corenet_udp_sendrecv_$1_port',`
|
|||
interface(`corenet_tcp_bind_$1_port',`
|
||||
gen_require(`
|
||||
type $1_port_t;
|
||||
class tcp_socket name_bind;
|
||||
$3
|
||||
')
|
||||
|
||||
allow dollarsone $1_port_t:tcp_socket name_bind;
|
||||
|
|
@ -395,8 +380,6 @@ interface(`corenet_tcp_bind_$1_port',`
|
|||
interface(`corenet_udp_bind_$1_port',`
|
||||
gen_require(`
|
||||
type $1_port_t;
|
||||
class udp_socket name_bind;
|
||||
$3
|
||||
')
|
||||
|
||||
allow dollarsone $1_port_t:udp_socket name_bind;
|
||||
|
|
@ -414,7 +397,6 @@ interface(`corenet_udp_bind_$1_port',`
|
|||
interface(`corenet_tcp_connect_$1_port',`
|
||||
gen_require(`
|
||||
type $1_port_t;
|
||||
class tcp_socket name_connect;
|
||||
')
|
||||
|
||||
allow dollarsone $1_port_t:tcp_socket name_connect;
|
||||
|
|
@ -442,12 +424,6 @@ ifelse($4,`',`',`determine_reserved_capability(shiftn(3,$*))')dnl end inner ifel
|
|||
')dnl end outer ifelse
|
||||
') dnl end determine reserved capability
|
||||
|
||||
define(`determine_reserved_capability_depend',`dnl
|
||||
ifelse(eval($2 < 1024),1,`class capability net_bind_service;',`dnl
|
||||
ifelse($4,`',`',`determine_reserved_capability_depend(shiftn(3,$*))')dnl end inner ifelse
|
||||
')dnl end outer ifelse
|
||||
') dnl end determine reserved capability depend
|
||||
|
||||
define(`declare_ports',`dnl
|
||||
ifelse(eval($3 < 1024),1,`typeattribute $1 reserved_port_type;',`dnl')
|
||||
portcon $2 $3 context_template(system_u:object_r:$1,$4)
|
||||
|
|
@ -458,5 +434,5 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
|
|||
# network_port(port_name,protocol portnum mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
|
||||
#
|
||||
define(`network_port',`
|
||||
create_port_interfaces($1,determine_reserved_capability(shift($*)),determine_reserved_capability_depend(shift($*)))
|
||||
create_port_interfaces($1,determine_reserved_capability(shift($*)))
|
||||
')
|
||||
|
|
|
|||
Loading…
Reference in New Issue