[selinux-policy: 520/3172] add connect interface on ports to handle name_connect tcp perm
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:49:33 UTC 2010
commit 022f61c0e30c98bbf742336486712e251d9f1053
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Jul 22 15:38:01 2005 +0000
add connect interface on ports to handle name_connect tcp perm
refpolicy/policy/modules/kernel/corenetwork.if.m4 | 106 ++++++++++++---------
1 files changed, 62 insertions(+), 44 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.m4 b/refpolicy/policy/modules/kernel/corenetwork.if.m4
index 9771003..d6401ba 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.m4
@@ -6,9 +6,9 @@
define(`create_netif_interfaces',``
########################################
-## <desc>
+## <summary>
## Send and receive TCP network traffic on the $1 interface.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -24,9 +24,9 @@ interface(`corenet_tcp_sendrecv_$1',`
')
########################################
-## <desc>
+## <summary>
## Send UDP network traffic on the $1 interface.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -42,9 +42,9 @@ interface(`corenet_udp_send_$1',`
')
########################################
-## <desc>
+## <summary>
## Receive UDP network traffic on the $1 interface.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -60,9 +60,9 @@ interface(`corenet_udp_receive_$1',`
')
########################################
-## <desc>
+## <summary>
## Send and receive UDP network traffic on the $1 interface.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -74,9 +74,9 @@ interface(`corenet_udp_sendrecv_$1',`
')
########################################
-## <desc>
+## <summary>
## Send raw IP packets on the $1 interface.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -94,9 +94,9 @@ interface(`corenet_raw_send_$1',`
')
########################################
-## <desc>
+## <summary>
## Receive raw IP packets on the $1 interface.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -112,9 +112,9 @@ interface(`corenet_raw_receive_$1',`
')
########################################
-## <desc>
+## <summary>
## Send and receive raw IP packets on the $1 interface.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -134,9 +134,9 @@ interface(`corenet_raw_sendrecv_$1',`
define(`create_node_interfaces',``
########################################
-## <desc>
+## <summary>
## Send and receive TCP traffic on the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -152,9 +152,9 @@ interface(`corenet_tcp_sendrecv_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Send UDP traffic on the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -170,9 +170,9 @@ interface(`corenet_udp_send_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Receive UDP traffic on the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -188,9 +188,9 @@ interface(`corenet_udp_receive_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Send and receive UDP traffic on the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -202,9 +202,9 @@ interface(`corenet_udp_sendrecv_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Send raw IP packets on the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -220,9 +220,9 @@ interface(`corenet_raw_send_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Receive raw IP packets on the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -238,9 +238,9 @@ interface(`corenet_raw_receive_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Send and receive raw IP packets on the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -252,9 +252,9 @@ interface(`corenet_raw_sendrecv_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Bind TCP sockets to node $1.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -270,9 +270,9 @@ interface(`corenet_tcp_bind_$1_node',`
')
########################################
-## <desc>
+## <summary>
## Bind UDP sockets to the $1 node.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -296,9 +296,9 @@ interface(`corenet_udp_bind_$1_node',`
define(`create_port_interfaces',``
########################################
-## <desc>
+## <summary>
## Send and receive TCP traffic on the $1 port.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -314,9 +314,9 @@ interface(`corenet_tcp_sendrecv_$1_port',`
')
########################################
-## <desc>
+## <summary>
## Send UDP traffic on the $1 port.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -332,9 +332,9 @@ interface(`corenet_udp_send_$1_port',`
')
########################################
-## <desc>
+## <summary>
## Receive UDP traffic on the $1 port.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -350,9 +350,9 @@ interface(`corenet_udp_receive_$1_port',`
')
########################################
-## <desc>
+## <summary>
## Send and receive UDP traffic on the $1 port.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -364,9 +364,9 @@ interface(`corenet_udp_sendrecv_$1_port',`
')
########################################
-## <desc>
+## <summary>
## Bind TCP sockets to the $1 port.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -378,14 +378,15 @@ interface(`corenet_tcp_bind_$1_port',`
class tcp_socket name_bind;
$3
')
+
allow dollarsone $1_port_t:tcp_socket name_bind;
$2
')
########################################
-## <desc>
+## <summary>
## Bind UDP sockets to the $1 port.
-## </desc>
+## </summary>
## <param name="domain">
## The type of the process performing this action.
## </param>
@@ -401,6 +402,23 @@ interface(`corenet_udp_bind_$1_port',`
allow dollarsone $1_port_t:udp_socket name_bind;
$2
')
+
+########################################
+## <summary>
+## Make a TCP connection to the $1 port.
+## </summary>
+## <param name="domain">
+## The type of the process performing this action.
+## </param>
+#
+interface(`corenet_tcp_connect_$1_port',`
+ gen_require(`
+ type $1_port_t;
+ class tcp_socket name_connect;
+ ')
+
+ allow dollarsone $1_port_t:tcp_socket name_connect;
+')
'') dnl end create_port_interfaces
#
More information about the scm-commits
mailing list