[selinux-policy: 251/3172] change network verb in corenetwork to sendrecv
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:26:37 UTC 2010
commit d115660e3b9c7faf3a32008c98e78d91b1bca1a0
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Thu Jun 2 18:55:47 2005 +0000
change network verb in corenetwork to sendrecv
refpolicy/policy/modules/admin/netutils.te | 48 +-
refpolicy/policy/modules/admin/rpm.te | 16 +-
refpolicy/policy/modules/apps/gpg.if | 32 +-
refpolicy/policy/modules/kernel/bootloader.if | 307 ++++---
refpolicy/policy/modules/kernel/corenetwork.if | 1108 +++++++++++++-----------
refpolicy/policy/modules/kernel/kernel.te | 8 +-
refpolicy/policy/modules/services/cron.if | 16 +-
refpolicy/policy/modules/services/cron.te | 16 +-
refpolicy/policy/modules/services/mta.if | 16 +-
refpolicy/policy/modules/services/mta.te | 16 +-
refpolicy/policy/modules/services/sendmail.te | 16 +-
refpolicy/policy/modules/system/authlogin.if | 20 +-
refpolicy/policy/modules/system/authlogin.te | 10 +-
refpolicy/policy/modules/system/hostname.te | 10 +-
refpolicy/policy/modules/system/hotplug.te | 10 +-
refpolicy/policy/modules/system/init.te | 16 +-
refpolicy/policy/modules/system/iptables.te | 10 +-
refpolicy/policy/modules/system/logging.te | 10 +-
refpolicy/policy/modules/system/mount.te | 16 +-
refpolicy/policy/modules/system/sysnetwork.te | 16 +-
refpolicy/policy/modules/system/userdomain.if | 16 +-
21 files changed, 953 insertions(+), 780 deletions(-)
---
diff --git a/refpolicy/policy/modules/admin/netutils.te b/refpolicy/policy/modules/admin/netutils.te
index 09e818d..ede8c86 100644
--- a/refpolicy/policy/modules/admin/netutils.te
+++ b/refpolicy/policy/modules/admin/netutils.te
@@ -46,14 +46,14 @@ allow netutils_t netutils_tmp_t:dir { create read getattr lock setattr ioctl lin
allow netutils_t netutils_tmp_t:file { create ioctl read getattr lock write setattr append link unlink rename };
files_create_private_tmp_data(netutils_t, netutils_tmp_t, { file dir })
-corenetwork_network_tcp_on_all_interfaces(netutils_t)
-corenetwork_network_raw_on_all_interfaces(netutils_t)
-corenetwork_network_udp_on_all_interfaces(netutils_t)
-corenetwork_network_tcp_on_all_nodes(netutils_t)
-corenetwork_network_raw_on_all_nodes(netutils_t)
-corenetwork_network_udp_on_all_nodes(netutils_t)
-corenetwork_network_tcp_on_all_ports(netutils_t)
-corenetwork_network_udp_on_all_ports(netutils_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(netutils_t)
+corenetwork_sendrecv_raw_on_all_interfaces(netutils_t)
+corenetwork_sendrecv_udp_on_all_interfaces(netutils_t)
+corenetwork_sendrecv_tcp_on_all_nodes(netutils_t)
+corenetwork_sendrecv_raw_on_all_nodes(netutils_t)
+corenetwork_sendrecv_udp_on_all_nodes(netutils_t)
+corenetwork_sendrecv_tcp_on_all_ports(netutils_t)
+corenetwork_sendrecv_udp_on_all_ports(netutils_t)
corenetwork_bind_tcp_on_all_nodes(netutils_t)
corenetwork_bind_udp_on_all_nodes(netutils_t)
@@ -104,14 +104,14 @@ allow ping_t self:tcp_socket { create connect ioctl read getattr write setattr a
allow ping_t self:udp_socket { create connect ioctl read getattr write setattr append bind getopt setopt shutdown };
allow ping_t self:rawip_socket { create ioctl read write bind getopt setopt };
-corenetwork_network_tcp_on_all_interfaces(ping_t)
-corenetwork_network_udp_on_all_interfaces(ping_t)
-corenetwork_network_raw_on_all_interfaces(ping_t)
-corenetwork_network_raw_on_all_nodes(ping_t)
-corenetwork_network_tcp_on_all_nodes(ping_t)
-corenetwork_network_udp_on_all_nodes(ping_t)
-corenetwork_network_tcp_on_all_ports(ping_t)
-corenetwork_network_udp_on_all_ports(ping_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(ping_t)
+corenetwork_sendrecv_udp_on_all_interfaces(ping_t)
+corenetwork_sendrecv_raw_on_all_interfaces(ping_t)
+corenetwork_sendrecv_raw_on_all_nodes(ping_t)
+corenetwork_sendrecv_tcp_on_all_nodes(ping_t)
+corenetwork_sendrecv_udp_on_all_nodes(ping_t)
+corenetwork_sendrecv_tcp_on_all_ports(ping_t)
+corenetwork_sendrecv_udp_on_all_ports(ping_t)
corenetwork_bind_udp_on_all_nodes(ping_t)
corenetwork_bind_tcp_on_all_nodes(ping_t)
@@ -162,14 +162,14 @@ allow traceroute_t self:netlink_route_socket { bind create getattr nlmsg_read re
kernel_read_system_state(traceroute_t)
kernel_read_network_state(traceroute_t)
-corenetwork_network_tcp_on_all_interfaces(traceroute_t)
-corenetwork_network_udp_on_all_interfaces(traceroute_t)
-corenetwork_network_raw_on_all_interfaces(traceroute_t)
-corenetwork_network_raw_on_all_nodes(traceroute_t)
-corenetwork_network_tcp_on_all_nodes(traceroute_t)
-corenetwork_network_udp_on_all_nodes(traceroute_t)
-corenetwork_network_tcp_on_all_ports(traceroute_t)
-corenetwork_network_udp_on_all_ports(traceroute_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(traceroute_t)
+corenetwork_sendrecv_udp_on_all_interfaces(traceroute_t)
+corenetwork_sendrecv_raw_on_all_interfaces(traceroute_t)
+corenetwork_sendrecv_raw_on_all_nodes(traceroute_t)
+corenetwork_sendrecv_tcp_on_all_nodes(traceroute_t)
+corenetwork_sendrecv_udp_on_all_nodes(traceroute_t)
+corenetwork_sendrecv_tcp_on_all_ports(traceroute_t)
+corenetwork_sendrecv_udp_on_all_ports(traceroute_t)
corenetwork_bind_udp_on_all_nodes(traceroute_t)
corenetwork_bind_tcp_on_all_nodes(traceroute_t)
diff --git a/refpolicy/policy/modules/admin/rpm.te b/refpolicy/policy/modules/admin/rpm.te
index ccf2737..83a0db6 100644
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@@ -102,14 +102,14 @@ kernel_compute_selinux_create_context(rpm_t)
kernel_compute_selinux_relabel_context(rpm_t)
kernel_compute_selinux_reachable_user_contexts(rpm_t)
-corenetwork_network_tcp_on_all_interfaces(rpm_t)
-corenetwork_network_raw_on_all_interfaces(rpm_t)
-corenetwork_network_udp_on_all_interfaces(rpm_t)
-corenetwork_network_tcp_on_all_nodes(rpm_t)
-corenetwork_network_raw_on_all_nodes(rpm_t)
-corenetwork_network_udp_on_all_nodes(rpm_t)
-corenetwork_network_tcp_on_all_ports(rpm_t)
-corenetwork_network_udp_on_all_ports(rpm_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(rpm_t)
+corenetwork_sendrecv_raw_on_all_interfaces(rpm_t)
+corenetwork_sendrecv_udp_on_all_interfaces(rpm_t)
+corenetwork_sendrecv_tcp_on_all_nodes(rpm_t)
+corenetwork_sendrecv_raw_on_all_nodes(rpm_t)
+corenetwork_sendrecv_udp_on_all_nodes(rpm_t)
+corenetwork_sendrecv_tcp_on_all_ports(rpm_t)
+corenetwork_sendrecv_udp_on_all_ports(rpm_t)
corenetwork_bind_tcp_on_all_nodes(rpm_t)
corenetwork_bind_udp_on_all_nodes(rpm_t)
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 562a1dc..dcb7431 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -62,14 +62,14 @@ allow $1_gpg_t $1_gpg_secret_t:dir { read getattr lock search ioctl add_name rem
allow $1_gpg_t $1_gpg_secret_t:file { create ioctl read getattr lock write setattr append link unlink rename };
allow $1_gpg_t $1_gpg_secret_t:lnk_file { create read getattr setattr link unlink rename };
-corenetwork_network_tcp_on_all_interfaces($1_gpg_t)
-corenetwork_network_raw_on_all_interfaces($1_gpg_t)
-corenetwork_network_udp_on_all_interfaces($1_gpg_t)
-corenetwork_network_tcp_on_all_nodes($1_gpg_t)
-corenetwork_network_raw_on_all_nodes($1_gpg_t)
-corenetwork_network_udp_on_all_nodes($1_gpg_t)
-corenetwork_network_tcp_on_all_ports($1_gpg_t)
-corenetwork_network_udp_on_all_ports($1_gpg_t)
+corenetwork_sendrecv_tcp_on_all_interfaces($1_gpg_t)
+corenetwork_sendrecv_raw_on_all_interfaces($1_gpg_t)
+corenetwork_sendrecv_udp_on_all_interfaces($1_gpg_t)
+corenetwork_sendrecv_tcp_on_all_nodes($1_gpg_t)
+corenetwork_sendrecv_raw_on_all_nodes($1_gpg_t)
+corenetwork_sendrecv_udp_on_all_nodes($1_gpg_t)
+corenetwork_sendrecv_tcp_on_all_ports($1_gpg_t)
+corenetwork_sendrecv_udp_on_all_ports($1_gpg_t)
corenetwork_bind_tcp_on_all_nodes($1_gpg_t)
corenetwork_bind_udp_on_all_nodes($1_gpg_t)
@@ -169,14 +169,14 @@ allow $1_gpg_helper_t self:udp_socket { create connect ioctl read getattr write
dontaudit $1_gpg_helper_t $1_gpg_secret_t:file read;
-corenetwork_network_tcp_on_all_interfaces($1_gpg_helper_t)
-corenetwork_network_raw_on_all_interfaces($1_gpg_helper_t)
-corenetwork_network_udp_on_all_interfaces($1_gpg_helper_t)
-corenetwork_network_tcp_on_all_nodes($1_gpg_helper_t)
-corenetwork_network_udp_on_all_nodes($1_gpg_helper_t)
-corenetwork_network_raw_on_all_nodes($1_gpg_helper_t)
-corenetwork_network_tcp_on_all_ports($1_gpg_helper_t)
-corenetwork_network_udp_on_all_ports($1_gpg_helper_t)
+corenetwork_sendrecv_tcp_on_all_interfaces($1_gpg_helper_t)
+corenetwork_sendrecv_raw_on_all_interfaces($1_gpg_helper_t)
+corenetwork_sendrecv_udp_on_all_interfaces($1_gpg_helper_t)
+corenetwork_sendrecv_tcp_on_all_nodes($1_gpg_helper_t)
+corenetwork_sendrecv_udp_on_all_nodes($1_gpg_helper_t)
+corenetwork_sendrecv_raw_on_all_nodes($1_gpg_helper_t)
+corenetwork_sendrecv_tcp_on_all_ports($1_gpg_helper_t)
+corenetwork_sendrecv_udp_on_all_ports($1_gpg_helper_t)
corenetwork_bind_tcp_on_all_nodes($1_gpg_helper_t)
corenetwork_bind_udp_on_all_nodes($1_gpg_helper_t)
diff --git a/refpolicy/policy/modules/kernel/bootloader.if b/refpolicy/policy/modules/kernel/bootloader.if
index f42690f..c4a5933 100644
--- a/refpolicy/policy/modules/kernel/bootloader.if
+++ b/refpolicy/policy/modules/kernel/bootloader.if
@@ -13,23 +13,26 @@
## </interface>
#
define(`bootloader_transition',`
-requires_block_template(`$0'_depend)
-allow $1 bootloader_exec_t:file { getattr read execute };
-allow $1 bootloader_t:process transition;
-type_transition $1 bootloader_exec_t:process bootloader_t;
-dontaudit $1 bootloader_t:process { noatsecure siginh rlimitinh };
-allow $1 bootloader_t:fd use;
-allow bootloader_t $1:fd use;
-allow bootloader_t $1:fifo_file rw_file_perms;
-allow bootloader_t $1:process sigchld;
+ requires_block_template(`$0'_depend)
+
+ allow $1 bootloader_exec_t:file { getattr read execute };
+ allow $1 bootloader_t:process transition;
+ type_transition $1 bootloader_exec_t:process bootloader_t;
+ dontaudit $1 bootloader_t:process { noatsecure siginh rlimitinh };
+
+ allow $1 bootloader_t:fd use;
+ allow bootloader_t $1:fd use;
+ allow bootloader_t $1:fifo_file rw_file_perms;
+ allow bootloader_t $1:process sigchld;
')
define(`bootloader_transition_depend',`
-type bootloader_t;
-class file { getattr read execute };
-class process { transition noatsecure siginh rlimitinh sigchld };
-class fd use;
-class fifo_file rw_file_perms;
+ type bootloader_t;
+
+ class file { getattr read execute };
+ class process { transition noatsecure siginh rlimitinh sigchld };
+ class fd use;
+ class fifo_file rw_file_perms;
')
########################################
@@ -52,15 +55,17 @@ class fifo_file rw_file_perms;
## </interface>
#
define(`bootloader_transition_add_role_use_terminal',`
-requires_block_template(`$0'_depend)
-bootloader_transition($1)
-role $2 types bootloader_t;
-allow bootloader_t $3:chr_file { getattr read write ioctl };
+ requires_block_template(`$0'_depend)
+
+ bootloader_transition($1)
+
+ role $2 types bootloader_t;
+ allow bootloader_t $3:chr_file { getattr read write ioctl };
')
define(`bootloader_transition_add_role_use_terminal_depend',`
-type bootloader_t;
-class chr_file { getattr read write ioctl };
+ type bootloader_t;
+ class chr_file { getattr read write ioctl };
')
########################################
@@ -68,13 +73,15 @@ class chr_file { getattr read write ioctl };
# bootloader_search_bootloader_data_directory(domain)
#
define(`bootloader_search_bootloader_data_directory',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir search;
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir search;
')
define(`bootloader_search_bootloader_data_directory_depend',`
-type boot_t;
-class dir search;
+ type boot_t;
+
+ class dir search;
')
########################################
@@ -82,13 +89,15 @@ class dir search;
# bootloader_ignore_search_bootloader_data_directory(domain)
#
define(`bootloader_ignore_search_bootloader_data_directory',`
-requires_block_template(`$0'_depend)
-dontaudit $1 boot_t:dir search;
+ requires_block_template(`$0'_depend)
+
+ dontaudit $1 boot_t:dir search;
')
define(`bootloader_ignore_search_bootloader_data_directory_depend',`
-type boot_t;
-class dir search;
+ type boot_t;
+
+ class dir search;
')
########################################
@@ -96,14 +105,16 @@ class dir search;
# bootloader_modify_bootloader_data_directory_symbolic_links(domain)
#
define(`bootloader_modify_bootloader_data_directory_symbolic_links',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read };
