From 022f61c0e30c98bbf742336486712e251d9f1053 Mon Sep 17 00:00:00 2001 From: Chris PeBenito Date: Fri, 22 Jul 2005 15:38:01 +0000 Subject: [PATCH] add connect interface on ports to handle name_connect tcp perm --- .../policy/modules/kernel/corenetwork.if.m4 | 106 ++++++++++-------- 1 file changed, 62 insertions(+), 44 deletions(-) diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4 index 97710034..d6401ba6 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.if.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4 @@ -6,9 +6,9 @@ define(`create_netif_interfaces',`` ######################################## -## +## ## Send and receive TCP network traffic on the $1 interface. -## +## ## ## The type of the process performing this action. ## @@ -24,9 +24,9 @@ interface(`corenet_tcp_sendrecv_$1',` ') ######################################## -## +## ## Send UDP network traffic on the $1 interface. -## +## ## ## The type of the process performing this action. ## @@ -42,9 +42,9 @@ interface(`corenet_udp_send_$1',` ') ######################################## -## +## ## Receive UDP network traffic on the $1 interface. -## +## ## ## The type of the process performing this action. ## @@ -60,9 +60,9 @@ interface(`corenet_udp_receive_$1',` ') ######################################## -## +## ## Send and receive UDP network traffic on the $1 interface. -## +## ## ## The type of the process performing this action. ## @@ -74,9 +74,9 @@ interface(`corenet_udp_sendrecv_$1',` ') ######################################## -## +## ## Send raw IP packets on the $1 interface. -## +## ## ## The type of the process performing this action. ## @@ -94,9 +94,9 @@ interface(`corenet_raw_send_$1',` ') ######################################## -## +## ## Receive raw IP packets on the $1 interface. -## +## ## ## The type of the process performing this action. ## @@ -112,9 +112,9 @@ interface(`corenet_raw_receive_$1',` ') ######################################## -## +## ## Send and receive raw IP packets on the $1 interface. -## +## ## ## The type of the process performing this action. ## @@ -134,9 +134,9 @@ interface(`corenet_raw_sendrecv_$1',` define(`create_node_interfaces',`` ######################################## -## +## ## Send and receive TCP traffic on the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -152,9 +152,9 @@ interface(`corenet_tcp_sendrecv_$1_node',` ') ######################################## -## +## ## Send UDP traffic on the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -170,9 +170,9 @@ interface(`corenet_udp_send_$1_node',` ') ######################################## -## +## ## Receive UDP traffic on the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -188,9 +188,9 @@ interface(`corenet_udp_receive_$1_node',` ') ######################################## -## +## ## Send and receive UDP traffic on the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -202,9 +202,9 @@ interface(`corenet_udp_sendrecv_$1_node',` ') ######################################## -## +## ## Send raw IP packets on the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -220,9 +220,9 @@ interface(`corenet_raw_send_$1_node',` ') ######################################## -## +## ## Receive raw IP packets on the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -238,9 +238,9 @@ interface(`corenet_raw_receive_$1_node',` ') ######################################## -## +## ## Send and receive raw IP packets on the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -252,9 +252,9 @@ interface(`corenet_raw_sendrecv_$1_node',` ') ######################################## -## +## ## Bind TCP sockets to node $1. -## +## ## ## The type of the process performing this action. ## @@ -270,9 +270,9 @@ interface(`corenet_tcp_bind_$1_node',` ') ######################################## -## +## ## Bind UDP sockets to the $1 node. -## +## ## ## The type of the process performing this action. ## @@ -296,9 +296,9 @@ interface(`corenet_udp_bind_$1_node',` define(`create_port_interfaces',`` ######################################## -## +## ## Send and receive TCP traffic on the $1 port. -## +## ## ## The type of the process performing this action. ## @@ -314,9 +314,9 @@ interface(`corenet_tcp_sendrecv_$1_port',` ') ######################################## -## +## ## Send UDP traffic on the $1 port. -## +## ## ## The type of the process performing this action. ## @@ -332,9 +332,9 @@ interface(`corenet_udp_send_$1_port',` ') ######################################## -## +## ## Receive UDP traffic on the $1 port. -## +## ## ## The type of the process performing this action. ## @@ -350,9 +350,9 @@ interface(`corenet_udp_receive_$1_port',` ') ######################################## -## +## ## Send and receive UDP traffic on the $1 port. -## +## ## ## The type of the process performing this action. ## @@ -364,9 +364,9 @@ interface(`corenet_udp_sendrecv_$1_port',` ') ######################################## -## +## ## Bind TCP sockets to the $1 port. -## +## ## ## The type of the process performing this action. ## @@ -378,14 +378,15 @@ interface(`corenet_tcp_bind_$1_port',` class tcp_socket name_bind; $3 ') + allow dollarsone $1_port_t:tcp_socket name_bind; $2 ') ######################################## -## +## ## Bind UDP sockets to the $1 port. -## +## ## ## The type of the process performing this action. ## @@ -401,6 +402,23 @@ interface(`corenet_udp_bind_$1_port',` allow dollarsone $1_port_t:udp_socket name_bind; $2 ') + +######################################## +## +## Make a TCP connection to the $1 port. +## +## +## The type of the process performing this action. +## +# +interface(`corenet_tcp_connect_$1_port',` + gen_require(` + type $1_port_t; + class tcp_socket name_connect; + ') + + allow dollarsone $1_port_t:tcp_socket name_connect; +') '') dnl end create_port_interfaces #