rpms/selinux-policy
6
0
Fork 0
Code Issues Pull Requests Releases Activity

interface review, and remove net_raw from raw node sends. only give

Browse Source 
capability for raw send on an interface
This commit is contained in:
Chris PeBenito 2005-06-17 18:59:34 +00:00
parent c9b7f1a28e
commit bc1fbab472
1 changed files with 71 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

193
refpolicy/policy/modules/kernel/corenetwork.if.m4
View File

@ -17,17 +17,14 @@ define(`create_netif_interfaces',``
## </interface> ## </interface>
# #
define(`corenet_tcp_sendrecv_$1',` define(`corenet_tcp_sendrecv_$1',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_netif_t;
class netif { tcp_send tcp_recv };
')
allow dollarsone $1_netif_t:netif { tcp_send tcp_recv }; allow dollarsone $1_netif_t:netif { tcp_send tcp_recv };
') ')
define(`corenet_tcp_sendrecv_$1_depend',`
type $1_netif_t;
class netif { tcp_send tcp_recv };
')
######################################## ########################################
## <interface name="corenet_udp_send_$1"> ## <interface name="corenet_udp_send_$1">
## <description> ## <description>
@ -40,17 +37,14 @@ define(`corenet_tcp_sendrecv_$1_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_send_$1',` define(`corenet_udp_send_$1',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_netif_t;
class netif udp_send;
')
allow dollarsone $1_netif_t:netif udp_send; allow dollarsone $1_netif_t:netif udp_send;
') ')
define(`corenet_udp_send_$1_depend',`
type $1_netif_t;
class netif udp_send;
')
######################################## ########################################
## <interface name="corenet_udp_receive_$1"> ## <interface name="corenet_udp_receive_$1">
## <description> ## <description>
@ -63,17 +57,14 @@ define(`corenet_udp_send_$1_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_receive_$1',` define(`corenet_udp_receive_$1',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_netif_t;
class netif udp_recv;
')
allow dollarsone $1_netif_t:netif udp_recv; allow dollarsone $1_netif_t:netif udp_recv;
') ')
define(`corenet_udp_receive_$1_depend',`
type $1_netif_t;
class netif udp_recv;
')
######################################## ########################################
## <interface name="corenetwork_sendrecv_udp_on_$1_interface"> ## <interface name="corenetwork_sendrecv_udp_on_$1_interface">
## <description> ## <description>
@ -102,19 +93,16 @@ define(`corenet_udp_sendrecv_$1',`
## </interface> ## </interface>
# #
define(`corenet_raw_send_$1',` define(`corenet_raw_send_$1',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_netif_t;
class netif rawip_send;
class capability net_raw;
')
allow dollarsone $1_netif_t:netif rawip_send; allow dollarsone $1_netif_t:netif rawip_send;
allow dollarsone self:capability net_raw; allow dollarsone self:capability net_raw;
') ')
define(`corenet_raw_send_$1_depend',`
type $1_netif_t;
class netif rawip_send;
class capability net_raw;
')
######################################## ########################################
## <interface name="corenet_raw_receive_$1"> ## <interface name="corenet_raw_receive_$1">
## <description> ## <description>
@ -127,17 +115,14 @@ define(`corenet_raw_send_$1_depend',`
## </interface> ## </interface>
# #
define(`corenet_raw_receive_$1',` define(`corenet_raw_receive_$1',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_netif_t;
class netif rawip_recv;
')
allow dollarsone $1_netif_t:netif rawip_recv; allow dollarsone $1_netif_t:netif rawip_recv;
') ')
define(`corenet_raw_receive_$1_depend',`
type $1_netif_t;
class netif rawip_recv;
')
######################################## ########################################
## <interface name="corenet_raw_sendrecv_$1"> ## <interface name="corenet_raw_sendrecv_$1">
## <description> ## <description>
@ -174,17 +159,14 @@ define(`create_node_interfaces',``
## </interface> ## </interface>
# #
define(`corenet_tcp_sendrecv_$1_node',` define(`corenet_tcp_sendrecv_$1_node',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_node_t;
class node { tcp_send tcp_recv };
')
allow dollarsone $1_node_t:node { tcp_send tcp_recv }; allow dollarsone $1_node_t:node { tcp_send tcp_recv };
') ')
define(`corenet_tcp_sendrecv_$1_node_depend',`
type $1_node_t;
class node { tcp_send tcp_recv };
')
######################################## ########################################
## <interface name="corenet_udp_send_$1_node"> ## <interface name="corenet_udp_send_$1_node">
## <description> ## <description>
@ -197,17 +179,14 @@ define(`corenet_tcp_sendrecv_$1_node_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_send_$1_node',` define(`corenet_udp_send_$1_node',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_node_t;
class node udp_send;
')
allow dollarsone $1_node_t:node udp_send; allow dollarsone $1_node_t:node udp_send;
') ')
define(`corenet_udp_send_$1_node_depend',`
type $1_node_t;
class node udp_send;
')
######################################## ########################################
## <interface name="corenet_udp_receive_$1_node"> ## <interface name="corenet_udp_receive_$1_node">
## <description> ## <description>
@ -220,17 +199,14 @@ define(`corenet_udp_send_$1_node_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_receive_$1_node',` define(`corenet_udp_receive_$1_node',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_node_t;
class node udp_recv;
')
allow dollarsone $1_node_t:node udp_recv; allow dollarsone $1_node_t:node udp_recv;
') ')
define(`corenet_udp_receive_$1_node_depend',`
type $1_node_t;
class node udp_recv;
')
######################################## ########################################