-allow $1 boot_t:lnk_file { getattr read write };
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read };
+ allow $1 boot_t:lnk_file { getattr read write };
')
define(`bootloader_modify_bootloader_data_directory_symbolic_links_depend',`
-type boot_t;
-class dir { getattr search read };
+ type boot_t;
+
+ class dir { getattr search read };
')
########################################
@@ -111,17 +122,19 @@ class dir { getattr search read };
# bootloader_install_kernel(domain)
#
define(`bootloader_install_kernel',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read write add_name };
-allow $1 boot_t:file { getattr read write create };
-allow $1 boot_t:lnk_file { getattr read create unlink };
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read write add_name };
+ allow $1 boot_t:file { getattr read write create };
+ allow $1 boot_t:lnk_file { getattr read create unlink };
')
define(`bootloader_install_kernel_depend',`
-type boot_t;
-class dir { getattr search read write add_name };
-class file { getattr read write create };
-class lnk_file { getattr read create unlink };
+ type boot_t;
+
+ class dir { getattr search read write add_name };
+ class file { getattr read write create };
+ class lnk_file { getattr read create unlink };
')
########################################
@@ -129,17 +142,19 @@ class lnk_file { getattr read create unlink };
# bootloader_install_initrd(domain)
#
define(`bootloader_install_initrd',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read write add_name };
-allow $1 boot_t:file { getattr read write create };
-allow $1 boot_t:lnk_file { getattr read create unlink };
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read write add_name };
+ allow $1 boot_t:file { getattr read write create };
+ allow $1 boot_t:lnk_file { getattr read create unlink };
')
define(`bootloader_install_initrd_depend',`
-type boot_t;
-class dir { getattr search read write add_name };
-class file { getattr read write create };
-class lnk_file { getattr read create unlink };
+ type boot_t;
+
+ class dir { getattr search read write add_name };
+ class file { getattr read write create };
+ class lnk_file { getattr read create unlink };
')
########################################
@@ -147,15 +162,17 @@ class lnk_file { getattr read create unlink };
# bootloader_install_kernel_symbol_table(domain)
#
define(`bootloader_install_kernel_symbol_table',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read write add_name };
-allow $1 system_map_t:file { getattr read write create };
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read write add_name };
+ allow $1 system_map_t:file { getattr read write create };
')
define(`bootloader_install_kernel_symbol_table_depend',`
-type boot_t, system_map_t;
-class dir { getattr search read write add_name };
-class file { getattr read write create };
+ type boot_t, system_map_t;
+
+ class dir { getattr search read write add_name };
+ class file { getattr read write create };
')
########################################
@@ -163,15 +180,17 @@ class file { getattr read write create };
# bootloader_read_kernel_symbol_table(domain)
#
define(`bootloader_read_kernel_symbol_table',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read };
-allow $1 system_map_t:file { getattr read };
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read };
+ allow $1 system_map_t:file { getattr read };
')
define(`bootloader_read_kernel_symbol_table_depend',`
-type boot_t, system_map_t;
-class dir { getattr search read };
-class file { getattr read };
+ type boot_t, system_map_t;
+
+ class dir { getattr search read };
+ class file { getattr read };
')
########################################
@@ -179,15 +198,17 @@ class file { getattr read };
# bootloader_remove_kernel(domain)
#
define(`bootloader_remove_kernel',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read write remove_name };
-allow $1 boot_t:file { getattr unlink };
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read write remove_name };
+ allow $1 boot_t:file { getattr unlink };
')
define(`bootloader_remove_kernel_depend',`
-type boot_t;
-class dir { getattr search read write remove_name };
-class file { getattr unlink };
+ type boot_t;
+
+ class dir { getattr search read write remove_name };
+ class file { getattr unlink };
')
########################################
@@ -195,15 +216,17 @@ class file { getattr unlink };
# bootloader_remove_kernel_symbol_table(domain)
#
define(`bootloader_remove_kernel_symbol_table',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read write remove_name };
-allow $1 system_map_t:file { getattr unlink };
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read write remove_name };
+ allow $1 system_map_t:file { getattr unlink };
')
define(`bootloader_remove_kernel_symbol_table_depend',`
-type boot_t, system_map_t;
-class dir { getattr search read write remove_name };
-class file { getattr unlink };
+ type boot_t, system_map_t;
+
+ class dir { getattr search read write remove_name };
+ class file { getattr unlink };
')
########################################
@@ -211,13 +234,15 @@ class file { getattr unlink };
# bootloader_read_config(domain)
#
define(`bootloader_read_config',`
-requires_block_template(`$0'_depend)
-allow $1 bootloader_etc_t:file { getattr read };
+ requires_block_template(`$0'_depend)
+
+ allow $1 bootloader_etc_t:file { getattr read };
')
define(`bootloader_read_config_depend',`
-type bootloader_etc_t;
-class file { getattr read };
+ type bootloader_etc_t;
+
+ class file { getattr read };
')
########################################
@@ -225,13 +250,15 @@ class file { getattr read };
# bootloader_modify_config(domain)
#
define(`bootloader_modify_bootloader_config',`
-requires_block_template(`$0'_depend)
-allow $1 bootloader_etc_t:file { getattr read write append };
+ requires_block_template(`$0'_depend)
+
+ allow $1 bootloader_etc_t:file { getattr read write append };
')
define(`bootloader_modify_bootloader_config_depend',`
-type bootloader_etc_t;
-class file { getattr read write append };
+ type bootloader_etc_t;
+
+ class file { getattr read write append };
')
########################################
@@ -239,14 +266,16 @@ class file { getattr read write append };
# bootloader_modify_temporary_data(domain)
#
define(`bootloader_modify_temporary_data',`
-requires_block_template(`$0'_depend)
-# FIXME: read tmp_t
-allow $1 bootloader_tmp_t:file { getattr read write };
+ requires_block_template(`$0'_depend)
+
+ # FIXME: read tmp_t
+ allow $1 bootloader_tmp_t:file { getattr read write };
')
define(`bootloader_modify_temporary_data_depend',`
-type bootloader_tmp_t;
-class file { getattr read write setattr };
+ type bootloader_tmp_t;
+
+ class file { getattr read write setattr };
')
########################################
@@ -254,16 +283,18 @@ class file { getattr read write setattr };
# bootloader_create_runtime_data(domain)
#
define(`bootloader_create_runtime_data',`
-requires_block_template(`$0'_depend)
-allow $1 boot_t:dir { getattr search read write add_name remove_name };
-allow $1 boot_runtime_t:file { getattr create read write append unlink };
-type_transition $1 boot_t:file boot_runtime_t;
+ requires_block_template(`$0'_depend)
+
+ allow $1 boot_t:dir { getattr search read write add_name remove_name };
+ allow $1 boot_runtime_t:file { getattr create read write append unlink };
+ type_transition $1 boot_t:file boot_runtime_t;
')
define(`bootloader_create_runtime_data_depend',`
-type boot_t, boot_runtime_t;
-class dir { getattr search read write add_name remove_name };
-class file { getattr create read write append unlink };
+ type boot_t, boot_runtime_t;
+
+ class dir { getattr search read write add_name remove_name };
+ class file { getattr create read write append unlink };
')
########################################
@@ -271,13 +302,15 @@ class file { getattr create read write append unlink };
# bootloader_list_kernel_modules(domain)
#
define(`bootloader_list_kernel_modules',`
-requires_block_template(`$0'_depend)
-allow $1 modules_object_t:dir { getattr search read };
+ requires_block_template(`$0'_depend)
+
+ allow $1 modules_object_t:dir { getattr search read };
')
define(`bootloader_list_kernel_modules_depend',`
-type modules_object_t;
-class dir { getattr search read };
+ type modules_object_t;
+
+ class dir { getattr search read };
')
########################################
@@ -285,17 +318,19 @@ class dir { getattr search read };
# bootloader_read_kernel_modules(domain)
#
define(`bootloader_read_kernel_modules',`
-requires_block_template(`$0'_depend)
-allow $1 modules_object_t:dir { getattr search read };
-allow $1 modules_object_t:lnk_file { getattr read };
-allow $1 modules_object_t:file { getattr read lock };
+ requires_block_template(`$0'_depend)
+
+ allow $1 modules_object_t:dir { getattr search read };
+ allow $1 modules_object_t:lnk_file { getattr read };
+ allow $1 modules_object_t:file { getattr read lock };
')
define(`bootloader_read_kernel_modules_depend',`
-type modules_object_t;
-class dir { getattr search read };
-class lnk_file { getattr read };
-class file { getattr read lock };
+ type modules_object_t;
+
+ class dir { getattr search read };
+ class lnk_file { getattr read };
+ class file { getattr read lock };
')
########################################
@@ -303,17 +338,21 @@ class file { getattr read lock };
# bootloader_write_kernel_modules(domain)
#
define(`bootloader_write_kernel_modules',`
-requires_block_template(`$0'_depend)
-allow $1 modules_object_t:dir { getattr search read };
-allow $1 modules_object_t:file write;
-typeattribute $1 can_modify_kernel_modules;
+ requires_block_template(`$0'_depend)
+
+ allow $1 modules_object_t:dir { getattr search read };
+ allow $1 modules_object_t:file write;
+
+ typeattribute $1 can_modify_kernel_modules;
')
define(`bootloader_write_kernel_modules_depend',`
-attribute can_modify_kernel_modules;
-type modules_object_t;
-class dir { getattr search read };
-class file write;
+ attribute can_modify_kernel_modules;
+
+ type modules_object_t;
+
+ class dir { getattr search read };
+ class file write;
')
########################################
@@ -321,17 +360,21 @@ class file write;
# bootloader_manage_kernel_modules(domain)
#
define(`bootloader_manage_kernel_modules',`
-requires_block_template(`$0'_depend)
-allow $1 modules_object_t:file { getattr create read write setattr unlink };
-allow $1 modules_object_t:dir { getattr search read write add_name remove_name };
-typeattribute $1 can_modify_kernel_modules;
+ requires_block_template(`$0'_depend)
+
+ allow $1 modules_object_t:file { getattr create read write setattr unlink };
+ allow $1 modules_object_t:dir { getattr search read write add_name remove_name };
+
+ typeattribute $1 can_modify_kernel_modules;
')
define(`bootloader_manage_kernel_modules_depend',`
-attribute can_modify_kernel_modules;
-type modules_object_t;
-class file { getattr create read write setattr unlink };
-class dir { getattr search read write add_name remove_name };
+ attribute can_modify_kernel_modules;
+
+ type modules_object_t;
+
+ class file { getattr create read write setattr unlink };
+ class dir { getattr search read write add_name remove_name };
')
########################################
@@ -339,18 +382,22 @@ class dir { getattr search read write add_name remove_name };
# bootloader_create_private_module_dir_entry(domain,privatetype,[class(es)])
#
define(`bootloader_create_private_module_dir_entry',`
-requires_block_template(`$0'_depend)
-allow $1 modules_object_t:dir { getattr search read write add_name remove_name };
-ifelse(`$3',`',`
-type_transition $1 modules_object_t:file $2;
-',`
-type_transition $1 modules_object_t:$3 $2;
-') dnl end ifelse
+ requires_block_template(`$0'_depend)
+
+ allow $1 modules_object_t:dir { getattr search read write add_name remove_name };
+
+ # if a class is specified use it, else use file as default
+ ifelse(`$3',`',`
+ type_transition $1 modules_object_t:file $2;
+ ',`
+ type_transition $1 modules_object_t:$3 $2;
+ ')
')
define(`bootloader_create_private_module_dir_entry_depend',`
-type modules_object_t;
-class dir { getattr search read write add_name remove_name };
+ type modules_object_t;
+
+ class dir { getattr search read write add_name remove_name };
')
## </module>
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if b/refpolicy/policy/modules/kernel/corenetwork.if
