rpms/selinux-policy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

remove classes from gen_requires, and disable net_raw for now

Browse Source
This commit is contained in:
Chris PeBenito 2005-09-23 15:37:41 +00:00
parent 681c9a02e7
commit 0058418017
2 changed files with 13 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
refpolicy/policy/modules/kernel/corenetwork.if.in
View File

@ -15,7 +15,6 @@
interface(`corenet_tcp_sendrecv_generic_if',` interface(`corenet_tcp_sendrecv_generic_if',`
gen_require(` gen_require(`
type netif_t; type netif_t;
class netif { tcp_send tcp_recv };
') ')
allow $1 netif_t:netif { tcp_send tcp_recv }; allow $1 netif_t:netif { tcp_send tcp_recv };
@ -32,7 +31,6 @@ interface(`corenet_tcp_sendrecv_generic_if',`
interface(`corenet_udp_send_generic_if',` interface(`corenet_udp_send_generic_if',`
gen_require(` gen_require(`
type netif_t; type netif_t;
class netif udp_send;
') ')
allow $1 netif_t:netif udp_send; allow $1 netif_t:netif udp_send;
@ -49,7 +47,6 @@ interface(`corenet_udp_send_generic_if',`
interface(`corenet_udp_receive_generic_if',` interface(`corenet_udp_receive_generic_if',`
gen_require(` gen_require(`
type netif_t; type netif_t;
class netif udp_recv;
') ')
allow $1 netif_t:netif udp_recv; allow $1 netif_t:netif udp_recv;
@ -79,12 +76,13 @@ interface(`corenet_udp_sendrecv_generic_if',`
interface(`corenet_raw_send_generic_if',` interface(`corenet_raw_send_generic_if',`
gen_require(` gen_require(`
type netif_t; type netif_t;
class netif rawip_send;
class capability net_raw;
') ')
allow $1 netif_t:netif rawip_send; allow $1 netif_t:netif rawip_send;
allow $1 self:capability net_raw;
# cjp: comment out until raw access is
# is fixed for network users
#allow $1 self:capability net_raw;
') ')
######################################## ########################################
@ -98,7 +96,6 @@ interface(`corenet_raw_send_generic_if',`
interface(`corenet_raw_receive_generic_if',` interface(`corenet_raw_receive_generic_if',`
gen_require(` gen_require(`
type netif_t; type netif_t;
class netif rawip_recv;
') ')
allow $1 netif_t:netif rawip_recv; allow $1 netif_t:netif rawip_recv;
@ -128,7 +125,6 @@ interface(`corenet_raw_sendrecv_generic_if',`
interface(`corenet_tcp_sendrecv_all_if',` interface(`corenet_tcp_sendrecv_all_if',`
gen_require(` gen_require(`
attribute netif_type; attribute netif_type;
class netif { tcp_send tcp_recv };
') ')
allow $1 netif_type:netif { tcp_send tcp_recv }; allow $1 netif_type:netif { tcp_send tcp_recv };
@ -145,7 +141,6 @@ interface(`corenet_tcp_sendrecv_all_if',`
interface(`corenet_udp_send_all_if',` interface(`corenet_udp_send_all_if',`
gen_require(` gen_require(`
attribute netif_type; attribute netif_type;
class netif udp_send;
') ')
allow $1 netif_type:netif udp_send; allow $1 netif_type:netif udp_send;
@ -162,7 +157,6 @@ interface(`corenet_udp_send_all_if',`
interface(`corenet_udp_receive_all_if',` interface(`corenet_udp_receive_all_if',`
gen_require(` gen_require(`
attribute netif_type; attribute netif_type;
class netif udp_recv;
') ')
allow $1 netif_type:netif udp_recv; allow $1 netif_type:netif udp_recv;
@ -192,12 +186,13 @@ interface(`corenet_udp_sendrecv_all_if',`
interface(`corenet_raw_send_all_if',` interface(`corenet_raw_send_all_if',`
