add client and server packet attributes
This commit is contained in:
Chris PeBenito
parent
7b643689e6
commit
2f8eec29c5
@ -1398,6 +1398,144 @@ interface(`corenet_sendrecv_unlabeled_packets',`
|
||||
kernel_sendrecv_unlabeled_packets($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send all client packets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_send_all_client_packets',`
|
||||
gen_require(`
|
||||
attribute client_packet_type;
|
||||
')
|
||||
|
||||
allow $1 client_packet_type:packet send;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Receive all client packets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_receive_all_client_packets',`
|
||||
gen_require(`
|
||||
attribute client_packet_type;
|
||||
')
|
||||
|
||||
allow $1 client_packet_type:packet recv;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send and receive all client packets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_sendrecv_all_client_packets',`
|
||||
corenet_send_all_client_packets($1)
|
||||
corenet_recveive_all_client_packets($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Relabel packets to any client packet type.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_relabelto_all_client_packets',`
|
||||
gen_require(`
|
||||
attribute client_packet_type;
|
||||
')
|
||||
|
||||
allow $1 client_packet_type:packet relabelto;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send all server packets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_send_all_server_packets',`
|
||||
gen_require(`
|
||||
attribute server_packet_type;
|
||||
')
|
||||
|
||||
allow $1 server_packet_type:packet send;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Receive all server packets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_receive_all_server_packets',`
|
||||
gen_require(`
|
||||
attribute server_packet_type;
|
||||
')
|
||||
|
||||
allow $1 server_packet_type:packet recv;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send and receive all server packets.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_sendrecv_all_server_packets',`
|
||||
corenet_send_all_server_packets($1)
|
||||
corenet_recveive_all_server_packets($1)
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Relabel packets to any server packet type.
|
||||
## </summary>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
#
|
||||
interface(`corenet_relabelto_all_server_packets',`
|
||||
gen_require(`
|
||||
attribute server_packet_type;
|
||||
')
|
||||
|
||||
allow $1 server_packet_type:packet relabelto;
|
||||
')
|
||||
|
||||
########################################
|
||||
## <summary>
|
||||
## Send all packets.
|
||||
|
||||
@ -1,17 +1,19 @@
|
||||
|
||||
policy_module(corenetwork,1.1.9)
|
||||
policy_module(corenetwork,1.1.10)
|
||||
|
||||
########################################
|
||||
#
|
||||
# Declarations
|
||||
#
|
||||
|
||||
attribute client_packet_type;
|
||||
attribute netif_type;
|
||||
attribute node_type;
|
||||
attribute packet_type;
|
||||
attribute port_type;
|
||||
attribute reserved_port_type;
|
||||
attribute rpc_port_type;
|
||||
attribute server_packet_type;
|
||||
|
||||
attribute corenet_unconfined_type;
|
||||
|
||||
|
||||
@ -60,8 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
|
||||
#
|
||||
define(`network_port',`
|
||||
type $1_port_t, port_type;
|
||||
type $1_client_packet_t, packet_type;
|
||||
type $1_server_packet_t, packet_type;
|
||||
type $1_client_packet_t, packet_type, client_packet_type;
|
||||
type $1_server_packet_t, packet_type, server_packet_type;
|
||||
declare_ports($1_port_t,shift($*))
|
||||
')
|
||||
|
||||
@ -69,6 +69,6 @@ declare_ports($1_port_t,shift($*))
|
||||
# network_packet(packet_name)
|
||||
#
|
||||
define(`network_packet',`
|
||||
type $1_client_packet_t, packet_type;
|
||||
type $1_server_packet_t, packet_type;
|
||||
type $1_client_packet_t, packet_type, client_packet_type;
|
||||
type $1_server_packet_t, packet_type, server_packet_type;
|
||||
')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user