complete corenetwork

This commit is contained in:
Chris PeBenito 2005-04-21 21:53:15 +00:00
parent 1f7b37c585
commit 0e730cc8e1
4 changed files with 1028 additions and 127 deletions

View File

@ -156,7 +156,7 @@ tmp/generated_definitions.conf: $(ALL_MODULES) $(ALL_TE_FILES) $(BASE_MODULE)/co
$(QUIET) for i in $(notdir $(ALL_TE_FILES)); do \
echo "define(\`$$i')" >> $@ ;\
done
$(QUIET) m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te \
$(QUIET) m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/global.if $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te \
| sed -e 's/dollarsone/\$$1/g' -e 's/dollarstwo/\$$2/g' >> $@
tmp/all_interfaces.conf: $(ALL_INTERFACES)

File diff suppressed because it is too large Load Diff

View File

@ -26,12 +26,12 @@ allow kernel_t unlabeled_t:dir mounton;
#can_exec(kernel_t, bin_t.sys)
# Kernel-generated traffic, e.g. ICMP replies.
corenetwork_send_raw_on_all_interfaces(kernel_t)
corenetwork_receive_raw_on_all_interfaces(kernel_t)
corenetwork_network_raw_on_all_interfaces(kernel_t)
corenetwork_network_raw_on_all_nodes(kernel_t)
# Kernel-generated traffic, e.g. TCP resets.
corenetwork_send_tcp_on_all_interfaces(kernel_t)
corenetwork_receive_tcp_on_all_interfaces(kernel_t)
corenetwork_network_tcp_on_all_interfaces(kernel_t)
corenetwork_network_tcp_on_all_nodes(kernel_t)
########################################
#

View File

@ -187,24 +187,16 @@ filesystem_unmount_all_filesystems(initrc_t)
# can_network(initrc_t):
allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
corenetwork_send_tcp_on_all_interfaces(initrc_t)
corenetwork_send_raw_on_all_interfaces(initrc_t)
corenetwork_send_udp_on_all_interfaces(initrc_t)
#corenetwork_send_tcp_on_all_nodes(initrc_t)
#corenetwork_send_raw_on_all_nodes(initrc_t)
#corenetwork_send_udp_on_all_nodes(initrc_t)
#corenetwork_send_tcp_on_all_ports(initrc_t)
#corenetwork_send_udp_on_all_ports(initrc_t)
corenetwork_receive_tcp_on_all_interfaces(initrc_t)
corenetwork_receive_raw_on_all_interfaces(initrc_t)
corenetwork_receive_udp_on_all_interfaces(initrc_t)
#corenetwork_receive_tcp_on_all_nodes(initrc_t)
#corenetwork_receive_raw_on_all_nodes(initrc_t)
#corenetwork_receive_udp_on_all_nodes(initrc_t)
#corenetwork_receive_tcp_on_all_ports(initrc_t)
#corenetwork_receive_udp_on_all_ports(initrc_t)
#corenetwork_bind_tcp_on_all_nodes(initrc_t)
#corenetwork_bind_udp_on_all_nodes(initrc_t)
corenetwork_network_tcp_on_all_interfaces(initrc_t)
corenetwork_network_raw_on_all_interfaces(initrc_t)
corenetwork_network_udp_on_all_interfaces(initrc_t)
corenetwork_network_tcp_on_all_nodes(initrc_t)
corenetwork_network_raw_on_all_nodes(initrc_t)
corenetwork_network_udp_on_all_nodes(initrc_t)
corenetwork_network_tcp_on_all_ports(initrc_t)
corenetwork_network_udp_on_all_ports(initrc_t)
corenetwork_bind_tcp_on_all_nodes(initrc_t)
corenetwork_bind_udp_on_all_nodes(initrc_t)
#allow initrc_t net_conf_t:file r_file_perms;
#sysnetwork_read_network_config(initrc_t)