index 9a58221..a681481 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if
+++ b/refpolicy/policy/modules/kernel/corenetwork.if
@@ -3,7 +3,7 @@
ifdef(`interface_pass',`',`
########################################
-## <interface name="corenetwork_network_tcp_on_general_interface">
+## <interface name="corenetwork_sendrecv_tcp_on_general_interface">
## <description>
## Send and receive TCP network traffic on the general interfaces.
## </description>
@@ -13,32 +13,16 @@ ifdef(`interface_pass',`',`
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`corenetwork_network_tcp_on_general_interface',`
-requires_block_template(`$0'_depend)
-allow $1 netif_t:netif { tcp_send tcp_recv };
-')
+define(`corenetwork_sendrecv_tcp_on_general_interface',`
+ requires_block_template(`$0'_depend)
-define(`corenetwork_network_tcp_on_general_interface_depend',`
-type netif_t;
-class netif { tcp_send tcp_recv };
+ allow $1 netif_t:netif { tcp_send tcp_recv };
')
-#######################################
-#
-# corenetwork_network_udp_on_general_interface(domain)
-#
-define(`corenetwork_network_udp_on_general_interface',`
-corenetwork_send_udp_on_general_interface($1)
-corenetwork_receive_udp_on_general_interface($1)
-')
+define(`corenetwork_sendrecv_tcp_on_general_interface_depend',`
+ type netif_t;
-#######################################
-#
-# corenetwork_network_raw_on_general_interface(domain)
-#
-define(`corenetwork_network_raw_on_general_interface',`
-corenetwork_send_raw_on_general_interface($1)
-corenetwork_receive_raw_on_general_interface($1)
+ class netif { tcp_send tcp_recv };
')
#######################################
@@ -46,13 +30,15 @@ corenetwork_receive_raw_on_general_interface($1)
# corenetwork_send_udp_on_general_interface(domain)
#
define(`corenetwork_send_udp_on_general_interface',`
-requires_block_template(`$0'_depend)
-allow $1 netif_t:netif udp_send;
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_t:netif udp_send;
')
define(`corenetwork_send_udp_on_general_interface_depend',`
-type netif_t;
-class netif udp_send;
+ type netif_t;
+
+ class netif udp_send;
')
#######################################
@@ -60,13 +46,24 @@ class netif udp_send;
# corenetwork_receive_udp_on_general_interface(domain)
#
define(`corenetwork_receive_udp_on_general_interface',`
-requires_block_template(`$0'_depend)
-allow $1 netif_t:netif udp_recv;
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_t:netif udp_recv;
')
define(`corenetwork_receive_udp_on_general_interface_depend',`
-type netif_t;
-class netif udp_recv;
+ type netif_t;
+
+ class netif udp_recv;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_udp_on_general_interface(domain)
+#
+define(`corenetwork_sendrecv_udp_on_general_interface',`
+ corenetwork_send_udp_on_general_interface($1)
+ corenetwork_receive_udp_on_general_interface($1)
')
#######################################
@@ -74,15 +71,17 @@ class netif udp_recv;
# corenetwork_send_raw_on_general_interface(domain)
#
define(`corenetwork_send_raw_on_general_interface',`
-requires_block_template(`$0'_depend)
-allow $1 netif_t:netif rawip_send;
-allow $1 self:capability net_raw;
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_t:netif rawip_send;
+ allow $1 self:capability net_raw;
')
define(`corenetwork_send_raw_on_general_interface_depend',`
-type netif_t;
-class netif rawip_send;
-class capability net_raw;
+ type netif_t;
+
+ class netif rawip_send;
+ class capability net_raw;
')
#######################################
@@ -90,45 +89,40 @@ class capability net_raw;
# corenetwork_receive_raw_on_general_interface(domain)
#
define(`corenetwork_receive_raw_on_general_interface',`
-requires_block_template(`$0'_depend)
-allow $1 netif_t:netif rawip_recv;
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_t:netif rawip_recv;
')
define(`corenetwork_receive_raw_on_general_interface_depend',`
-type netif_t;
-class netif rawip_recv;
+ type netif_t;
+
+ class netif rawip_recv;
')
#######################################
#
-# corenetwork_network_tcp_on_all_interfaces(domain)
+# corenetwork_sendrecv_raw_on_general_interface(domain)
#
-define(`corenetwork_network_tcp_on_all_interfaces',`
-requires_block_template(`$0'_depend)
-allow $1 netif_type:netif { tcp_send tcp_recv };
-')
-
-define(`corenetwork_network_tcp_on_all_interfaces_depend',`
-attribute netif_type;
-class netif { tcp_send tcp_recv };
+define(`corenetwork_sendrecv_raw_on_general_interface',`
+ corenetwork_send_raw_on_general_interface($1)
+ corenetwork_receive_raw_on_general_interface($1)
')
#######################################
#
-# corenetwork_network_udp_on_all_interfaces(domain)
+# corenetwork_sendrecv_tcp_on_all_interfaces(domain)
#
-define(`corenetwork_network_udp_on_all_interfaces',`
-corenetwork_send_udp_on_all_interfaces($1)
-corenetwork_receive_udp_on_all_interfaces($1)
+define(`corenetwork_sendrecv_tcp_on_all_interfaces',`
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_type:netif { tcp_send tcp_recv };
')
-#######################################
-#
-# corenetwork_network_raw_on_all_interfaces(domain)
-#
-define(`corenetwork_network_raw_on_all_interfaces',`
-corenetwork_send_raw_on_all_interfaces($1)
-corenetwork_receive_raw_on_all_interfaces($1)
+define(`corenetwork_sendrecv_tcp_on_all_interfaces_depend',`
+ attribute netif_type;
+
+ class netif { tcp_send tcp_recv };
')
#######################################
@@ -136,89 +130,99 @@ corenetwork_receive_raw_on_all_interfaces($1)
# corenetwork_send_udp_on_all_interfaces(domain)
#
define(`corenetwork_send_udp_on_all_interfaces',`
-requires_block_template(`$0'_depend)
-allow $1 netif_type:netif udp_send;
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_type:netif udp_send;
')
define(`corenetwork_send_udp_on_all_interfaces_depend',`
-attribute netif_type;
-class netif udp_send;
+ attribute netif_type;
+
+ class netif udp_send;
')
#######################################
#
-# corenetwork_send_raw_on_all_interfaces(domain)
+# corenetwork_receive_udp_on_all_interfaces(domain)
#
-define(`corenetwork_send_raw_on_all_interfaces',`
-requires_block_template(`$0'_depend)
-allow $1 netif_type:netif rawip_send;
-allow $1 self:capability net_raw;
+define(`corenetwork_receive_udp_on_all_interfaces',`
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_type:netif udp_recv;
')
-define(`corenetwork_send_raw_on_all_interfaces_depend',`
-attribute netif_type;
-class netif rawip_send;
-class capability net_raw;
+define(`corenetwork_receive_udp_on_all_interfaces_depend',`
+ attribute netif_type;
+
+ class netif udp_recv;
')
#######################################
#
-# corenetwork_receive_udp_on_all_interfaces(domain)
+# corenetwork_sendrecv_udp_on_all_interfaces(domain)
#
-define(`corenetwork_receive_udp_on_all_interfaces',`
-requires_block_template(`$0'_depend)
-allow $1 netif_type:netif udp_recv;
-')
-
-define(`corenetwork_receive_udp_on_all_interfaces_depend',`
-attribute netif_type;
-class netif udp_recv;
+define(`corenetwork_sendrecv_udp_on_all_interfaces',`
+ corenetwork_send_udp_on_all_interfaces($1)
+ corenetwork_receive_udp_on_all_interfaces($1)
')
#######################################
#
-# corenetwork_receive_raw_on_all_interfaces(domain)
+# corenetwork_send_raw_on_all_interfaces(domain)
#
-define(`corenetwork_receive_raw_on_all_interfaces',`
-requires_block_template(`$0'_depend)
-allow $1 netif_type:netif rawip_recv;
+define(`corenetwork_send_raw_on_all_interfaces',`
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_type:netif rawip_send;
+ allow $1 self:capability net_raw;
')
-define(`corenetwork_receive_raw_on_all_interfaces_depend',`
-attribute netif_type;
-class netif rawip_recv;
+define(`corenetwork_send_raw_on_all_interfaces_depend',`
+ attribute netif_type;
+
+ class netif rawip_send;
+ class capability net_raw;
')
#######################################
#
-# corenetwork_network_tcp_on_general_node(domain)
+# corenetwork_receive_raw_on_all_interfaces(domain)
#
-define(`corenetwork_network_tcp_on_general_node',`
-requires_block_template(`$0'_depend)
-allow $1 node_t:node { tcp_send tcp_recv };
+define(`corenetwork_receive_raw_on_all_interfaces',`
+ requires_block_template(`$0'_depend)
+
+ allow $1 netif_type:netif rawip_recv;
')
-define(`corenetwork_network_tcp_on_general_node_depend',`
-type node_t;
-class node { tcp_send tcp_recv };
+define(`corenetwork_receive_raw_on_all_interfaces_depend',`
+ attribute netif_type;
+
+ class netif rawip_recv;
')
#######################################
#
-# corenetwork_network_udp_on_general_node(domain)
+# corenetwork_sendrecv_raw_on_all_interfaces(domain)
#
-define(`corenetwork_network_udp_on_general_node',`
-corenetwork_send_udp_on_general_node($1,$2)
-corenetwork_receive_udp_on_general_node($1,$2)
+define(`corenetwork_sendrecv_raw_on_all_interfaces',`
+ corenetwork_send_raw_on_all_interfaces($1)
+ corenetwork_receive_raw_on_all_interfaces($1)
')
#######################################
#
-# corenetwork_network_raw_on_general_node(domain)
+# corenetwork_sendrecv_tcp_on_general_node(domain)
#
-define(`corenetwork_network_raw_on_general_node',`
-corenetwork_send_raw_on_general_node($1,$2)
-corenetwork_receive_raw_on_general_node($1,$2)
+define(`corenetwork_sendrecv_tcp_on_general_node',`
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_t:node { tcp_send tcp_recv };
+')
+
+define(`corenetwork_sendrecv_tcp_on_general_node_depend',`
+ type node_t;
+
+ class node { tcp_send tcp_recv };
')
#######################################
@@ -226,13 +230,15 @@ corenetwork_receive_raw_on_general_node($1,$2)
# corenetwork_send_udp_on_general_node(domain)
#
define(`corenetwork_send_udp_on_general_node',`
-requires_block_template(`$0'_depend)
-allow $1 node_t:node udp_send;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_t:node udp_send;
')
define(`corenetwork_send_udp_on_general_node_depend',`
-type node_t;
-class node udp_send;
+ type node_t;
+
+ class node udp_send;
')
#######################################
@@ -240,13 +246,24 @@ class node udp_send;
# corenetwork_receive_udp_on_general_node(domain)
#
define(`corenetwork_receive_udp_on_general_node',`
-requires_block_template(`$0'_depend)
-allow $1 node_t:node udp_recv;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_t:node udp_recv;
')
define(`corenetwork_receive_udp_on_general_node_depend',`
-type node_t;
-class node udp_recv;
+ type node_t;
+
+ class node udp_recv;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_udp_on_general_node(domain)
+#
+define(`corenetwork_sendrecv_udp_on_general_node',`
+ corenetwork_send_udp_on_general_node($1,$2)
+ corenetwork_receive_udp_on_general_node($1,$2)
')
#######################################
@@ -254,15 +271,17 @@ class node udp_recv;
# corenetwork_send_raw_on_general_node(domain)
#
define(`corenetwork_send_raw_on_general_node',`
-requires_block_template(`$0'_depend)
-allow $1 node_t:node rawip_send;
-allow $1 self:capability net_raw;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_t:node rawip_send;
+ allow $1 self:capability net_raw;
')
define(`corenetwork_send_raw_on_general_node_depend',`
-type node_t;
-class node rawip_send;
-class capability net_raw;
+ type node_t;
+
+ class node rawip_send;
+ class capability net_raw;
')
#######################################
@@ -270,13 +289,24 @@ class capability net_raw;
# corenetwork_receive_raw_on_general_node(domain)
#
define(`corenetwork_receive_raw_on_general_node',`
-requires_block_template(`$0'_depend)
-allow $1 node_t:node rawip_recv;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_t:node rawip_recv;
')
define(`corenetwork_receive_raw_on_general_node_depend',`
-type node_t;