gen_require(` gen_require(`
attribute netif_type; attribute netif_type;
class netif rawip_send;
class capability net_raw;
') ')
allow $1 netif_type:netif rawip_send; allow $1 netif_type:netif rawip_send;
allow $1 self:capability net_raw;
# cjp: comment out until raw access is
# is fixed for network users
#allow $1 self:capability net_raw;
') ')
######################################## ########################################
@ -211,7 +206,6 @@ interface(`corenet_raw_send_all_if',`
interface(`corenet_raw_receive_all_if',` interface(`corenet_raw_receive_all_if',`
gen_require(` gen_require(`
attribute netif_type; attribute netif_type;
class netif rawip_recv;
') ')
allow $1 netif_type:netif rawip_recv; allow $1 netif_type:netif rawip_recv;
@ -241,7 +235,6 @@ interface(`corenet_raw_sendrecv_all_if',`
interface(`corenet_tcp_sendrecv_generic_node',` interface(`corenet_tcp_sendrecv_generic_node',`
gen_require(` gen_require(`
type node_t; type node_t;
class node { tcp_send tcp_recv };
') ')
allow $1 node_t:node { tcp_send tcp_recv }; allow $1 node_t:node { tcp_send tcp_recv };
@ -258,7 +251,6 @@ interface(`corenet_tcp_sendrecv_generic_node',`
interface(`corenet_udp_send_generic_node',` interface(`corenet_udp_send_generic_node',`
gen_require(` gen_require(`
type node_t; type node_t;
class node udp_send;
') ')
allow $1 node_t:node udp_send; allow $1 node_t:node udp_send;
@ -275,7 +267,6 @@ interface(`corenet_udp_send_generic_node',`
interface(`corenet_udp_receive_generic_node',` interface(`corenet_udp_receive_generic_node',`
gen_require(` gen_require(`
type node_t; type node_t;
class node udp_recv;
') ')
allow $1 node_t:node udp_recv; allow $1 node_t:node udp_recv;
@ -305,7 +296,6 @@ interface(`corenet_udp_sendrecv_generic_node',`
interface(`corenet_raw_send_generic_node',` interface(`corenet_raw_send_generic_node',`
gen_require(` gen_require(`
type node_t; type node_t;
class node rawip_send;
') ')
allow $1 node_t:node rawip_send; allow $1 node_t:node rawip_send;
@ -322,7 +312,6 @@ interface(`corenet_raw_send_generic_node',`
interface(`corenet_raw_receive_generic_node',` interface(`corenet_raw_receive_generic_node',`
gen_require(` gen_require(`
type node_t; type node_t;
class node rawip_recv;
') ')
allow $1 node_t:node rawip_recv; allow $1 node_t:node rawip_recv;
@ -352,7 +341,6 @@ interface(`corenet_raw_sendrecv_generic_node',`
interface(`corenet_tcp_bind_generic_node',` interface(`corenet_tcp_bind_generic_node',`
gen_require(` gen_require(`
type node_t; type node_t;
class tcp_socket node_bind;
') ')
allow $1 node_t:tcp_socket node_bind; allow $1 node_t:tcp_socket node_bind;
@ -369,7 +357,6 @@ interface(`corenet_tcp_bind_generic_node',`
interface(`corenet_udp_bind_generic_node',` interface(`corenet_udp_bind_generic_node',`
gen_require(` gen_require(`
type node_t; type node_t;
class udp_socket node_bind;
') ')
allow $1 node_t:udp_socket node_bind; allow $1 node_t:udp_socket node_bind;
@ -386,7 +373,6 @@ interface(`corenet_udp_bind_generic_node',`
interface(`corenet_tcp_sendrecv_all_nodes',` interface(`corenet_tcp_sendrecv_all_nodes',`
gen_require(` gen_require(`
attribute node_type; attribute node_type;
class node { tcp_send tcp_recv };
') ')
