rpms/selinux-policy
5
0
Fork 0
Code Issues Pull Requests Releases Activity

add client and server packet attributes

Browse Source
This commit is contained in:
Chris PeBenito 2006-05-26 13:49:13 +00:00
parent 7b643689e6
commit 2f8eec29c5
3 changed files with 145 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
refpolicy/policy/modules/kernel/corenetwork.if.in
View File

@ -1398,6 +1398,144 @@ interface(`corenet_sendrecv_unlabeled_packets',`
kernel_sendrecv_unlabeled_packets($1) kernel_sendrecv_unlabeled_packets($1)
') ')
########################################
## <summary>
## Send all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet send;
')
########################################
## <summary>
## Receive all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all client packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_client_packets',`
corenet_send_all_client_packets($1)
corenet_recveive_all_client_packets($1)
')
########################################
## <summary>
## Relabel packets to any client packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_client_packets',`
gen_require(`
attribute client_packet_type;
')
allow $1 client_packet_type:packet relabelto;
')
########################################
## <summary>
## Send all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_send_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet send;
')
########################################
## <summary>
## Receive all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_receive_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet recv;
')
########################################
## <summary>
## Send and receive all server packets.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_sendrecv_all_server_packets',`
corenet_send_all_server_packets($1)
corenet_recveive_all_server_packets($1)
')
########################################
## <summary>
## Relabel packets to any server packet type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`corenet_relabelto_all_server_packets',`
gen_require(`
attribute server_packet_type;
')
allow $1 server_packet_type:packet relabelto;
')
######################################## ########################################
## <summary> ## <summary>
## Send all packets. ## Send all packets.

4
refpolicy/policy/modules/kernel/corenetwork.te.in
View File

@ -1,17 +1,19 @@
policy_module(corenetwork,1.1.9) policy_module(corenetwork,1.1.10)
######################################## ########################################
# #
# Declarations # Declarations
# #
attribute client_packet_type;
attribute netif_type; attribute netif_type;
attribute node_type; attribute node_type;
attribute packet_type; attribute packet_type;
attribute port_type; attribute port_type;
attribute reserved_port_type; attribute reserved_port_type;
attribute rpc_port_type; attribute rpc_port_type;
attribute server_packet_type;
attribute corenet_unconfined_type; attribute corenet_unconfined_type;

8
refpolicy/policy/modules/kernel/corenetwork.te.m4
View File

@ -60,8 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
# #
define(`network_port',` define(`network_port',`
type $1_port_t, port_type; type $1_port_t, port_type;
type $1_client_packet_t, packet_type; type $1_client_packet_t, packet_type, client_packet_type;
type $1_server_packet_t, packet_type; type $1_server_packet_t, packet_type, server_packet_type;
declare_ports($1_port_t,shift($*)) declare_ports($1_port_t,shift($*))
') ')
@ -69,6 +69,6 @@ declare_ports($1_port_t,shift($*))
# network_packet(packet_name) # network_packet(packet_name)
# #
define(`network_packet',` define(`network_packet',`
type $1_client_packet_t, packet_type; type $1_client_packet_t, packet_type, client_packet_type;
type $1_server_packet_t, packet_type; type $1_server_packet_t, packet_type, server_packet_type;
') ')