## <interface name="corenet_udp_sendrecv_$1_node"> ## <interface name="corenet_udp_sendrecv_$1_node">
## <description> ## <description>
@ -259,17 +235,12 @@ define(`corenet_udp_sendrecv_$1_node',`
## </interface> ## </interface>
# #
define(`corenet_raw_send_$1_node',` define(`corenet_raw_send_$1_node',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_node_t;
class node rawip_send;
')
allow dollarsone $1_node_t:node rawip_send; allow dollarsone $1_node_t:node rawip_send;
allow dollarsone self:capability net_raw;
')
define(`corenet_raw_send_$1_node_depend',`
type $1_node_t;
class node rawip_send;
class capability net_raw;
') ')
######################################## ########################################
@ -284,17 +255,14 @@ define(`corenet_raw_send_$1_node_depend',`
## </interface> ## </interface>
# #
define(`corenet_raw_receive_$1_node',` define(`corenet_raw_receive_$1_node',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_node_t;
class node rawip_recv;
')
allow dollarsone $1_node_t:node rawip_recv; allow dollarsone $1_node_t:node rawip_recv;
') ')
define(`corenet_raw_receive_$1_node_depend',`
type $1_node_t;
class node rawip_recv;
')
######################################## ########################################
## <interface name="corenet_raw_sendrecv_$1_node"> ## <interface name="corenet_raw_sendrecv_$1_node">
## <description> ## <description>
@ -323,17 +291,14 @@ define(`corenet_raw_sendrecv_$1_node',`
## </interface> ## </interface>
# #
define(`corenet_tcp_bind_$1_node',` define(`corenet_tcp_bind_$1_node',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_node_t;
class tcp_socket node_bind;
')
allow dollarsone $1_node_t:tcp_socket node_bind; allow dollarsone $1_node_t:tcp_socket node_bind;
') ')
define(`corenet_tcp_bind_$1_node_depend',`
type $1_node_t;
class tcp_socket node_bind;
')
######################################## ########################################
## <interface name="corenet_udp_bind_$1_node"> ## <interface name="corenet_udp_bind_$1_node">
## <description> ## <description>
@ -346,16 +311,13 @@ define(`corenet_tcp_bind_$1_node_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_bind_$1_node',` define(`corenet_udp_bind_$1_node',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_node_t;
class udp_socket node_bind;
')
allow dollarsone $1_node_t:udp_socket node_bind; allow dollarsone $1_node_t:udp_socket node_bind;
') ')
define(`corenet_udp_bind_$1_node_depend',`
type $1_node_t;
class udp_socket node_bind;
')
'') dnl end create_node_interfaces '') dnl end create_node_interfaces
######################################## ########################################
@ -377,17 +339,14 @@ define(`create_port_interfaces',``
## </interface> ## </interface>
# #
define(`corenet_tcp_sendrecv_$1_port',` define(`corenet_tcp_sendrecv_$1_port',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_port_t;
class tcp_socket { send_msg recv_msg };
')
allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg }; allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg };
') ')
define(`corenet_tcp_sendrecv_$1_port_depend',`
type $1_port_t;
class tcp_socket { send_msg recv_msg };
')
######################################## ########################################
## <interface name="corenet_udp_send_$1_port"> ## <interface name="corenet_udp_send_$1_port">
## <description> ## <description>
@ -400,17 +359,14 @@ define(`corenet_tcp_sendrecv_$1_port_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_send_$1_port',` define(`corenet_udp_send_$1_port',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_port_t;
class udp_socket send_msg;
')
allow dollarsone $1_port_t:udp_socket send_msg; allow dollarsone $1_port_t:udp_socket send_msg;
') ')
define(`corenet_udp_send_$1_port_depend',`
type $1_port_t;
class udp_socket send_msg;
')
######################################## ########################################
## <interface name="corenet_udp_receive_$1_port"> ## <interface name="corenet_udp_receive_$1_port">
## <description> ## <description>
@ -423,17 +379,14 @@ define(`corenet_udp_send_$1_port_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_receive_$1_port',` define(`corenet_udp_receive_$1_port',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_port_t;
class udp_socket recv_msg;
')
allow dollarsone $1_port_t:udp_socket recv_msg; allow dollarsone $1_port_t:udp_socket recv_msg;
') ')
define(`corenet_udp_receive_$1_port_depend',`
type $1_port_t;
class udp_socket recv_msg;
')
######################################## ########################################
## <interface name="corenetwork_sendrecv_udp_on_$1_port"> ## <interface name="corenetwork_sendrecv_udp_on_$1_port">
## <description> ## <description>
@ -462,16 +415,13 @@ define(`corenet_udp_sendrecv_$1_port',`
## </interface> ## </interface>
# #
define(`corenet_tcp_bind_$1_port',` define(`corenet_tcp_bind_$1_port',`
gen_require(`dollarszero'_depend) gen_require(`
allow dollarsone $1_port_t:tcp_socket name_bind;
$2
')
define(`corenet_tcp_bind_$1_port_depend',`
type $1_port_t; type $1_port_t;
class tcp_socket name_bind; class tcp_socket name_bind;
$3 $3
')
allow dollarsone $1_port_t:tcp_socket name_bind;
$2
') ')
######################################## ########################################
@ -486,18 +436,15 @@ define(`corenet_tcp_bind_$1_port_depend',`
## </interface> ## </interface>
# #
define(`corenet_udp_bind_$1_port',` define(`corenet_udp_bind_$1_port',`
gen_require(`dollarszero'_depend) gen_require(`
type $1_port_t;
class udp_socket name_bind;
$3
')
allow dollarsone $1_port_t:udp_socket name_bind; allow dollarsone $1_port_t:udp_socket name_bind;
$2 $2
') ')
define(`corenet_udp_bind_$1_port_depend',`
type $1_port_t;
class udp_socket name_bind;
$3
')
'') dnl end create_port_interfaces '') dnl end create_port_interfaces
# #