allow $1 node_type:node { tcp_send tcp_recv }; allow $1 node_type:node { tcp_send tcp_recv };
@ -403,7 +389,6 @@ interface(`corenet_tcp_sendrecv_all_nodes',`
interface(`corenet_udp_send_all_nodes',` interface(`corenet_udp_send_all_nodes',`
gen_require(` gen_require(`
attribute node_type; attribute node_type;
class node udp_send;
') ')
allow $1 node_type:node udp_send; allow $1 node_type:node udp_send;
@ -420,7 +405,6 @@ interface(`corenet_udp_send_all_nodes',`
interface(`corenet_udp_receive_all_nodes',` interface(`corenet_udp_receive_all_nodes',`
gen_require(` gen_require(`
attribute node_type; attribute node_type;
class node udp_recv;
') ')
allow $1 node_type:node udp_recv; allow $1 node_type:node udp_recv;
@ -450,7 +434,6 @@ interface(`corenet_udp_sendrecv_all_nodes',`
interface(`corenet_raw_send_all_nodes',` interface(`corenet_raw_send_all_nodes',`
gen_require(` gen_require(`
attribute node_type; attribute node_type;
class node rawip_send;
') ')
allow $1 node_type:node rawip_send; allow $1 node_type:node rawip_send;
@ -467,7 +450,6 @@ interface(`corenet_raw_send_all_nodes',`
interface(`corenet_raw_receive_all_nodes',` interface(`corenet_raw_receive_all_nodes',`
gen_require(` gen_require(`
attribute node_type; attribute node_type;
class node rawip_recv;
') ')
allow $1 node_type:node rawip_recv; allow $1 node_type:node rawip_recv;
@ -497,7 +479,6 @@ interface(`corenet_raw_sendrecv_all_nodes',`
interface(`corenet_tcp_bind_all_nodes',` interface(`corenet_tcp_bind_all_nodes',`
gen_require(` gen_require(`
attribute node_type; attribute node_type;
class tcp_socket node_bind;
') ')
allow $1 node_type:tcp_socket node_bind; allow $1 node_type:tcp_socket node_bind;
@ -514,7 +495,6 @@ interface(`corenet_tcp_bind_all_nodes',`
interface(`corenet_udp_bind_all_nodes',` interface(`corenet_udp_bind_all_nodes',`
gen_require(` gen_require(`
attribute node_type; attribute node_type;
class udp_socket node_bind;
') ')
allow $1 node_type:udp_socket node_bind; allow $1 node_type:udp_socket node_bind;
@ -531,7 +511,6 @@ interface(`corenet_udp_bind_all_nodes',`
interface(`corenet_tcp_sendrecv_generic_port',` interface(`corenet_tcp_sendrecv_generic_port',`
gen_require(` gen_require(`
type port_t; type port_t;
class tcp_socket { send_msg recv_msg };
') ')
allow $1 port_t:tcp_socket { send_msg recv_msg }; allow $1 port_t:tcp_socket { send_msg recv_msg };
@ -548,7 +527,6 @@ interface(`corenet_tcp_sendrecv_generic_port',`
interface(`corenet_udp_send_generic_port',` interface(`corenet_udp_send_generic_port',`
gen_require(` gen_require(`
type port_t; type port_t;
class udp_socket send_msg;
') ')
allow $1 port_t:udp_socket send_msg; allow $1 port_t:udp_socket send_msg;
@ -565,7 +543,6 @@ interface(`corenet_udp_send_generic_port',`
interface(`corenet_udp_receive_generic_port',` interface(`corenet_udp_receive_generic_port',`
gen_require(` gen_require(`
type port_t; type port_t;
class udp_socket recv_msg;
') ')
allow $1 port_t:udp_socket recv_msg; allow $1 port_t:udp_socket recv_msg;
@ -595,7 +572,6 @@ interface(`corenet_udp_sendrecv_generic_port',`
interface(`corenet_tcp_bind_generic_port',` interface(`corenet_tcp_bind_generic_port',`
gen_require(` gen_require(`
type port_t; type port_t;
class tcp_socket name_bind;
') ')
