## <summary>Network analysis utilities</summary> ######################################## ## <summary> ## Execute network utilities in the netutils domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`netutils_domtrans',` gen_require(` type netutils_t, netutils_exec_t; class process sigchld; class fd use; class fifo_file rw_file_perms; ') domain_auto_trans($1,netutils_exec_t,netutils_t) allow $1 netutils_t:fd use; allow netutils_t $1:fd use; allow netutils_t $1:fifo_file rw_file_perms; allow netutils_t $1:process sigchld; ') ######################################## ## <summary> ## Execute network utilities in the netutils domain, and ## allow the specified role the netutils domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> ## <param name="role"> ## The role to be allowed the netutils domain. ## </param> ## <param name="terminal"> ## The type of the terminal allow the netutils domain to use. ## </param> # interface(`netutils_run',` gen_require(` type netutils_t; class chr_file rw_term_perms; ') netutils_domtrans($1) role $2 types netutils_t; allow netutils_t $3:chr_file rw_term_perms; ') ######################################## ## <summary> ## Execute network utilities in the caller domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`netutils_exec',` gen_require(` type netutils_exec_t; ') can_exec($1,netutils_exec_t) ') ######################################## ## <summary> ## Execute ping in the ping domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`netutils_domtrans_ping',` gen_require(` type ping_t, ping_exec_t; class process sigchld; class fd use; class fifo_file rw_file_perms; ') domain_auto_trans($1,ping_exec_t,ping_t) allow $1 ping_t:fd use; allow ping_t $1:fd use; allow ping_t $1:fifo_file rw_file_perms; allow ping_t $1:process sigchld; ') ######################################## ## <summary> ## Execute ping in the ping domain, and ## allow the specified role the ping domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> ## <param name="role"> ## The role to be allowed the ping domain. ## </param> ## <param name="terminal"> ## The type of the terminal allow the ping domain to use. ## </param> # interface(`netutils_run_ping',` gen_require(` type ping_t; class chr_file rw_term_perms; ') netutils_domtrans_ping($1) role $2 types ping_t; allow ping_t $3:chr_file rw_term_perms; ') ######################################## ## <summary> ## Execute ping in the caller domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`netutils_exec_ping',` gen_require(` type ping_exec_t; ') can_exec($1,ping_exec_t) ') ######################################## ## <summary> ## Execute traceroute in the traceroute domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`netutils_domtrans_traceroute',` gen_require(` type traceroute_t, traceroute_exec_t; class process sigchld; class fd use; class fifo_file rw_file_perms; ') domain_auto_trans($1,traceroute_exec_t,traceroute_t) allow $1 traceroute_t:fd use; allow traceroute_t $1:fd use; allow traceroute_t $1:fifo_file rw_file_perms; allow traceroute_t $1:process sigchld; ') ######################################## ## <summary> ## Execute traceroute in the traceroute domain, and ## allow the specified role the traceroute domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> ## <param name="role"> ## The role to be allowed the traceroute domain. ## </param> ## <param name="terminal"> ## The type of the terminal allow the traceroute domain to use. ## </param> # interface(`netutils_run_traceroute',` gen_require(` type traceroute_t; class chr_file rw_term_perms; ') netutils_domtrans_traceroute($1) role $2 types traceroute_t; allow traceroute_t $3:chr_file rw_term_perms; ') ######################################## ## <summary> ## Execute traceroute in the caller domain. ## </summary> ## <param name="domain"> ## The type of the process performing this action. ## </param> # interface(`netutils_exec_traceroute',` gen_require(` type traceroute_exec_t; ') can_exec($1,traceroute_exec_t) ')