[selinux-policy: 1479/3172] add client and server packet attributes
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 21:13:11 UTC 2010
commit 2f8eec29c52b0c585c773a702769821cef365d30
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri May 26 13:49:13 2006 +0000
add client and server packet attributes
refpolicy/policy/modules/kernel/corenetwork.if.in | 138 +++++++++++++++++++++
refpolicy/policy/modules/kernel/corenetwork.te.in | 4 +-
refpolicy/policy/modules/kernel/corenetwork.te.m4 | 8 +-
3 files changed, 145 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if.in b/refpolicy/policy/modules/kernel/corenetwork.if.in
index 15cb328..f5daf1e 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.if.in
@@ -1400,6 +1400,144 @@ interface(`corenet_sendrecv_unlabeled_packets',`
########################################
## <summary>
+## Send all client packets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_send_all_client_packets',`
+ gen_require(`
+ attribute client_packet_type;
+ ')
+
+ allow $1 client_packet_type:packet send;
+')
+
+########################################
+## <summary>
+## Receive all client packets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_receive_all_client_packets',`
+ gen_require(`
+ attribute client_packet_type;
+ ')
+
+ allow $1 client_packet_type:packet recv;
+')
+
+########################################
+## <summary>
+## Send and receive all client packets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_sendrecv_all_client_packets',`
+ corenet_send_all_client_packets($1)
+ corenet_recveive_all_client_packets($1)
+')
+
+########################################
+## <summary>
+## Relabel packets to any client packet type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_relabelto_all_client_packets',`
+ gen_require(`
+ attribute client_packet_type;
+ ')
+
+ allow $1 client_packet_type:packet relabelto;
+')
+
+########################################
+## <summary>
+## Send all server packets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_send_all_server_packets',`
+ gen_require(`
+ attribute server_packet_type;
+ ')
+
+ allow $1 server_packet_type:packet send;
+')
+
+########################################
+## <summary>
+## Receive all server packets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_receive_all_server_packets',`
+ gen_require(`
+ attribute server_packet_type;
+ ')
+
+ allow $1 server_packet_type:packet recv;
+')
+
+########################################
+## <summary>
+## Send and receive all server packets.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_sendrecv_all_server_packets',`
+ corenet_send_all_server_packets($1)
+ corenet_recveive_all_server_packets($1)
+')
+
+########################################
+## <summary>
+## Relabel packets to any server packet type.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+interface(`corenet_relabelto_all_server_packets',`
+ gen_require(`
+ attribute server_packet_type;
+ ')
+
+ allow $1 server_packet_type:packet relabelto;
+')
+
+########################################
+## <summary>
## Send all packets.
## </summary>
## <param name="domain">
diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in
index cba356f..abb1370 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.te.in
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.in
@@ -1,17 +1,19 @@
-policy_module(corenetwork,1.1.9)
+policy_module(corenetwork,1.1.10)
########################################
#
# Declarations
#
+attribute client_packet_type;
attribute netif_type;
attribute node_type;
attribute packet_type;
attribute port_type;
attribute reserved_port_type;
attribute rpc_port_type;
+attribute server_packet_type;
attribute corenet_unconfined_type;
diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.m4 b/refpolicy/policy/modules/kernel/corenetwork.te.m4
index 7085897..ecae862 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.te.m4
+++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4
@@ -60,8 +60,8 @@ ifelse(`$5',`',`',`declare_ports($1,shiftn(4,$*))')dnl
#
define(`network_port',`
type $1_port_t, port_type;
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
declare_ports($1_port_t,shift($*))
')
@@ -69,6 +69,6 @@ declare_ports($1_port_t,shift($*))
# network_packet(packet_name)
#
define(`network_packet',`
-type $1_client_packet_t, packet_type;
-type $1_server_packet_t, packet_type;
+type $1_client_packet_t, packet_type, client_packet_type;
+type $1_server_packet_t, packet_type, server_packet_type;
')
More information about the scm-commits
mailing list