allow $1 port_t:tcp_socket name_bind; allow $1 port_t:tcp_socket name_bind;
@ -612,7 +588,6 @@ interface(`corenet_tcp_bind_generic_port',`
interface(`corenet_udp_bind_generic_port',` interface(`corenet_udp_bind_generic_port',`
gen_require(` gen_require(`
type port_t; type port_t;
class udp_socket name_bind;
') ')
allow $1 port_t:udp_socket name_bind; allow $1 port_t:udp_socket name_bind;
@ -629,7 +604,6 @@ interface(`corenet_udp_bind_generic_port',`
interface(`corenet_tcp_connect_generic_port',` interface(`corenet_tcp_connect_generic_port',`
gen_require(` gen_require(`
type port_t; type port_t;
class tcp_socket name_connect;
') ')
allow $1 port_t:tcp_socket name_connect; allow $1 port_t:tcp_socket name_connect;
@ -646,7 +620,6 @@ interface(`corenet_tcp_connect_generic_port',`
interface(`corenet_tcp_sendrecv_all_ports',` interface(`corenet_tcp_sendrecv_all_ports',`
gen_require(` gen_require(`
attribute port_type; attribute port_type;
class tcp_socket { send_msg recv_msg };
') ')
allow $1 port_type:tcp_socket { send_msg recv_msg }; allow $1 port_type:tcp_socket { send_msg recv_msg };
@ -663,7 +636,6 @@ interface(`corenet_tcp_sendrecv_all_ports',`
interface(`corenet_udp_send_all_ports',` interface(`corenet_udp_send_all_ports',`
gen_require(` gen_require(`
attribute port_type; attribute port_type;
class udp_socket send_msg;
') ')
allow $1 port_type:udp_socket send_msg; allow $1 port_type:udp_socket send_msg;
@ -680,7 +652,6 @@ interface(`corenet_udp_send_all_ports',`
interface(`corenet_udp_receive_all_ports',` interface(`corenet_udp_receive_all_ports',`
gen_require(` gen_require(`
attribute port_type; attribute port_type;
class udp_socket recv_msg;
') ')
allow $1 port_type:udp_socket recv_msg; allow $1 port_type:udp_socket recv_msg;
@ -710,7 +681,6 @@ interface(`corenet_udp_sendrecv_all_ports',`
interface(`corenet_tcp_bind_all_ports',` interface(`corenet_tcp_bind_all_ports',`
gen_require(` gen_require(`
attribute port_type; attribute port_type;
class tcp_socket name_bind;
') ')
allow $1 port_type:tcp_socket name_bind; allow $1 port_type:tcp_socket name_bind;
@ -727,7 +697,6 @@ interface(`corenet_tcp_bind_all_ports',`
interface(`corenet_udp_bind_all_ports',` interface(`corenet_udp_bind_all_ports',`
gen_require(` gen_require(`
attribute port_type; attribute port_type;
class udp_socket name_bind;
') ')
allow $1 port_type:udp_socket name_bind; allow $1 port_type:udp_socket name_bind;
@ -744,7 +713,6 @@ interface(`corenet_udp_bind_all_ports',`
interface(`corenet_tcp_connect_all_ports',` interface(`corenet_tcp_connect_all_ports',`
gen_require(` gen_require(`
attribute port_type; attribute port_type;
class tcp_socket name_connect;
') ')
allow $1 port_type:tcp_socket name_connect; allow $1 port_type:tcp_socket name_connect;
@ -761,7 +729,6 @@ interface(`corenet_tcp_connect_all_ports',`
interface(`corenet_tcp_sendrecv_reserved_port',` interface(`corenet_tcp_sendrecv_reserved_port',`
gen_require(` gen_require(`
type reserved_port_t; type reserved_port_t;
class tcp_socket { send_msg recv_msg };
') ')
allow $1 reserved_port_t:tcp_socket { send_msg recv_msg }; allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
@ -778,7 +745,6 @@ interface(`corenet_tcp_sendrecv_reserved_port',`
interface(`corenet_udp_send_reserved_port',` interface(`corenet_udp_send_reserved_port',`