-class node rawip_recv;
+ type node_t;
+
+ class node rawip_recv;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_raw_on_general_node(domain)
+#
+define(`corenetwork_sendrecv_raw_on_general_node',`
+ corenetwork_send_raw_on_general_node($1,$2)
+ corenetwork_receive_raw_on_general_node($1,$2)
')
#######################################
@@ -284,13 +314,15 @@ class node rawip_recv;
# corenetwork_bind_tcp_on_general_node(domain)
#
define(`corenetwork_bind_tcp_on_general_node',`
-requires_block_template(`$0'_depend)
-allow $1 node_t:tcp_socket node_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_t:tcp_socket node_bind;
')
define(`corenetwork_bind_udp_on_general_node_depend',`
-type node_t;
-class tcp_socket node_bind;
+ type node_t;
+
+ class tcp_socket node_bind;
')
#######################################
@@ -298,45 +330,31 @@ class tcp_socket node_bind;
# corenetwork_bind_udp_on_general_node(domain)
#
define(`corenetwork_bind_udp_on_general_node',`
-requires_block_template(`$0'_depend)
-allow $1 node_t:udp_socket node_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_t:udp_socket node_bind;
')
define(`corenetwork_bind_udp_on_general_node_depend',`
-type node_t;
-class udp_socket node_bind;
+ type node_t;
+
+ class udp_socket node_bind;
')
#######################################
#
-# corenetwork_network_tcp_on_all_nodes(domain)
+# corenetwork_sendrecv_tcp_on_all_nodes(domain)
#
-define(`corenetwork_network_tcp_on_all_nodes',`
-requires_block_template(`$0'_depend)
-allow $1 node_type:node { tcp_send tcp_recv };
-')
+define(`corenetwork_sendrecv_tcp_on_all_nodes',`
+ requires_block_template(`$0'_depend)
-define(`corenetwork_network_tcp_on_all_nodes_depend',`
-attribute node_type;
-class node { tcp_send tcp_recv };
+ allow $1 node_type:node { tcp_send tcp_recv };
')
-#######################################
-#
-# corenetwork_network_udp_on_all_nodes(domain)
-#
-define(`corenetwork_network_udp_on_all_nodes',`
-corenetwork_send_udp_on_all_nodes($1)
-corenetwork_receive_udp_on_all_nodes($1)
-')
+define(`corenetwork_sendrecv_tcp_on_all_nodes_depend',`
+ attribute node_type;
-#######################################
-#
-# corenetwork_network_raw_on_all_nodes(domain)
-#
-define(`corenetwork_network_raw_on_all_nodes',`
-corenetwork_send_raw_on_all_nodes($1,optional)
-corenetwork_receive_raw_on_all_nodes($1,optional)
+ class node { tcp_send tcp_recv };
')
#######################################
@@ -344,13 +362,15 @@ corenetwork_receive_raw_on_all_nodes($1,optional)
# corenetwork_send_udp_on_all_nodes(domain)
#
define(`corenetwork_send_udp_on_all_nodes',`
-requires_block_template(`$0'_depend)
-allow $1 node_type:node udp_send;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_type:node udp_send;
')
define(`corenetwork_send_udp_on_all_nodes_depend',`
-attribute node_type;
-class node udp_send;
+ attribute node_type;
+
+ class node udp_send;
')
#######################################
@@ -358,13 +378,24 @@ class node udp_send;
# corenetwork_receive_udp_on_all_nodes(domain)
#
define(`corenetwork_receive_udp_on_all_nodes',`
-requires_block_template(`$0'_depend)
-allow $1 node_type:node udp_recv;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_type:node udp_recv;
')
define(`corenetwork_receive_udp_on_all_nodes_depend',`
-attribute node_type;
-class node udp_recv;
+ attribute node_type;
+
+ class node udp_recv;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_udp_on_all_nodes(domain)
+#
+define(`corenetwork_sendrecv_udp_on_all_nodes',`
+ corenetwork_send_udp_on_all_nodes($1)
+ corenetwork_receive_udp_on_all_nodes($1)
')
#######################################
@@ -372,15 +403,17 @@ class node udp_recv;
# corenetwork_send_raw_on_all_nodes(domain)
#
define(`corenetwork_send_raw_on_all_nodes',`
-requires_block_template(`$0'_depend)
-allow $1 node_type:node rawip_send;
-allow $1 self:capability net_raw;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_type:node rawip_send;
+ allow $1 self:capability net_raw;
')
define(`corenetwork_send_raw_on_all_nodes_depend',`
-attribute node_type;
-class node rawip_send;
-class capability net_raw;
+ attribute node_type;
+
+ class node rawip_send;
+ class capability net_raw;
')
#######################################
@@ -388,13 +421,24 @@ class capability net_raw;
# corenetwork_receive_raw_on_all_nodes(domain)
#
define(`corenetwork_receive_raw_on_all_nodes',`
-requires_block_template(`$0'_depend)
-allow $1 node_type:node rawip_recv;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_type:node rawip_recv;
')
define(`corenetwork_receive_raw_on_all_nodes_depend',`
-attribute node_type;
-class node rawip_recv;
+ attribute node_type;
+
+ class node rawip_recv;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_raw_on_all_nodes(domain)
+#
+define(`corenetwork_sendrecv_raw_on_all_nodes',`
+ corenetwork_send_raw_on_all_nodes($1)
+ corenetwork_receive_raw_on_all_nodes($1)
')
#######################################
@@ -402,13 +446,15 @@ class node rawip_recv;
# corenetwork_bind_tcp_on_all_nodes(domain)
#
define(`corenetwork_bind_tcp_on_all_nodes',`
-requires_block_template(`$0'_depend)
-allow $1 node_type:tcp_socket node_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_type:tcp_socket node_bind;
')
define(`corenetwork_bind_tcp_on_all_nodes_depend',`
-attribute node_type;
-class tcp_socket node_bind;
+ attribute node_type;
+
+ class tcp_socket node_bind;
')
#######################################
@@ -416,36 +462,31 @@ class tcp_socket node_bind;
# corenetwork_bind_udp_on_all_nodes(domain)
#
define(`corenetwork_bind_udp_on_all_nodes',`
-requires_block_template(`$0'_depend)
-allow $1 node_type:udp_socket node_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 node_type:udp_socket node_bind;
')
define(`corenetwork_bind_udp_on_all_nodes_depend',`
-attribute node_type;
-class udp_socket node_bind;
+ attribute node_type;
+
+ class udp_socket node_bind;
')
#######################################
#
-# corenetwork_network_tcp_on_general_port(domain)
+# corenetwork_sendrecv_tcp_on_general_port(domain)
#
-define(`corenetwork_network_tcp_on_general_port',`
-requires_block_template(`$0'_depend)
-allow $1 port_t:tcp_socket { send_msg recv_msg };
-')
+define(`corenetwork_sendrecv_tcp_on_general_port',`
+ requires_block_template(`$0'_depend)
-define(`corenetwork_network_tcp_on_general_port_depend',`
-type port_t;
-class tcp_socket { send_msg recv_msg };
+ allow $1 port_t:tcp_socket { send_msg recv_msg };
')
-#######################################
-#
-# corenetwork_network_udp_on_general_port(domain)
-#
-define(`corenetwork_network_udp_on_general_port',`
-corenetwork_send_udp_on_general_port($1)
-corenetwork_receive_udp_on_general_port($1)
+define(`corenetwork_sendrecv_tcp_on_general_port_depend',`
+ type port_t;
+
+ class tcp_socket { send_msg recv_msg };
')
#######################################
@@ -453,13 +494,15 @@ corenetwork_receive_udp_on_general_port($1)
# corenetwork_send_udp_on_general_port(domain)
#
define(`corenetwork_send_udp_on_general_port',`
-requires_block_template(`$0'_depend)
-allow $1 port_t:udp_socket send_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_t:udp_socket send_msg;
')
define(`corenetwork_send_udp_on_general_port_depend',`
-type port_t;
-class udp_socket send_msg;
+ type port_t;
+
+ class udp_socket send_msg;
')
#######################################
@@ -467,13 +510,24 @@ class udp_socket send_msg;
# corenetwork_receive_udp_on_general_port(domain)
#
define(`corenetwork_receive_udp_on_general_port',`
-requires_block_template(`$0'_depend)
-allow $1 port_t:udp_socket recv_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_t:udp_socket recv_msg;
')
define(`corenetwork_receive_udp_on_general_port_depend',`
-type port_t;
-class udp_socket recv_msg;
+ type port_t;
+
+ class udp_socket recv_msg;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_udp_on_general_port(domain)
+#
+define(`corenetwork_sendrecv_udp_on_general_port',`
+ corenetwork_send_udp_on_general_port($1)
+ corenetwork_receive_udp_on_general_port($1)
')
#######################################
@@ -481,13 +535,15 @@ class udp_socket recv_msg;
# corenetwork_bind_tcp_on_general_port(domain)
#
define(`corenetwork_bind_tcp_on_general_port',`
-requires_block_template(`$0'_depend)
-allow $1 port_t:tcp_socket name_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_t:tcp_socket name_bind;
')
define(`corenetwork_bind_udp_on_general_port_depend',`
-type port_t;
-class tcp_socket name_bind;
+ type port_t;
+
+ class tcp_socket name_bind;
')
#######################################
@@ -495,36 +551,31 @@ class tcp_socket name_bind;
# corenetwork_bind_udp_on_general_port(domain)
#
define(`corenetwork_bind_udp_on_general_port',`
-requires_block_template(`$0'_depend)
-allow $1 port_t:udp_socket name_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_t:udp_socket name_bind;
')
define(`corenetwork_bind_udp_on_general_port_depend',`
-type port_t;
-class udp_socket name_bind;
+ type port_t;
+
+ class udp_socket name_bind;
')
#######################################
#
-# corenetwork_network_tcp_on_all_ports(domain)
+# corenetwork_sendrecv_tcp_on_all_ports(domain)
#
-define(`corenetwork_network_tcp_on_all_ports',`
-requires_block_template(`$0'_depend)
-allow $1 port_type:tcp_socket { send_msg recv_msg };
-')
+define(`corenetwork_sendrecv_tcp_on_all_ports',`
+ requires_block_template(`$0'_depend)
-define(`corenetwork_network_tcp_on_all_ports_depend',`
-attribute port_type;
-class tcp_socket { send_msg recv_msg };
+ allow $1 port_type:tcp_socket { send_msg recv_msg };
')
-#######################################
-#
-# corenetwork_network_udp_on_all_ports(domain)
-#
-define(`corenetwork_network_udp_on_all_ports',`
-corenetwork_send_udp_on_all_ports($1)
-corenetwork_receive_udp_on_all_ports($1)
+define(`corenetwork_sendrecv_tcp_on_all_ports_depend',`
+ attribute port_type;
+
+ class tcp_socket { send_msg recv_msg };
')
#######################################
@@ -532,13 +583,15 @@ corenetwork_receive_udp_on_all_ports($1)
# corenetwork_send_udp_on_all_ports(domain)
#
define(`corenetwork_send_udp_on_all_ports',`
-requires_block_template(`$0'_depend)
-allow $1 port_type:udp_socket send_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_type:udp_socket send_msg;
')
define(`corenetwork_send_udp_on_all_ports_depend',`
-attribute port_type;
-class udp_socket send_msg;
+ attribute port_type;
+
+ class udp_socket send_msg;
')
#######################################
@@ -546,13 +599,24 @@ class udp_socket send_msg;
# corenetwork_receive_udp_on_all_ports(domain)
#
define(`corenetwork_receive_udp_on_all_ports',`
-requires_block_template(`$0'_depend)
-allow $1 port_type:udp_socket recv_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_type:udp_socket recv_msg;
')
define(`corenetwork_receive_udp_on_all_ports_depend',`
-attribute port_type;
-class udp_socket recv_msg;
+ attribute port_type;
+
+ class udp_socket recv_msg;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_udp_on_all_ports(domain)
+#
+define(`corenetwork_sendrecv_udp_on_all_ports',`
+ corenetwork_send_udp_on_all_ports($1)
+ corenetwork_receive_udp_on_all_ports($1)
')
#######################################
@@ -560,13 +624,15 @@ class udp_socket recv_msg;
# corenetwork_bind_tcp_on_all_ports(domain,[`optional'])
#
define(`corenetwork_bind_tcp_on_all_ports',`
-requires_block_template(`$0'_depend)
-allow $1 port_type:tcp_socket name_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_type:tcp_socket name_bind;
')
define(`corenetwork_bind_tcp_on_all_ports_depend',`
-attribute port_type;
-class tcp_socket name_bind;
+ attribute port_type;
+
+ class tcp_socket name_bind;
