add client and server packet attributes

2006-05-26 13:49:13 +00:00 · 2006-05-26 13:49:13 +00:00 · 2f8eec29c5
commit 2f8eec29c5
parent 7b643689e6
3 changed files with 145 additions and 5 deletions
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@ -1398,6 +1398,144 @@ interface(`corenet_sendrecv_unlabeled_packets',`
 	kernel_sendrecv_unlabeled_packets($1)
 ')

+########################################
+## <summary>
+##	Send all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_send_all_client_packets',`
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet send;
+')
+
+########################################
+## <summary>
+##	Receive all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_receive_all_client_packets',`
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_sendrecv_all_client_packets',`
+	corenet_send_all_client_packets($1)
+	corenet_recveive_all_client_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to any client packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_all_client_packets',`
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet relabelto;
+')
+
+########################################
+## <summary>
+##	Send all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_send_all_server_packets',`
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet send;
+')
+
+########################################
+## <summary>
+##	Receive all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_receive_all_server_packets',`
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_sendrecv_all_server_packets',`
+	corenet_send_all_server_packets($1)
+	corenet_recveive_all_server_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to any server packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_all_server_packets',`
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet relabelto;
+')
+
 ########################################
 ## <summary>
 ##	Send all packets.
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.in
@ -1,17 +1,19 @@

-policy_module(corenetwork,1.1.9)
+policy_module(corenetwork,1.1.10)

 ########################################
 #
 # Declarations
 #

+attribute client_packet_type;
 attribute netif_type;
 attribute node_type;
 attribute packet_type;
 attribute port_type;
 attribute reserved_port_type;
 attribute rpc_port_type;
+attribute server_packet_type;

 attribute corenet_unconfined_type;

--- a/refpolicy/policy/modules/kernel/corenetwork.te.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4
@ -60,8 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
 #
 define(`network_port',`
 type $1_port_t, port_type;
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
 declare_ports($1_port_t,shift($*))
 ')

@ -69,6 +69,6 @@ declare_ports($1_port_t,shift($*))
 # network_packet(packet_name)
 #
 define(`network_packet',`
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
 ')