gen_require(` gen_require(`
type reserved_port_t; type reserved_port_t;
class udp_socket send_msg;
') ')
allow $1 reserved_port_t:udp_socket send_msg; allow $1 reserved_port_t:udp_socket send_msg;
@ -795,7 +761,6 @@ interface(`corenet_udp_send_reserved_port',`
interface(`corenet_udp_receive_reserved_port',` interface(`corenet_udp_receive_reserved_port',`
gen_require(` gen_require(`
type reserved_port_t; type reserved_port_t;
class udp_socket recv_msg;
') ')
allow $1 reserved_port_t:udp_socket recv_msg; allow $1 reserved_port_t:udp_socket recv_msg;
@ -825,8 +790,6 @@ interface(`corenet_udp_sendrecv_reserved_port',`
interface(`corenet_tcp_bind_reserved_port',` interface(`corenet_tcp_bind_reserved_port',`
gen_require(` gen_require(`
type reserved_port_t; type reserved_port_t;
class tcp_socket name_bind;
class capability net_bind_service;
') ')
allow $1 reserved_port_t:tcp_socket name_bind; allow $1 reserved_port_t:tcp_socket name_bind;
@ -844,8 +807,6 @@ interface(`corenet_tcp_bind_reserved_port',`
interface(`corenet_udp_bind_reserved_port',` interface(`corenet_udp_bind_reserved_port',`
gen_require(` gen_require(`
type reserved_port_t; type reserved_port_t;
class udp_socket name_bind;
class capability net_bind_service;
') ')
allow $1 reserved_port_t:udp_socket name_bind; allow $1 reserved_port_t:udp_socket name_bind;
@ -863,7 +824,6 @@ interface(`corenet_udp_bind_reserved_port',`
interface(`corenet_tcp_connect_reserved_port',` interface(`corenet_tcp_connect_reserved_port',`
gen_require(` gen_require(`
type reserved_port_t; type reserved_port_t;
class tcp_socket name_connect;
') ')
allow $1 reserved_port_t:tcp_socket name_connect; allow $1 reserved_port_t:tcp_socket name_connect;
@ -880,7 +840,6 @@ interface(`corenet_tcp_connect_reserved_port',`
interface(`corenet_tcp_sendrecv_all_reserved_ports',` interface(`corenet_tcp_sendrecv_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class tcp_socket { send_msg recv_msg };
') ')
allow $1 reserved_port_type:tcp_socket { send_msg recv_msg }; allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
@ -897,7 +856,6 @@ interface(`corenet_tcp_sendrecv_all_reserved_ports',`
interface(`corenet_udp_send_all_reserved_ports',` interface(`corenet_udp_send_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class udp_socket send_msg;
') ')
allow $1 reserved_port_type:udp_socket send_msg; allow $1 reserved_port_type:udp_socket send_msg;
@ -914,7 +872,6 @@ interface(`corenet_udp_send_all_reserved_ports',`
interface(`corenet_udp_receive_all_reserved_ports',` interface(`corenet_udp_receive_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class udp_socket recv_msg;
') ')
allow $1 reserved_port_type:udp_socket recv_msg; allow $1 reserved_port_type:udp_socket recv_msg;
@ -944,8 +901,6 @@ interface(`corenet_udp_sendrecv_all_reserved_ports',`
interface(`corenet_tcp_bind_all_reserved_ports',` interface(`corenet_tcp_bind_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class tcp_socket name_bind;
class capability net_bind_service;
') ')
allow $1 reserved_port_type:tcp_socket name_bind; allow $1 reserved_port_type:tcp_socket name_bind;
@ -963,7 +918,6 @@ interface(`corenet_tcp_bind_all_reserved_ports',`
interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',` interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class tcp_socket name_bind;
') ')
dontaudit $1 reserved_port_type:tcp_socket name_bind; dontaudit $1 reserved_port_type:tcp_socket name_bind;
@ -980,8 +934,6 @@ interface(`corenet_dontaudit_tcp_bind_all_reserved_ports',`
interface(`corenet_udp_bind_all_reserved_ports',` interface(`corenet_udp_bind_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class udp_socket name_bind;
class self:capability net_bind_service;
') ')
allow $1 reserved_port_type:udp_socket name_bind; allow $1 reserved_port_type:udp_socket name_bind;
@ -999,7 +951,6 @@ interface(`corenet_udp_bind_all_reserved_ports',`
interface(`corenet_dontaudit_udp_bind_all_reserved_ports',` interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class udp_socket name_bind;
') ')
dontaudit $1 reserved_port_type:udp_socket name_bind; dontaudit $1 reserved_port_type:udp_socket name_bind;
@ -1017,7 +968,6 @@ interface(`corenet_dontaudit_udp_bind_all_reserved_ports',`
interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',` interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
gen_require(` gen_require(`
attribute reserved_port_type; attribute reserved_port_type;
class tcp_socket name_connect;
') ')
dontaudit $1 reserved_port_type:tcp_socket name_connect; dontaudit $1 reserved_port_type:tcp_socket name_connect;
@ -1034,7 +984,6 @@ interface(`corenet_dontaudit_tcp_connect_all_reserved_ports',`
interface(`corenet_use_tun_tap_device',` interface(`corenet_use_tun_tap_device',`
gen_require(` gen_require(`
type tun_tap_device_t; type tun_tap_device_t;
class chr_file { read write ioctl };
') ')
dev_list_all_dev_nodes($1) dev_list_all_dev_nodes($1)
@ -1052,9 +1001,6 @@ interface(`corenet_use_tun_tap_device',`
interface(`corenet_unconfined',` interface(`corenet_unconfined',`
gen_require(` gen_require(`
attribute node_type, netif_type, port_type; attribute node_type, netif_type, port_type;
class tcp_socket { send_msg recv_msg node_bind name_bind name_connect };
class udp_socket { send_msg recv_msg node_bind name_bind };
class rawip_socket node_bind;
') ')
allow $1 node_type:node *; allow $1 node_type:node *;

34
refpolicy/policy/modules/kernel/corenetwork.if.m4
View File

@ -17,7 +17,6 @@ define(`create_netif_interfaces',``
interface(`corenet_tcp_sendrecv_$1',` interface(`corenet_tcp_sendrecv_$1',`
gen_require(` gen_require(`
type $1_netif_t; type $1_netif_t;
class netif { tcp_send tcp_recv };
') ')
allow dollarsone $1_netif_t:netif { tcp_send tcp_recv }; allow dollarsone $1_netif_t:netif { tcp_send tcp_recv };
@ -35,7 +34,6 @@ interface(`corenet_tcp_sendrecv_$1',`
interface(`corenet_udp_send_$1',` interface(`corenet_udp_send_$1',`
gen_require(` gen_require(`
type $1_netif_t; type $1_netif_t;
class netif udp_send;
') ')
allow dollarsone $1_netif_t:netif udp_send; allow dollarsone $1_netif_t:netif udp_send;
@ -53,7 +51,6 @@ interface(`corenet_udp_send_$1',`
interface(`corenet_udp_receive_$1',` interface(`corenet_udp_receive_$1',`
gen_require(` gen_require(`
type $1_netif_t; type $1_netif_t;
class netif udp_recv;
') ')
allow dollarsone $1_netif_t:netif udp_recv; allow dollarsone $1_netif_t:netif udp_recv;
@ -85,12 +82,13 @@ interface(`corenet_udp_sendrecv_$1',`