')
#######################################
@@ -574,36 +640,31 @@ class tcp_socket name_bind;
# corenetwork_bind_udp_on_all_ports(domain)
#
define(`corenetwork_bind_udp_on_all_ports',`
-requires_block_template(`$0'_depend)
-allow $1 port_type:udp_socket name_bind;
+ requires_block_template(`$0'_depend)
+
+ allow $1 port_type:udp_socket name_bind;
')
define(`corenetwork_bind_udp_on_all_ports_depend',`
-attribute port_type;
-class udp_socket name_bind;
+ attribute port_type;
+
+ class udp_socket name_bind;
')
#######################################
#
-# corenetwork_network_tcp_on_reserved_port(domain)
+# corenetwork_sendrecv_tcp_on_reserved_port(domain)
#
-define(`corenetwork_network_tcp_on_reserved_port',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
-')
+define(`corenetwork_sendrecv_tcp_on_reserved_port',`
+ requires_block_template(`$0'_depend)
-define(`corenetwork_network_tcp_on_reserved_port_depend',`
-type reserved_port_t;
-class tcp_socket { send_msg recv_msg };
+ allow $1 reserved_port_t:tcp_socket { send_msg recv_msg };
')
-#######################################
-#
-# corenetwork_network_udp_on_reserved_port(domain)
-#
-define(`corenetwork_network_udp_on_reserved_port',`
-corenetwork_send_udp_on_reserved_port($1,$2)
-corenetwork_receive_udp_on_reserved_port($1,$2)
+define(`corenetwork_sendrecv_tcp_on_reserved_port_depend',`
+ type reserved_port_t;
+
+ class tcp_socket { send_msg recv_msg };
')
#######################################
@@ -611,13 +672,15 @@ corenetwork_receive_udp_on_reserved_port($1,$2)
# corenetwork_send_udp_on_reserved_port(domain)
#
define(`corenetwork_send_udp_on_reserved_port',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_t:udp_socket send_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_t:udp_socket send_msg;
')
define(`corenetwork_send_udp_on_reserved_port_depend',`
-type reserved_port_t;
-class udp_socket send_msg;
+ type reserved_port_t;
+
+ class udp_socket send_msg;
')
#######################################
@@ -625,13 +688,24 @@ class udp_socket send_msg;
# corenetwork_receive_udp_on_reserved_port(domain)
#
define(`corenetwork_receive_udp_on_reserved_port',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_t:udp_socket recv_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_t:udp_socket recv_msg;
')
define(`corenetwork_receive_udp_on_reserved_port_depend',`
-type reserved_port_t;
-class udp_socket recv_msg;
+ type reserved_port_t;
+
+ class udp_socket recv_msg;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_udp_on_reserved_port(domain)
+#
+define(`corenetwork_sendrecv_udp_on_reserved_port',`
+ corenetwork_send_udp_on_reserved_port($1)
+ corenetwork_receive_udp_on_reserved_port($1)
')
#######################################
@@ -639,15 +713,17 @@ class udp_socket recv_msg;
# corenetwork_bind_tcp_on_reserved_port(domain)
#
define(`corenetwork_bind_tcp_on_reserved_port',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_t:tcp_socket name_bind;
-allow $1 self:capability net_bind_service;
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_t:tcp_socket name_bind;
+ allow $1 self:capability net_bind_service;
')
define(`corenetwork_bind_udp_on_reserved_port_depend',`
-type reserved_port_t;
-class tcp_socket name_bind;
-class capability net_bind_service;
+ type reserved_port_t;
+
+ class tcp_socket name_bind;
+ class capability net_bind_service;
')
#######################################
@@ -655,38 +731,33 @@ class capability net_bind_service;
# corenetwork_bind_udp_on_reserved_port(domain)
#
define(`corenetwork_bind_udp_on_reserved_port',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_t:udp_socket name_bind;
-allow $1 self:capability net_bind_service;
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_t:udp_socket name_bind;
+ allow $1 self:capability net_bind_service;
')
define(`corenetwork_bind_udp_on_reserved_port_depend',`
-type reserved_port_t;
-class udp_socket name_bind;
-class capability net_bind_service;
+ type reserved_port_t;
+
+ class udp_socket name_bind;
+ class capability net_bind_service;
')
#######################################
#
-# corenetwork_network_tcp_on_all_reserved_ports(domain)
+# corenetwork_sendrecv_tcp_on_all_reserved_ports(domain)
#
-define(`corenetwork_network_tcp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
-')
+define(`corenetwork_sendrecv_tcp_on_all_reserved_ports',`
+ requires_block_template(`$0'_depend)
-define(`corenetwork_network_tcp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class tcp_socket { send_msg recv_msg };
+ allow $1 reserved_port_type:tcp_socket { send_msg recv_msg };
')
-#######################################
-#
-# corenetwork_network_udp_on_all_reserved_ports(domain)
-#
-define(`corenetwork_network_udp_on_all_reserved_ports',`
-corenetwork_send_udp_on_all_reserved_ports($1,optional)
-corenetwork_receive_udp_on_all_reserved_ports($1,optional)
+define(`corenetwork_sendrecv_tcp_on_all_reserved_ports_depend',`
+ attribute reserved_port_type;
+
+ class tcp_socket { send_msg recv_msg };
')
#######################################
@@ -694,13 +765,15 @@ corenetwork_receive_udp_on_all_reserved_ports($1,optional)
# corenetwork_send_udp_on_all_reserved_ports(domain)
#
define(`corenetwork_send_udp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_type:udp_socket send_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_type:udp_socket send_msg;
')
define(`corenetwork_send_udp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class udp_socket send_msg;
+ attribute reserved_port_type;
+
+ class udp_socket send_msg;
')
#######################################
@@ -708,13 +781,24 @@ class udp_socket send_msg;
# corenetwork_receive_udp_on_all_reserved_ports(domain)
#
define(`corenetwork_receive_udp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_type:udp_socket recv_msg;
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_type:udp_socket recv_msg;
')
define(`corenetwork_receive_udp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class udp_socket recv_msg;
+ attribute reserved_port_type;
+
+ class udp_socket recv_msg;
+')
+
+#######################################
+#
+# corenetwork_sendrecv_udp_on_all_reserved_ports(domain)
+#
+define(`corenetwork_sendrecv_udp_on_all_reserved_ports',`
+ corenetwork_send_udp_on_all_reserved_ports($1)
+ corenetwork_receive_udp_on_all_reserved_ports($1)
')
#######################################
@@ -722,15 +806,17 @@ class udp_socket recv_msg;
# corenetwork_bind_tcp_on_all_reserved_ports(domain)
#
define(`corenetwork_bind_tcp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_type:tcp_socket name_bind;
-allow $1 self:capability net_bind_service;
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_type:tcp_socket name_bind;
+ allow $1 self:capability net_bind_service;
')
define(`corenetwork_bind_tcp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class tcp_socket name_bind;
-class capability net_bind_service;
+ attribute reserved_port_type;
+
+ class tcp_socket name_bind;
+ class capability net_bind_service;
')
#######################################
@@ -738,43 +824,49 @@ class capability net_bind_service;
# corenetwork_ignore_bind_tcp_on_all_reserved_ports(domain)
#
define(`corenetwork_ignore_bind_tcp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-dontaudit $1 reserved_port_type:tcp_socket name_bind;
+ requires_block_template(`$0'_depend)
+
+ dontaudit $1 reserved_port_type:tcp_socket name_bind;
')
define(`corenetwork_ignore_bind_tcp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class tcp_socket name_bind;
+ attribute reserved_port_type;
+
+ class tcp_socket name_bind;
')
#######################################
#
-# corenetwork_bind_udp_on_all_reserved_ports(domain)
+# corenetwork_ignore_bind_tcp_on_all_reserved_ports(domain)
#
-define(`corenetwork_bind_udp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-allow $1 reserved_port_type:udp_socket name_bind;
-allow $1 self:capability net_bind_service;
+define(`corenetwork_ignore_bind_tcp_on_all_reserved_ports',`
+ requires_block_template(`$0'_depend)
+
+ dontaudit $1 reserved_port_type:tcp_socket name_bind;
')
-define(`corenetwork_bind_udp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class udp_socket name_bind;
-class self:capability net_bind_service;
+define(`corenetwork_ignore_bind_udp_on_all_reserved_ports_depend',`
+ attribute reserved_port_type;
+
+ class tcp_socket name_bind;
')
#######################################
#
-# corenetwork_ignore_bind_tcp_on_all_reserved_ports(domain)
+# corenetwork_bind_udp_on_all_reserved_ports(domain)
#
-define(`corenetwork_ignore_bind_tcp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-dontaudit $1 reserved_port_type:tcp_socket name_bind;
+define(`corenetwork_bind_udp_on_all_reserved_ports',`
+ requires_block_template(`$0'_depend)
+
+ allow $1 reserved_port_type:udp_socket name_bind;
+ allow $1 self:capability net_bind_service;
')
-define(`corenetwork_ignore_bind_udp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class tcp_socket name_bind;
+define(`corenetwork_bind_udp_on_all_reserved_ports_depend',`
+ attribute reserved_port_type;
+
+ class udp_socket name_bind;
+ class self:capability net_bind_service;
')
#######################################
@@ -782,13 +874,15 @@ class tcp_socket name_bind;
# corenetwork_ignore_bind_udp_on_all_reserved_ports(domain)
#
define(`corenetwork_ignore_bind_udp_on_all_reserved_ports',`
-requires_block_template(`$0'_depend)
-dontaudit $1 reserved_port_type:udp_socket name_bind;
+ requires_block_template(`$0'_depend)
+
+ dontaudit $1 reserved_port_type:udp_socket name_bind;
')
define(`corenetwork_ignore_bind_udp_on_all_reserved_ports_depend',`
-attribute reserved_port_type;
-class udp_socket name_bind;
+ attribute reserved_port_type;
+
+ class udp_socket name_bind;
')
') dnl end if not interface_pass
@@ -805,9 +899,8 @@ class udp_socket name_bind;
########################################
define(`create_netif_interfaces',``
-
########################################
-## <interface name="corenetwork_network_tcp_on_$1_interface">
+## <interface name="corenetwork_sendrecv_tcp_on_$1_interface">
## <description>
## Send and receive TCP network traffic on the $1 interface.
## </description>
@@ -817,46 +910,16 @@ define(`create_netif_interfaces',``
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`corenetwork_network_tcp_on_$1_interface',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_netif_t:netif { tcp_send tcp_recv };
-')
+define(`corenetwork_sendrecv_tcp_on_$1_interface',`
+ requires_block_template(`dollarszero'_depend)
-define(`corenetwork_network_tcp_on_$1_interface_depend',`
-type $1_netif_t;
-class netif { tcp_send tcp_recv };
+ allow dollarsone $1_netif_t:netif { tcp_send tcp_recv };
')
-########################################
-## <interface name="corenetwork_network_udp_on_$1_interface">
-## <description>
-## Send and receive UDP network traffic on the $1 interface.
-## </description>
-## <parameter name="domain">
-## The type of the process performing this action.
-## </parameter>
-## <infoflow type="both" weight="10"/>
-## </interface>
-#
-define(`corenetwork_network_udp_on_$1_interface',`
-corenetwork_send_udp_on_$1_interface(dollarsone,dollarstwo)
-corenetwork_receive_udp_on_$1_interface(dollarsone,dollarstwo)
-')
+define(`corenetwork_sendrecv_tcp_on_$1_interface_depend',`
+ type $1_netif_t;
-########################################
-## <interface name="corenetwork_network_raw_on_$1_interface">
-## <description>
-## Send and receive raw IP packets on the $1 interface.
-## </description>
-## <parameter name="domain">
-## The type of the process performing this action.
