complete corenetwork
This commit is contained in:
parent
1f7b37c585
commit
0e730cc8e1
@ -156,7 +156,7 @@ tmp/generated_definitions.conf: $(ALL_MODULES) $(ALL_TE_FILES) $(BASE_MODULE)/co
|
||||
$(QUIET) for i in $(notdir $(ALL_TE_FILES)); do \
|
||||
echo "define(\`$$i')" >> $@ ;\
|
||||
done
|
||||
$(QUIET) m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te \
|
||||
$(QUIET) m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/global.if $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te \
|
||||
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarstwo/\$$2/g' >> $@
|
||||
|
||||
tmp/all_interfaces.conf: $(ALL_INTERFACES)
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -26,12 +26,12 @@ allow kernel_t unlabeled_t:dir mounton;
|
||||
#can_exec(kernel_t, bin_t.sys)
|
||||
|
||||
# Kernel-generated traffic, e.g. ICMP replies.
|
||||
corenetwork_send_raw_on_all_interfaces(kernel_t)
|
||||
corenetwork_receive_raw_on_all_interfaces(kernel_t)
|
||||
corenetwork_network_raw_on_all_interfaces(kernel_t)
|
||||
corenetwork_network_raw_on_all_nodes(kernel_t)
|
||||
|
||||
# Kernel-generated traffic, e.g. TCP resets.
|
||||
corenetwork_send_tcp_on_all_interfaces(kernel_t)
|
||||
corenetwork_receive_tcp_on_all_interfaces(kernel_t)
|
||||
corenetwork_network_tcp_on_all_interfaces(kernel_t)
|
||||
corenetwork_network_tcp_on_all_nodes(kernel_t)
|
||||
|
||||
########################################
|
||||
#
|
||||
|
@ -187,24 +187,16 @@ filesystem_unmount_all_filesystems(initrc_t)
|
||||
# can_network(initrc_t):
|
||||
allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
|
||||
allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
|
||||
corenetwork_send_tcp_on_all_interfaces(initrc_t)
|
||||
corenetwork_send_raw_on_all_interfaces(initrc_t)
|
||||
corenetwork_send_udp_on_all_interfaces(initrc_t)
|
||||
#corenetwork_send_tcp_on_all_nodes(initrc_t)
|
||||
#corenetwork_send_raw_on_all_nodes(initrc_t)
|
||||
#corenetwork_send_udp_on_all_nodes(initrc_t)
|
||||
#corenetwork_send_tcp_on_all_ports(initrc_t)
|
||||
#corenetwork_send_udp_on_all_ports(initrc_t)
|
||||
corenetwork_receive_tcp_on_all_interfaces(initrc_t)
|
||||
corenetwork_receive_raw_on_all_interfaces(initrc_t)
|
||||
corenetwork_receive_udp_on_all_interfaces(initrc_t)
|
||||
#corenetwork_receive_tcp_on_all_nodes(initrc_t)
|
||||
#corenetwork_receive_raw_on_all_nodes(initrc_t)
|
||||
#corenetwork_receive_udp_on_all_nodes(initrc_t)
|
||||
#corenetwork_receive_tcp_on_all_ports(initrc_t)
|
||||
#corenetwork_receive_udp_on_all_ports(initrc_t)
|
||||
#corenetwork_bind_tcp_on_all_nodes(initrc_t)
|
||||
#corenetwork_bind_udp_on_all_nodes(initrc_t)
|
||||
corenetwork_network_tcp_on_all_interfaces(initrc_t)
|
||||
corenetwork_network_raw_on_all_interfaces(initrc_t)
|
||||
corenetwork_network_udp_on_all_interfaces(initrc_t)
|
||||
corenetwork_network_tcp_on_all_nodes(initrc_t)
|
||||
corenetwork_network_raw_on_all_nodes(initrc_t)
|
||||
corenetwork_network_udp_on_all_nodes(initrc_t)
|
||||
corenetwork_network_tcp_on_all_ports(initrc_t)
|
||||
corenetwork_network_udp_on_all_ports(initrc_t)
|
||||
corenetwork_bind_tcp_on_all_nodes(initrc_t)
|
||||
corenetwork_bind_udp_on_all_nodes(initrc_t)
|
||||
#allow initrc_t net_conf_t:file r_file_perms;
|
||||
#sysnetwork_read_network_config(initrc_t)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user