interface(`corenet_raw_send_$1',` interface(`corenet_raw_send_$1',`
gen_require(` gen_require(`
type $1_netif_t; type $1_netif_t;
class netif rawip_send;
class capability net_raw;
') ')
allow dollarsone $1_netif_t:netif rawip_send; allow dollarsone $1_netif_t:netif rawip_send;
allow dollarsone self:capability net_raw;
# cjp: comment out until raw access is
# is fixed for network users
#allow dollarsone self:capability net_raw;
') ')
######################################## ########################################
@ -105,7 +103,6 @@ interface(`corenet_raw_send_$1',`
interface(`corenet_raw_receive_$1',` interface(`corenet_raw_receive_$1',`
gen_require(` gen_require(`
type $1_netif_t; type $1_netif_t;
class netif rawip_recv;
') ')
allow dollarsone $1_netif_t:netif rawip_recv; allow dollarsone $1_netif_t:netif rawip_recv;
@ -145,7 +142,6 @@ define(`create_node_interfaces',``
interface(`corenet_tcp_sendrecv_$1_node',` interface(`corenet_tcp_sendrecv_$1_node',`
gen_require(` gen_require(`
type $1_node_t; type $1_node_t;
class node { tcp_send tcp_recv };
') ')
allow dollarsone $1_node_t:node { tcp_send tcp_recv }; allow dollarsone $1_node_t:node { tcp_send tcp_recv };
@ -163,7 +159,6 @@ interface(`corenet_tcp_sendrecv_$1_node',`
interface(`corenet_udp_send_$1_node',` interface(`corenet_udp_send_$1_node',`
gen_require(` gen_require(`
type $1_node_t; type $1_node_t;
class node udp_send;
') ')
allow dollarsone $1_node_t:node udp_send; allow dollarsone $1_node_t:node udp_send;
@ -181,7 +176,6 @@ interface(`corenet_udp_send_$1_node',`
interface(`corenet_udp_receive_$1_node',` interface(`corenet_udp_receive_$1_node',`
gen_require(` gen_require(`
type $1_node_t; type $1_node_t;
class node udp_recv;
') ')
allow dollarsone $1_node_t:node udp_recv; allow dollarsone $1_node_t:node udp_recv;
@ -213,7 +207,6 @@ interface(`corenet_udp_sendrecv_$1_node',`
interface(`corenet_raw_send_$1_node',` interface(`corenet_raw_send_$1_node',`
gen_require(` gen_require(`
type $1_node_t; type $1_node_t;
class node rawip_send;
') ')
allow dollarsone $1_node_t:node rawip_send; allow dollarsone $1_node_t:node rawip_send;
@ -231,7 +224,6 @@ interface(`corenet_raw_send_$1_node',`
interface(`corenet_raw_receive_$1_node',` interface(`corenet_raw_receive_$1_node',`
gen_require(` gen_require(`
type $1_node_t; type $1_node_t;
class node rawip_recv;
') ')
allow dollarsone $1_node_t:node rawip_recv; allow dollarsone $1_node_t:node rawip_recv;
@ -263,7 +255,6 @@ interface(`corenet_raw_sendrecv_$1_node',`
interface(`corenet_tcp_bind_$1_node',` interface(`corenet_tcp_bind_$1_node',`
gen_require(` gen_require(`
type $1_node_t; type $1_node_t;
class tcp_socket node_bind;
') ')
allow dollarsone $1_node_t:tcp_socket node_bind; allow dollarsone $1_node_t:tcp_socket node_bind;
@ -281,7 +272,6 @@ interface(`corenet_tcp_bind_$1_node',`
interface(`corenet_udp_bind_$1_node',` interface(`corenet_udp_bind_$1_node',`
gen_require(` gen_require(`
type $1_node_t; type $1_node_t;
class udp_socket node_bind;
') ')
allow dollarsone $1_node_t:udp_socket node_bind; allow dollarsone $1_node_t:udp_socket node_bind;
@ -307,7 +297,6 @@ define(`create_port_interfaces',``
interface(`corenet_tcp_sendrecv_$1_port',` interface(`corenet_tcp_sendrecv_$1_port',`