-## </parameter>
-## <infoflow type="both" weight="10"/>
-## </interface>
-#
-define(`corenetwork_network_raw_on_$1_interface',`
-corenetwork_send_raw_on_$1_interface(dollarsone,dollarstwo)
-corenetwork_receive_raw_on_$1_interface(dollarsone,dollarstwo)
+ class netif { tcp_send tcp_recv };
')
########################################
@@ -871,13 +934,15 @@ corenetwork_receive_raw_on_$1_interface(dollarsone,dollarstwo)
## </interface>
#
define(`corenetwork_send_udp_on_$1_interface',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_netif_t:netif udp_send;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_netif_t:netif udp_send;
')
define(`corenetwork_send_udp_on_$1_interface_depend',`
-type $1_netif_t;
-class netif udp_send;
+ type $1_netif_t;
+
+ class netif udp_send;
')
########################################
@@ -892,13 +957,31 @@ class netif udp_send;
## </interface>
#
define(`corenetwork_receive_udp_on_$1_interface',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_netif_t:netif udp_recv;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_netif_t:netif udp_recv;
')
define(`corenetwork_receive_udp_on_$1_interface_depend',`
-type $1_netif_t;
-class netif udp_recv;
+ type $1_netif_t;
+
+ class netif udp_recv;
+')
+
+########################################
+## <interface name="corenetwork_sendrecv_udp_on_$1_interface">
+## <description>
+## Send and receive UDP network traffic on the $1 interface.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="both" weight="10"/>
+## </interface>
+#
+define(`corenetwork_sendrecv_udp_on_$1_interface',`
+ corenetwork_send_udp_on_$1_interface(dollarsone)
+ corenetwork_receive_udp_on_$1_interface(dollarsone)
')
########################################
@@ -913,15 +996,17 @@ class netif udp_recv;
## </interface>
#
define(`corenetwork_send_raw_on_$1_interface',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_netif_t:netif rawip_send;
-allow dollarsone self:capability net_raw;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_netif_t:netif rawip_send;
+ allow dollarsone self:capability net_raw;
')
define(`corenetwork_send_raw_on_$1_interface_depend',`
-type $1_netif_t;
-class netif rawip_send;
-class capability net_raw;
+ type $1_netif_t;
+
+ class netif rawip_send;
+ class capability net_raw;
')
########################################
@@ -936,27 +1021,21 @@ class capability net_raw;
## </interface>
#
define(`corenetwork_receive_raw_on_$1_interface',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_netif_t:netif rawip_recv;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_netif_t:netif rawip_recv;
')
define(`corenetwork_receive_raw_on_$1_interface_depend',`
-type $1_netif_t;
-class netif rawip_recv;
-')
-'') dnl end create_netif_interfaces
+ type $1_netif_t;
-########################################
-#
-# Network node generated macros
-#
-########################################
+ class netif rawip_recv;
+')
-define(`create_node_interfaces',``
########################################
-## <interface name="corenetwork_network_tcp_on_$1_node">
+## <interface name="corenetwork_sendrecv_raw_on_$1_interface">
## <description>
-## Send and receive TCP traffic on the $1 node.
+## Send and receive raw IP packets on the $1 interface.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
@@ -964,36 +1043,23 @@ define(`create_node_interfaces',``
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`corenetwork_network_tcp_on_$1_node',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_node_t:node { tcp_send tcp_recv };
-')
-
-define(`corenetwork_network_tcp_on_$1_node_depend',`
-type $1_node_t;
-class node { tcp_send tcp_recv };
+define(`corenetwork_sendrecv_raw_on_$1_interface',`
+ corenetwork_send_raw_on_$1_interface(dollarsone)
+ corenetwork_receive_raw_on_$1_interface(dollarsone)
')
+'') dnl end create_netif_interfaces
########################################
-## <interface name="corenetwork_network_udp_on_$1_node">
-## <description>
-## Send and receive UDP traffic on the $1 node.
-## </description>
-## <parameter name="domain">
-## The type of the process performing this action.
-## </parameter>
-## <infoflow type="both" weight="10"/>
-## </interface>
#
-define(`corenetwork_network_udp_on_$1_node',`
-corenetwork_send_udp_on_$1_node(dollarsone)
-corenetwork_receive_udp_on_$1_node(dollarsone)
-')
+# Network node generated macros
+#
+########################################
+define(`create_node_interfaces',``
########################################
-## <interface name="corenetwork_network_raw_on_$1_node">
+## <interface name="corenetwork_sendrecv_tcp_on_$1_node">
## <description>
-## Send and receive raw IP packets on the $1 node.
+## Send and receive TCP traffic on the $1 node.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
@@ -1001,15 +1067,22 @@ corenetwork_receive_udp_on_$1_node(dollarsone)
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`corenetwork_network_raw_on_$1_node',`
-corenetwork_send_raw_on_$1_node(dollarsone)
-corenetwork_receive_raw_on_$1_node(dollarsone)
+define(`corenetwork_sendrecv_tcp_on_$1_node',`
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_node_t:node { tcp_send tcp_recv };
+')
+
+define(`corenetwork_sendrecv_tcp_on_$1_node_depend',`
+ type $1_node_t;
+
+ class node { tcp_send tcp_recv };
')
########################################
## <interface name="corenetwork_send_udp_on_$1_node">
## <description>
-## Send and UDP traffic on the $1 node.
+## Send UDP traffic on the $1 node.
## </description>
## <parameter name="domain">
## The type of the process performing this action.
@@ -1018,13 +1091,15 @@ corenetwork_receive_raw_on_$1_node(dollarsone)
## </interface>
#
define(`corenetwork_send_udp_on_$1_node',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_node_t:node udp_send;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_node_t:node udp_send;
')
define(`corenetwork_send_udp_on_$1_node_depend',`
-type $1_node_t;
-class node udp_send;
+ type $1_node_t;
+
+ class node udp_send;
')
########################################
@@ -1039,13 +1114,31 @@ class node udp_send;
## </interface>
#
define(`corenetwork_receive_udp_on_$1_node',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_node_t:node udp_recv;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_node_t:node udp_recv;
')
define(`corenetwork_receive_udp_on_$1_node_depend',`
-type $1_node_t;
-class node udp_recv;
+ type $1_node_t;
+
+ class node udp_recv;
+')
+
+########################################
+## <interface name="corenetwork_sendrecv_udp_on_$1_node">
+## <description>
+## Send and receive UDP traffic on the $1 node.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="both" weight="10"/>
+## </interface>
+#
+define(`corenetwork_sendrecv_udp_on_$1_node',`
+ corenetwork_send_udp_on_$1_node(dollarsone)
+ corenetwork_receive_udp_on_$1_node(dollarsone)
')
########################################
@@ -1060,15 +1153,17 @@ class node udp_recv;
## </interface>
#
define(`corenetwork_send_raw_on_$1_node',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_node_t:node rawip_send;
-allow dollarsone self:capability net_raw;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_node_t:node rawip_send;
+ allow dollarsone self:capability net_raw;
')
define(`corenetwork_send_raw_on_$1_node_depend',`
-type $1_node_t;
-class node rawip_send;
-class capability net_raw;
+ type $1_node_t;
+
+ class node rawip_send;
+ class capability net_raw;
')
########################################
@@ -1083,13 +1178,31 @@ class capability net_raw;
## </interface>
#
define(`corenetwork_receive_raw_on_$1_node',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_node_t:node rawip_recv;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_node_t:node rawip_recv;
')
define(`corenetwork_receive_raw_on_$1_node_depend',`
-type $1_node_t;
-class node rawip_recv;
+ type $1_node_t;
+
+ class node rawip_recv;
+')
+
+########################################
+## <interface name="corenetwork_sendrecv_raw_on_$1_node">
+## <description>
+## Send and receive raw IP packets on the $1 node.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="both" weight="10"/>
+## </interface>
+#
+define(`corenetwork_sendrecv_raw_on_$1_node',`
+ corenetwork_send_raw_on_$1_node(dollarsone)
+ corenetwork_receive_raw_on_$1_node(dollarsone)
')
########################################
@@ -1104,13 +1217,15 @@ class node rawip_recv;
## </interface>
#
define(`corenetwork_bind_tcp_on_$1_node',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_node_t:tcp_socket node_bind;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_node_t:tcp_socket node_bind;
')
define(`corenetwork_bind_tcp_on_$1_node_depend',`
-type $1_node_t;
-class tcp_socket node_bind;
+ type $1_node_t;
+
+ class tcp_socket node_bind;
')
########################################
@@ -1125,13 +1240,15 @@ class tcp_socket node_bind;
## </interface>
#
define(`corenetwork_bind_udp_on_$1_node',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_node_t:udp_socket node_bind;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_node_t:udp_socket node_bind;
')
define(`corenetwork_bind_udp_on_$1_node_depend',`
-type $1_node_t;
-class udp_socket node_bind;
+ type $1_node_t;
+
+ class udp_socket node_bind;
')
'') dnl end create_node_interfaces
@@ -1143,7 +1260,7 @@ class udp_socket node_bind;
define(`create_port_interfaces',``
########################################
-## <interface name="corenetwork_network_tcp_on_$1_port">
+## <interface name="corenetwork_sendrecv_tcp_on_$1_port">
## <description>
## Send and receive TCP traffic on the $1 port.
## </description>
@@ -1153,30 +1270,16 @@ define(`create_port_interfaces',``
## <infoflow type="both" weight="10"/>
## </interface>
#
-define(`corenetwork_network_tcp_on_$1_port',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg };
-')
+define(`corenetwork_sendrecv_tcp_on_$1_port',`
+ requires_block_template(`dollarszero'_depend)
-define(`corenetwork_network_tcp_on_$1_port_depend',`
-type $1_port_t;
-class tcp_socket { send_msg recv_msg };
+ allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg };
')
-########################################
-## <interface name="corenetwork_network_udp_on_$1_port">
-## <description>
-## Send and receive UDP traffic on the $1 port.
-## </description>
-## <parameter name="domain">
-## The type of the process performing this action.
-## </parameter>
-## <infoflow type="both" weight="10"/>
-## </interface>
-#
-define(`corenetwork_network_udp_on_$1_port',`
-corenetwork_send_udp_on_$1_port(dollarsone,dollarstwo)
-corenetwork_receive_udp_on_$1_port(dollarsone,dollarstwo)
+define(`corenetwork_sendrecv_tcp_on_$1_port_depend',`
+ type $1_port_t;
+
+ class tcp_socket { send_msg recv_msg };
')
########################################
@@ -1191,13 +1294,15 @@ corenetwork_receive_udp_on_$1_port(dollarsone,dollarstwo)
## </interface>
#
define(`corenetwork_send_udp_on_$1_port',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_port_t:udp_socket send_msg;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_port_t:udp_socket send_msg;
')
define(`corenetwork_send_udp_on_$1_port_depend',`
-type $1_port_t;
-class udp_socket send_msg;
+ type $1_port_t;
+
+ class udp_socket send_msg;
')
########################################
@@ -1212,13 +1317,31 @@ class udp_socket send_msg;
## </interface>
#
define(`corenetwork_receive_udp_on_$1_port',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_port_t:udp recv_msg;
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_port_t:udp recv_msg;
')
define(`corenetwork_receive_udp_on_$1_port_depend',`
-type $1_port_t;
-class udp_socket recv_msg;
+ type $1_port_t;
+
+ class udp_socket recv_msg;
+')
+
+########################################
+## <interface name="corenetwork_sendrecv_udp_on_$1_port">
+## <description>
+## Send and receive UDP traffic on the $1 port.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="both" weight="10"/>
+## </interface>
+#
+define(`corenetwork_sendrecv_udp_on_$1_port',`
+ corenetwork_send_udp_on_$1_port(dollarsone)
+ corenetwork_receive_udp_on_$1_port(dollarsone)
')
########################################
@@ -1233,15 +1356,16 @@ class udp_socket recv_msg;
## </interface>
#
define(`corenetwork_bind_tcp_on_$1_port',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_port_t:tcp_socket name_bind;
-$2
+ requires_block_template(`dollarszero'_depend)
+ allow dollarsone $1_port_t:tcp_socket name_bind;
+ $2
')
define(`corenetwork_bind_tcp_on_$1_port_depend',`
-type $1_port_t;
-class tcp_socket name_bind;
-$3
+ type $1_port_t;
+
+ class tcp_socket name_bind;
+ $3
')
########################################
@@ -1256,15 +1380,17 @@ $3
## </interface>
#
define(`corenetwork_bind_udp_on_$1_port',`
-requires_block_template(`dollarszero'_depend)
-allow dollarsone $1_port_t:udp_socket name_bind;
-$2
+ requires_block_template(`dollarszero'_depend)
+
+ allow dollarsone $1_port_t:udp_socket name_bind;
+ $2
')
define(`corenetwork_bind_udp_on_$1_port_depend',`
-type $1_port_t;
-class udp_socket name_bind;
-$3
+ type $1_port_t;
+
+ class udp_socket name_bind;
+ $3
')
'') dnl end create_port_interfaces
diff --git a/refpolicy/policy/modules/kernel/kernel.te b/refpolicy/policy/modules/kernel/kernel.te
index 915a4d9..37195a7 100644
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@@ -217,12 +217,12 @@ corecommands_execute_general_programs(kernel_t)
logging_send_system_log_message(kernel_t)
