[selinux-policy: 1479/3172] add client and server packet attributes

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 21:13:11 UTC 2010 

commit 2f8eec29c52b0c585c773a702769821cef365d30
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Fri May 26 13:49:13 2006 +0000

    add client and server packet attributes

 refpolicy/policy/modules/kernel/corenetwork.if.in |  138 +++++++++++++++++++++
 refpolicy/policy/modules/kernel/corenetwork.te.in |    4 +-
 refpolicy/policy/modules/kernel/corenetwork.te.m4 |    8 +-
 3 files changed, 145 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 15cb328..f5daf1e 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1400,6 +1400,144 @@ interface(`corenet_sendrecv_unlabeled_packets',`
 
 ########################################
 ## <summary>
+##	Send all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_send_all_client_packets',`
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet send;
+')
+
+########################################
+## <summary>
+##	Receive all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_receive_all_client_packets',`
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive all client packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_sendrecv_all_client_packets',`
+	corenet_send_all_client_packets($1)
+	corenet_recveive_all_client_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to any client packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_all_client_packets',`
+	gen_require(`
+		attribute client_packet_type;
+	')
+
+	allow $1 client_packet_type:packet relabelto;
+')
+
+########################################
+## <summary>
+##	Send all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_send_all_server_packets',`
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet send;
+')
+
+########################################
+## <summary>
+##	Receive all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_receive_all_server_packets',`
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet recv;
+')
+
+########################################
+## <summary>
+##	Send and receive all server packets.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_sendrecv_all_server_packets',`
+	corenet_send_all_server_packets($1)
+	corenet_recveive_all_server_packets($1)
+')
+
+########################################
+## <summary>
+##	Relabel packets to any server packet type.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`corenet_relabelto_all_server_packets',`
+	gen_require(`
+		attribute server_packet_type;
+	')
+
+	allow $1 server_packet_type:packet relabelto;
+')
+
+########################################
+## <summary>
 ##	Send all packets.
 ## </summary>
 ## <param name="domain">
diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in
index cba356f..abb1370 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.in
@@ -1,17 +1,19 @@
 
-policy_module(corenetwork,1.1.9)
+policy_module(corenetwork,1.1.10)
 
 ########################################
 #
 # Declarations
 #
 
+attribute client_packet_type;
 attribute netif_type;
 attribute node_type;
 attribute packet_type;
 attribute port_type;
 attribute reserved_port_type;
 attribute rpc_port_type;
+attribute server_packet_type;
 
 attribute corenet_unconfined_type;
 
diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.m4 b/refpolicy/policy/modules/kernel/corenetwork.te.m4
index 7085897..ecae862 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.te.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4
@@ -60,8 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
 #
 define(`network_port',`
 type $1_port_t, port_type;
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
 declare_ports($1_port_t,shift($*))
 ')
 
@@ -69,6 +69,6 @@ declare_ports($1_port_t,shift($*))
 # network_packet(packet_name)
 #
 define(`network_packet',`
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
 ')

More information about the scm-commits mailing list