gen_require(` gen_require(`
type $1_port_t; type $1_port_t;
class tcp_socket { send_msg recv_msg };
') ')
allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg }; allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg };
@ -325,7 +314,6 @@ interface(`corenet_tcp_sendrecv_$1_port',`
interface(`corenet_udp_send_$1_port',` interface(`corenet_udp_send_$1_port',`
gen_require(` gen_require(`
type $1_port_t; type $1_port_t;
class udp_socket send_msg;
') ')
allow dollarsone $1_port_t:udp_socket send_msg; allow dollarsone $1_port_t:udp_socket send_msg;
@ -343,7 +331,6 @@ interface(`corenet_udp_send_$1_port',`
interface(`corenet_udp_receive_$1_port',` interface(`corenet_udp_receive_$1_port',`
gen_require(` gen_require(`
type $1_port_t; type $1_port_t;
class udp_socket recv_msg;
') ')
allow dollarsone $1_port_t:udp_socket recv_msg; allow dollarsone $1_port_t:udp_socket recv_msg;
@ -375,8 +362,6 @@ interface(`corenet_udp_sendrecv_$1_port',`
interface(`corenet_tcp_bind_$1_port',` interface(`corenet_tcp_bind_$1_port',`
gen_require(` gen_require(`
type $1_port_t; type $1_port_t;
class tcp_socket name_bind;
$3
') ')
allow dollarsone $1_port_t:tcp_socket name_bind; allow dollarsone $1_port_t:tcp_socket name_bind;
@ -395,8 +380,6 @@ interface(`corenet_tcp_bind_$1_port',`
interface(`corenet_udp_bind_$1_port',` interface(`corenet_udp_bind_$1_port',`
gen_require(` gen_require(`
type $1_port_t; type $1_port_t;
class udp_socket name_bind;
$3
') ')
allow dollarsone $1_port_t:udp_socket name_bind; allow dollarsone $1_port_t:udp_socket name_bind;
@ -414,7 +397,6 @@ interface(`corenet_udp_bind_$1_port',`
interface(`corenet_tcp_connect_$1_port',` interface(`corenet_tcp_connect_$1_port',`
gen_require(` gen_require(`
type $1_port_t; type $1_port_t;
class tcp_socket name_connect;
') ')
allow dollarsone $1_port_t:tcp_socket name_connect; allow dollarsone $1_port_t:tcp_socket name_connect;
@ -442,12 +424,6 @@ ifelse($4,`',`',`determine_reserved_capability(shiftn(3,$*))')dnl end inner ifel
')dnl end outer ifelse ')dnl end outer ifelse
') dnl end determine reserved capability ') dnl end determine reserved capability
define(`determine_reserved_capability_depend',`dnl
ifelse(eval($2 < 1024),1,`class capability net_bind_service;',`dnl
ifelse($4,`',`',`determine_reserved_capability_depend(shiftn(3,$*))')dnl end inner ifelse
')dnl end outer ifelse
') dnl end determine reserved capability depend
define(`declare_ports',`dnl define(`declare_ports',`dnl
ifelse(eval($3 < 1024),1,`typeattribute $1 reserved_port_type;',`dnl') ifelse(eval($3 < 1024),1,`typeattribute $1 reserved_port_type;',`dnl')
portcon $2 $3 context_template(system_u:object_r:$1,$4) portcon $2 $3 context_template(system_u:object_r:$1,$4)
@ -458,5 +434,5 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
# network_port(port_name,protocol portnum mls_sensitivity [,protocol portnum mls_sensitivity[,...]]) # network_port(port_name,protocol portnum mls_sensitivity [,protocol portnum mls_sensitivity[,...]])
# #
define(`network_port',` define(`network_port',`
create_port_interfaces($1,determine_reserved_capability(shift($*)),determine_reserved_capability_depend(shift($*))) create_port_interfaces($1,determine_reserved_capability(shift($*)))
') ')