# Kernel-generated traffic, e.g. ICMP replies.
-corenetwork_network_raw_on_all_interfaces(kernel_t)
-corenetwork_network_raw_on_all_nodes(kernel_t)
+corenetwork_sendrecv_raw_on_all_interfaces(kernel_t)
+corenetwork_sendrecv_raw_on_all_nodes(kernel_t)
# Kernel-generated traffic, e.g. TCP resets.
-corenetwork_network_tcp_on_all_interfaces(kernel_t)
-corenetwork_network_tcp_on_all_nodes(kernel_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(kernel_t)
+corenetwork_sendrecv_tcp_on_all_nodes(kernel_t)
neverallow ~can_load_policy security_t:security load_policy;
neverallow ~can_setenforce security_t:security setenforce;
diff --git a/refpolicy/policy/modules/services/cron.if b/refpolicy/policy/modules/services/cron.if
index f5a9d04..37e17e5 100644
--- a/refpolicy/policy/modules/services/cron.if
+++ b/refpolicy/policy/modules/services/cron.if
@@ -57,14 +57,14 @@ kernel_read_kernel_sysctl($1_crond_t)
# ps does not need to access /boot when run from cron
bootloader_ignore_search_bootloader_data_directory($1_crond_t)
-corenetwork_network_tcp_on_all_interfaces($1_crond_t)
-corenetwork_network_raw_on_all_interfaces($1_crond_t)
-corenetwork_network_udp_on_all_interfaces($1_crond_t)
-corenetwork_network_tcp_on_all_nodes($1_crond_t)
-corenetwork_network_raw_on_all_nodes($1_crond_t)
-corenetwork_network_udp_on_all_nodes($1_crond_t)
-corenetwork_network_tcp_on_all_ports($1_crond_t)
-corenetwork_network_udp_on_all_ports($1_crond_t)
+corenetwork_sendrecv_tcp_on_all_interfaces($1_crond_t)
+corenetwork_sendrecv_raw_on_all_interfaces($1_crond_t)
+corenetwork_sendrecv_udp_on_all_interfaces($1_crond_t)
+corenetwork_sendrecv_tcp_on_all_nodes($1_crond_t)
+corenetwork_sendrecv_raw_on_all_nodes($1_crond_t)
+corenetwork_sendrecv_udp_on_all_nodes($1_crond_t)
+corenetwork_sendrecv_tcp_on_all_ports($1_crond_t)
+corenetwork_sendrecv_udp_on_all_ports($1_crond_t)
corenetwork_bind_tcp_on_all_nodes($1_crond_t)
corenetwork_bind_udp_on_all_nodes($1_crond_t)
diff --git a/refpolicy/policy/modules/services/cron.te b/refpolicy/policy/modules/services/cron.te
index 77ba948..206e35b 100644
--- a/refpolicy/policy/modules/services/cron.te
+++ b/refpolicy/policy/modules/services/cron.te
@@ -237,14 +237,14 @@ kernel_read_software_raid_state(system_crond_t)
# ps does not need to access /boot when run from cron
bootloader_ignore_search_bootloader_data_directory(system_crond_t)
-corenetwork_network_tcp_on_all_interfaces(system_crond_t)
-corenetwork_network_raw_on_all_interfaces(system_crond_t)
-corenetwork_network_udp_on_all_interfaces(system_crond_t)
-corenetwork_network_tcp_on_all_nodes(system_crond_t)
-corenetwork_network_raw_on_all_nodes(system_crond_t)
-corenetwork_network_udp_on_all_nodes(system_crond_t)
-corenetwork_network_tcp_on_all_ports(system_crond_t)
-corenetwork_network_udp_on_all_ports(system_crond_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(system_crond_t)
+corenetwork_sendrecv_raw_on_all_interfaces(system_crond_t)
+corenetwork_sendrecv_udp_on_all_interfaces(system_crond_t)
+corenetwork_sendrecv_tcp_on_all_nodes(system_crond_t)
+corenetwork_sendrecv_raw_on_all_nodes(system_crond_t)
+corenetwork_sendrecv_udp_on_all_nodes(system_crond_t)
+corenetwork_sendrecv_tcp_on_all_ports(system_crond_t)
+corenetwork_sendrecv_udp_on_all_ports(system_crond_t)
corenetwork_bind_tcp_on_all_nodes(system_crond_t)
corenetwork_bind_udp_on_all_nodes(system_crond_t)
diff --git a/refpolicy/policy/modules/services/mta.if b/refpolicy/policy/modules/services/mta.if
index 5e1afb4..2e20c08 100644
--- a/refpolicy/policy/modules/services/mta.if
+++ b/refpolicy/policy/modules/services/mta.if
@@ -44,11 +44,11 @@ allow $1_mail_t $1_t:process sigchld;
kernel_read_kernel_sysctl($1_mail_t)
-corenetwork_network_tcp_on_all_interfaces($1_mail_t)
-corenetwork_network_raw_on_all_interfaces($1_mail_t)
-corenetwork_network_tcp_on_all_nodes($1_mail_t)
-corenetwork_network_raw_on_all_nodes($1_mail_t)
-corenetwork_network_tcp_on_all_ports($1_mail_t)
+corenetwork_sendrecv_tcp_on_all_interfaces($1_mail_t)
+corenetwork_sendrecv_raw_on_all_interfaces($1_mail_t)
+corenetwork_sendrecv_tcp_on_all_nodes($1_mail_t)
+corenetwork_sendrecv_raw_on_all_nodes($1_mail_t)
+corenetwork_sendrecv_tcp_on_all_ports($1_mail_t)
corenetwork_bind_tcp_on_all_nodes($1_mail_t)
domain_use_widely_inheritable_file_descriptors($1_mail_t)
@@ -68,10 +68,10 @@ sysnetwork_read_network_config($1_mail_t)
tunable_policy(`use_dns',`
allow $1_mail_t self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
-corenetwork_network_udp_on_all_interfaces($1_mail_t)
-corenetwork_network_udp_on_all_nodes($1_mail_t)
+corenetwork_sendrecv_udp_on_all_interfaces($1_mail_t)
+corenetwork_sendrecv_udp_on_all_nodes($1_mail_t)
corenetwork_bind_udp_on_all_nodes($1_mail_t)
-corenetwork_network_udp_on_dns_port($1_mail_t)
+corenetwork_sendrecv_udp_on_dns_port($1_mail_t)
')
optional_policy(`procmail.te',`
diff --git a/refpolicy/policy/modules/services/mta.te b/refpolicy/policy/modules/services/mta.te
index 1a0163b..2ed8b05 100644
--- a/refpolicy/policy/modules/services/mta.te
+++ b/refpolicy/policy/modules/services/mta.te
@@ -53,12 +53,12 @@ kernel_read_kernel_sysctl(system_mail_t)
kernel_read_system_state(system_mail_t)
kernel_read_network_state(system_mail_t)
-corenetwork_network_tcp_on_all_interfaces(system_mail_t)
-corenetwork_network_raw_on_all_interfaces(system_mail_t)
-corenetwork_network_tcp_on_all_nodes(system_mail_t)
-corenetwork_network_raw_on_all_nodes(system_mail_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(system_mail_t)
+corenetwork_sendrecv_raw_on_all_interfaces(system_mail_t)
+corenetwork_sendrecv_tcp_on_all_nodes(system_mail_t)
+corenetwork_sendrecv_raw_on_all_nodes(system_mail_t)
corenetwork_bind_tcp_on_all_nodes(system_mail_t)
-corenetwork_network_tcp_on_all_ports(system_mail_t)
+corenetwork_sendrecv_tcp_on_all_ports(system_mail_t)
devices_get_pseudorandom_data(system_mail_t)
@@ -84,10 +84,10 @@ sysnetwork_read_network_config(system_mail_t)
tunable_policy(`use_dns',`
allow system_mail_t self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
-corenetwork_network_udp_on_all_interfaces(system_mail_t)
-corenetwork_network_udp_on_all_nodes(system_mail_t)
+corenetwork_sendrecv_udp_on_all_interfaces(system_mail_t)
+corenetwork_sendrecv_udp_on_all_nodes(system_mail_t)
corenetwork_bind_udp_on_all_nodes(system_mail_t)
-corenetwork_network_udp_on_dns_port(system_mail_t)
+corenetwork_sendrecv_udp_on_dns_port(system_mail_t)
')
optional_policy(`procmail.te',`
diff --git a/refpolicy/policy/modules/services/sendmail.te b/refpolicy/policy/modules/services/sendmail.te
index 096b6cd..4eb4dab 100644
--- a/refpolicy/policy/modules/services/sendmail.te
+++ b/refpolicy/policy/modules/services/sendmail.te
@@ -42,14 +42,14 @@ files_create_daemon_runtime_data(sendmail_t,sendmail_var_run_t)
kernel_read_kernel_sysctl(sendmail_t)
kernel_read_hardware_state(sendmail_t)
-corenetwork_network_tcp_on_all_interfaces(sendmail_t)
-corenetwork_network_raw_on_all_interfaces(sendmail_t)
-corenetwork_network_udp_on_all_interfaces(sendmail_t)
-corenetwork_network_tcp_on_all_nodes(sendmail_t)
-corenetwork_network_raw_on_all_nodes(sendmail_t)
-corenetwork_network_udp_on_all_nodes(sendmail_t)
-corenetwork_network_tcp_on_all_ports(sendmail_t)
-corenetwork_network_udp_on_all_ports(sendmail_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(sendmail_t)
+corenetwork_sendrecv_raw_on_all_interfaces(sendmail_t)
+corenetwork_sendrecv_udp_on_all_interfaces(sendmail_t)
+corenetwork_sendrecv_tcp_on_all_nodes(sendmail_t)
+corenetwork_sendrecv_raw_on_all_nodes(sendmail_t)
+corenetwork_sendrecv_udp_on_all_nodes(sendmail_t)
+corenetwork_sendrecv_tcp_on_all_ports(sendmail_t)
+corenetwork_sendrecv_udp_on_all_ports(sendmail_t)
corenetwork_bind_tcp_on_all_nodes(sendmail_t)
corenetwork_bind_udp_on_all_nodes(sendmail_t)
corenetwork_bind_tcp_on_smtp_port(sendmail_t)
diff --git a/refpolicy/policy/modules/system/authlogin.if b/refpolicy/policy/modules/system/authlogin.if
index d7f827b..e7defa9 100644
--- a/refpolicy/policy/modules/system/authlogin.if
+++ b/refpolicy/policy/modules/system/authlogin.if
@@ -64,12 +64,12 @@ allow $1_chkpwd_t $1_t:process sigchld;
tunable_policy(`use_dns',`
allow $1_chkpwd_t self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
-corenetwork_network_udp_on_all_interfaces($1_chkpwd_t)
-corenetwork_network_raw_on_all_interfaces($1_chkpwd_t)
-corenetwork_network_udp_on_all_nodes($1_chkpwd_t)
-corenetwork_network_raw_on_all_nodes($1_chkpwd_t)
+corenetwork_sendrecv_udp_on_all_interfaces($1_chkpwd_t)
+corenetwork_sendrecv_raw_on_all_interfaces($1_chkpwd_t)
+corenetwork_sendrecv_udp_on_all_nodes($1_chkpwd_t)
+corenetwork_sendrecv_raw_on_all_nodes($1_chkpwd_t)
corenetwork_bind_udp_on_all_nodes($1_chkpwd_t)
-corenetwork_network_udp_on_dns_port($1_chkpwd_t)
+corenetwork_sendrecv_udp_on_dns_port($1_chkpwd_t)
sysnetwork_read_network_config($1_chkpwd_t)
')
@@ -162,12 +162,12 @@ dontaudit $1 shadow_t:file { getattr read };
tunable_policy(`use_dns',`
allow $1 self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
-corenetwork_network_udp_on_all_interfaces($1)
-corenetwork_network_raw_on_all_interfaces($1)
-corenetwork_network_udp_on_all_nodes($1)
-corenetwork_network_raw_on_all_nodes($1)
+corenetwork_sendrecv_udp_on_all_interfaces($1)
+corenetwork_sendrecv_raw_on_all_interfaces($1)
+corenetwork_sendrecv_udp_on_all_nodes($1)
+corenetwork_sendrecv_raw_on_all_nodes($1)
corenetwork_bind_udp_on_all_nodes($1)
-corenetwork_network_udp_on_dns_port($1)
+corenetwork_sendrecv_udp_on_dns_port($1)
sysnetwork_read_network_config($1)
') dnl end use_dns
diff --git a/refpolicy/policy/modules/system/authlogin.te b/refpolicy/policy/modules/system/authlogin.te
index 526d6a3..a6852ce 100644
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@@ -255,12 +255,12 @@ selinux_read_config(system_chkpwd_t)
tunable_policy(`use_dns',`
