Improve the documentation of corenetwork interfaces

corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
This commit is contained in:
Chris PeBenito 2010-02-26 14:24:56 -05:00
parent 14e543cb1c
commit 42eb0f10a9

View File

@ -140,11 +140,23 @@ interface(`corenet_server_packet',`
########################################
## <summary>
## Send and receive TCP network traffic on the generic interfaces.
## Send and receive TCP network traffic on generic interfaces.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive TCP network
## traffic on generic network interfaces.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
@ -233,13 +245,26 @@ interface(`corenet_dontaudit_udp_receive_generic_if',`
########################################
## <summary>
## Send and Receive UDP network traffic on generic interfaces.
## Send and receive UDP network traffic on generic interfaces.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive UDP network
## traffic on generic network interfaces.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_udp_sendrecv_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_if',`
corenet_udp_send_generic_if($1)
@ -491,11 +516,24 @@ interface(`corenet_raw_sendrecv_all_if',`
## <summary>
## Send and receive TCP network traffic on generic nodes.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive TCP network
## traffic to/from generic network nodes (hostnames/networks).
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_generic_node',`
gen_require(`
@ -545,11 +583,24 @@ interface(`corenet_udp_receive_generic_node',`
## <summary>
## Send and receive UDP network traffic on generic nodes.
## </summary>
## <desc>
## <p>
## Allow the specified domain to send and receive UDP network
## traffic to/from generic network nodes (hostnames/networks).
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_udp_sendrecv_generic_if()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_node',`
corenet_udp_send_generic_node($1)
@ -611,11 +662,26 @@ interface(`corenet_raw_sendrecv_generic_node',`
## <summary>
## Bind TCP sockets to generic nodes.
## </summary>
## <desc>
## <p>
## Bind TCP sockets to generic nodes. This is
## necessary for binding a socket so it
## can be used for servers to listen
## for incoming connections.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_udp_bind_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_tcp_bind_generic_node',`
gen_require(`
@ -629,11 +695,26 @@ interface(`corenet_tcp_bind_generic_node',`
## <summary>
## Bind UDP sockets to generic nodes.
## </summary>
## <desc>
## <p>
## Bind UDP sockets to generic nodes. This is
## necessary for binding a socket so it
## can be used for servers to listen
## for incoming connections.
## </p>
## <p>
## Related interface:
## </p>
## <ul>
## <li>corenet_tcp_bind_generic_node()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="1"/>
#
interface(`corenet_udp_bind_generic_node',`
gen_require(`
@ -1112,11 +1193,22 @@ interface(`corenet_tcp_connect_generic_port',`
## <summary>
## Send and receive TCP network traffic on all ports.
## </summary>
## <desc>
## <p>
## Send and receive TCP network traffic on all ports.
## Related interfaces:
## </p>
## <ul>
## <li>corenet_tcp_connect_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_all_ports',`
gen_require(`
@ -1166,11 +1258,21 @@ interface(`corenet_udp_receive_all_ports',`
## <summary>
## Send and receive UDP network traffic on all ports.
## </summary>
## <desc>
## <p>
## Send and receive UDP network traffic on all ports.
## Related interfaces:
## </p>
## <ul>
## <li>corenet_udp_bind_all_ports()</li>
## </ul>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_all_ports',`
corenet_udp_send_all_ports($1)
@ -2207,11 +2309,23 @@ interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
## <summary>
## Receive packets from an unlabeled connection.
## </summary>
## <desc>
## <p>
## Allow the specified domain to receive packets from an
## unlabeled connection. On machines that do not utilize
## labeled networking, this will be required on all
## networking domains. On machines tha do utilize
## labeled networking, this will be required for any
## networking domain that is allowed to receive
## network traffic that does not have a label.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_unlabeled',`
kernel_tcp_recvfrom_unlabeled($1)
@ -2229,11 +2343,22 @@ interface(`corenet_all_recvfrom_unlabeled',`
## <summary>
## Receive packets from a NetLabel connection.
## </summary>
## <desc>
## <p>
## Allow the specified domain to receive NetLabel
## network traffic, which utilizes the Commercial IP
## Security Option (CIPSO) to set the MLS level
## of the network packets. This is required for
## all networking domains that receive NetLabel
## network traffic.
## </p>
## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_netlabel',`
gen_require(`