allow system_chkpwd_t self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
-corenetwork_network_udp_on_all_interfaces(system_chkpwd_t)
-corenetwork_network_raw_on_all_interfaces(system_chkpwd_t)
-corenetwork_network_udp_on_all_nodes(system_chkpwd_t)
-corenetwork_network_raw_on_all_nodes(system_chkpwd_t)
+corenetwork_sendrecv_udp_on_all_interfaces(system_chkpwd_t)
+corenetwork_sendrecv_raw_on_all_interfaces(system_chkpwd_t)
+corenetwork_sendrecv_udp_on_all_nodes(system_chkpwd_t)
+corenetwork_sendrecv_raw_on_all_nodes(system_chkpwd_t)
corenetwork_bind_udp_on_all_nodes(system_chkpwd_t)
-corenetwork_network_udp_on_dns_port(system_chkpwd_t)
+corenetwork_sendrecv_udp_on_dns_port(system_chkpwd_t)
sysnetwork_read_network_config(system_chkpwd_t)
')
diff --git a/refpolicy/policy/modules/system/hostname.te b/refpolicy/policy/modules/system/hostname.te
index 783c663..a519b58 100644
--- a/refpolicy/policy/modules/system/hostname.te
+++ b/refpolicy/policy/modules/system/hostname.te
@@ -66,12 +66,12 @@ files_ignore_read_rootfs_file(hostname_t)
tunable_policy(`use_dns',`
allow hostname_t self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
-corenetwork_network_udp_on_all_interfaces(hostname_t)
-corenetwork_network_raw_on_all_interfaces(hostname_t)
-corenetwork_network_udp_on_all_nodes(hostname_t)
-corenetwork_network_raw_on_all_nodes(hostname_t)
+corenetwork_sendrecv_udp_on_all_interfaces(hostname_t)
+corenetwork_sendrecv_raw_on_all_interfaces(hostname_t)
+corenetwork_sendrecv_udp_on_all_nodes(hostname_t)
+corenetwork_sendrecv_raw_on_all_nodes(hostname_t)
corenetwork_bind_udp_on_all_nodes(hostname_t)
-corenetwork_network_udp_on_dns_port(hostname_t)
+corenetwork_sendrecv_udp_on_dns_port(hostname_t)
sysnetwork_read_network_config(hostname_t)
')
diff --git a/refpolicy/policy/modules/system/hotplug.te b/refpolicy/policy/modules/system/hotplug.te
index e3ef15f..6d15da1 100644
--- a/refpolicy/policy/modules/system/hotplug.te
+++ b/refpolicy/policy/modules/system/hotplug.te
@@ -51,11 +51,11 @@ kernel_read_usb_hardware_state(hotplug_t)
bootloader_read_kernel_modules(hotplug_t)
-corenetwork_network_tcp_on_all_interfaces(hotplug_t)
-corenetwork_network_raw_on_all_interfaces(hotplug_t)
-corenetwork_network_tcp_on_all_nodes(hotplug_t)
-corenetwork_network_raw_on_all_nodes(hotplug_t)
-corenetwork_network_tcp_on_all_ports(hotplug_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(hotplug_t)
+corenetwork_sendrecv_raw_on_all_interfaces(hotplug_t)
+corenetwork_sendrecv_tcp_on_all_nodes(hotplug_t)
+corenetwork_sendrecv_raw_on_all_nodes(hotplug_t)
+corenetwork_sendrecv_tcp_on_all_ports(hotplug_t)
corenetwork_bind_tcp_on_all_nodes(hotplug_t)
# for SSP
diff --git a/refpolicy/policy/modules/system/init.te b/refpolicy/policy/modules/system/init.te
index e451e2c..7a1e77b 100644
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@@ -203,14 +203,14 @@ kernel_ignore_get_message_interface_attributes(initrc_t)
bootloader_read_kernel_symbol_table(initrc_t)
-corenetwork_network_tcp_on_all_interfaces(initrc_t)
-corenetwork_network_raw_on_all_interfaces(initrc_t)
-corenetwork_network_udp_on_all_interfaces(initrc_t)
-corenetwork_network_tcp_on_all_nodes(initrc_t)
-corenetwork_network_raw_on_all_nodes(initrc_t)
-corenetwork_network_udp_on_all_nodes(initrc_t)
-corenetwork_network_tcp_on_all_ports(initrc_t)
-corenetwork_network_udp_on_all_ports(initrc_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(initrc_t)
+corenetwork_sendrecv_raw_on_all_interfaces(initrc_t)
+corenetwork_sendrecv_udp_on_all_interfaces(initrc_t)
+corenetwork_sendrecv_tcp_on_all_nodes(initrc_t)
+corenetwork_sendrecv_raw_on_all_nodes(initrc_t)
+corenetwork_sendrecv_udp_on_all_nodes(initrc_t)
+corenetwork_sendrecv_tcp_on_all_ports(initrc_t)
+corenetwork_sendrecv_udp_on_all_ports(initrc_t)
corenetwork_bind_tcp_on_all_nodes(initrc_t)
corenetwork_bind_udp_on_all_nodes(initrc_t)
diff --git a/refpolicy/policy/modules/system/iptables.te b/refpolicy/policy/modules/system/iptables.te
index a4c76b6..adfd2b2 100644
--- a/refpolicy/policy/modules/system/iptables.te
+++ b/refpolicy/policy/modules/system/iptables.te
@@ -73,12 +73,12 @@ userdomain_use_all_users_file_descriptors(iptables_t)
tunable_policy(`use_dns',`
allow iptables_t self:udp_socket { create ioctl read getattr write setattr append bind getopt setopt shutdown connect };
- corenetwork_network_udp_on_all_interfaces(iptables_t)
- corenetwork_network_raw_on_all_interfaces(iptables_t)
- corenetwork_network_udp_on_all_nodes(iptables_t)
- corenetwork_network_raw_on_all_nodes(iptables_t)
+ corenetwork_sendrecv_udp_on_all_interfaces(iptables_t)
+ corenetwork_sendrecv_raw_on_all_interfaces(iptables_t)
+ corenetwork_sendrecv_udp_on_all_nodes(iptables_t)
+ corenetwork_sendrecv_raw_on_all_nodes(iptables_t)
corenetwork_bind_udp_on_all_nodes(iptables_t)
- corenetwork_network_udp_on_dns_port(iptables_t)
+ corenetwork_sendrecv_udp_on_dns_port(iptables_t)
sysnetwork_read_network_config(iptables_t)
')
diff --git a/refpolicy/policy/modules/system/logging.te b/refpolicy/policy/modules/system/logging.te
index c9277a7..e6caf75 100644
--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@@ -120,11 +120,11 @@ init_script_read_runtime_data(syslogd_t)
init_script_ignore_write_runtime_data(syslogd_t)
terminal_write_all_private_physical_terminals(syslogd_t)
-corenetwork_network_raw_on_all_interfaces(syslogd_t)
-corenetwork_network_udp_on_all_interfaces(syslogd_t)
-corenetwork_network_raw_on_all_nodes(syslogd_t)
-corenetwork_network_udp_on_all_nodes(syslogd_t)
-corenetwork_network_udp_on_all_ports(syslogd_t)
+corenetwork_sendrecv_raw_on_all_interfaces(syslogd_t)
+corenetwork_sendrecv_udp_on_all_interfaces(syslogd_t)
+corenetwork_sendrecv_raw_on_all_nodes(syslogd_t)
+corenetwork_sendrecv_udp_on_all_nodes(syslogd_t)
+corenetwork_sendrecv_udp_on_all_ports(syslogd_t)
corenetwork_bind_udp_on_all_nodes(syslogd_t)
corenetwork_bind_udp_on_syslogd_port(syslogd_t)
diff --git a/refpolicy/policy/modules/system/mount.te b/refpolicy/policy/modules/system/mount.te
index 4864651..b9a36f6 100644
--- a/refpolicy/policy/modules/system/mount.te
+++ b/refpolicy/policy/modules/system/mount.te
@@ -86,14 +86,14 @@ optional_policy(`portmap.te', `
#allow portmap_t mount_t:udp_socket { sendto recvfrom };
#allow mount_t portmap_t:udp_socket { sendto recvfrom };
#allow mount_t rpc_pipefs_t:dir search;
-corenetwork_network_tcp_on_all_interfaces(mount_t)
-corenetwork_network_raw_on_all_interfaces(mount_t)
-corenetwork_network_udp_on_all_interfaces(mount_t)
-corenetwork_network_tcp_on_all_nodes(mount_t)
-corenetwork_network_raw_on_all_nodes(mount_t)
-corenetwork_network_udp_on_all_nodes(mount_t)
-corenetwork_network_tcp_on_all_ports(mount_t)
-corenetwork_network_udp_on_all_ports(mount_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(mount_t)
+corenetwork_sendrecv_raw_on_all_interfaces(mount_t)
+corenetwork_sendrecv_udp_on_all_interfaces(mount_t)
+corenetwork_sendrecv_tcp_on_all_nodes(mount_t)
+corenetwork_sendrecv_raw_on_all_nodes(mount_t)
+corenetwork_sendrecv_udp_on_all_nodes(mount_t)
+corenetwork_sendrecv_tcp_on_all_ports(mount_t)
+corenetwork_sendrecv_udp_on_all_ports(mount_t)
corenetwork_bind_tcp_on_all_nodes(mount_t)
corenetwork_bind_udp_on_all_nodes(mount_t)
corenetwork_bind_tcp_on_general_port(mount_t)
diff --git a/refpolicy/policy/modules/system/sysnetwork.te b/refpolicy/policy/modules/system/sysnetwork.te
index 0fd740c..27d68bf 100644
--- a/refpolicy/policy/modules/system/sysnetwork.te
+++ b/refpolicy/policy/modules/system/sysnetwork.te
@@ -92,14 +92,14 @@ kernel_read_kernel_sysctl(dhcpc_t)
kernel_read_hardware_state(dhcpc_t)
kernel_use_file_descriptors(dhcpc_t)
-corenetwork_network_tcp_on_all_interfaces(dhcpc_t)
-corenetwork_network_raw_on_all_interfaces(dhcpc_t)
-corenetwork_network_udp_on_all_interfaces(dhcpc_t)
-corenetwork_network_tcp_on_all_nodes(dhcpc_t)
-corenetwork_network_raw_on_all_nodes(dhcpc_t)
-corenetwork_network_udp_on_all_nodes(dhcpc_t)
-corenetwork_network_tcp_on_all_ports(dhcpc_t)
-corenetwork_network_udp_on_all_ports(dhcpc_t)
+corenetwork_sendrecv_tcp_on_all_interfaces(dhcpc_t)
+corenetwork_sendrecv_raw_on_all_interfaces(dhcpc_t)
+corenetwork_sendrecv_udp_on_all_interfaces(dhcpc_t)
+corenetwork_sendrecv_tcp_on_all_nodes(dhcpc_t)
+corenetwork_sendrecv_raw_on_all_nodes(dhcpc_t)
+corenetwork_sendrecv_udp_on_all_nodes(dhcpc_t)
+corenetwork_sendrecv_tcp_on_all_ports(dhcpc_t)
+corenetwork_sendrecv_udp_on_all_ports(dhcpc_t)
corenetwork_bind_tcp_on_all_nodes(dhcpc_t)
corenetwork_bind_udp_on_all_nodes(dhcpc_t)
corenetwork_bind_udp_on_dhcpc_port(dhcpc_t)
diff --git a/refpolicy/policy/modules/system/userdomain.if b/refpolicy/policy/modules/system/userdomain.if
index 4173c6d..a0568ab 100644
--- a/refpolicy/policy/modules/system/userdomain.if
+++ b/refpolicy/policy/modules/system/userdomain.if
@@ -110,14 +110,14 @@ kernel_read_device_sysctl($1_t)
# GNOME checks for usb and other devices:
kernel_modify_usb_hardware_config_option($1_t)
-corenetwork_network_tcp_on_all_interfaces($1_t)
-corenetwork_network_raw_on_all_interfaces($1_t)
-corenetwork_network_udp_on_all_interfaces($1_t)
-corenetwork_network_tcp_on_all_nodes($1_t)
-corenetwork_network_raw_on_all_nodes($1_t)
-corenetwork_network_udp_on_all_nodes($1_t)
-corenetwork_network_tcp_on_all_ports($1_t)
-corenetwork_network_udp_on_all_ports($1_t)
+corenetwork_sendrecv_tcp_on_all_interfaces($1_t)
+corenetwork_sendrecv_raw_on_all_interfaces($1_t)
+corenetwork_sendrecv_udp_on_all_interfaces($1_t)
+corenetwork_sendrecv_tcp_on_all_nodes($1_t)
+corenetwork_sendrecv_raw_on_all_nodes($1_t)
+corenetwork_sendrecv_udp_on_all_nodes($1_t)
+corenetwork_sendrecv_tcp_on_all_ports($1_t)
+corenetwork_sendrecv_udp_on_all_ports($1_t)
corenetwork_bind_tcp_on_all_nodes($1_t)
corenetwork_bind_udp_on_all_nodes($1_t)
# allow port_t name binding for UDP because it is not very usable otherwise
More information about the scm-commits
mailing list