[selinux-policy: 2445/3172] Improve the documentation of corenetwork interfaces corenet_tcp_sendrecv_generic_if() corenet_udp_se
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:37:05 UTC 2010
commit 42eb0f10a96ac96a751732ab2e4cc51aca133f64
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Fri Feb 26 14:24:56 2010 -0500
Improve the documentation of corenetwork interfaces
corenet_tcp_sendrecv_generic_if()
corenet_udp_sendrecv_generic_if()
corenet_tcp_sendrecv_generic_node()
corenet_udp_sendrecv_generic_node()
corenet_tcp_bind_generic_node()
corenet_udp_bind_generic_node()
corenet_tcp_sendrecv_all_ports()
corenet_udp_sendrecv_all_ports()
corenet_all_recvfrom_unlabeled()
corenet_all_recvfrom_netlabel()
policy/modules/kernel/corenetwork.if.in | 145 ++++++++++++++++++++++++++++--
1 files changed, 135 insertions(+), 10 deletions(-)
---
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index c87c9ec..f5a2563 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -140,11 +140,23 @@ interface(`corenet_server_packet',`
########################################
## <summary>
-## Send and receive TCP network traffic on the generic interfaces.
+## Send and receive TCP network traffic on generic interfaces.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to send and receive TCP network
+## traffic on generic network interfaces.
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corenet_tcp_sendrecv_generic_node()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
## <infoflow type="both" weight="10"/>
@@ -233,13 +245,26 @@ interface(`corenet_dontaudit_udp_receive_generic_if',`
########################################
## <summary>
-## Send and Receive UDP network traffic on generic interfaces.
+## Send and receive UDP network traffic on generic interfaces.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to send and receive UDP network
+## traffic on generic network interfaces.
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corenet_udp_sendrecv_generic_node()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_if',`
corenet_udp_send_generic_if($1)
@@ -491,11 +516,24 @@ interface(`corenet_raw_sendrecv_all_if',`
## <summary>
## Send and receive TCP network traffic on generic nodes.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to send and receive TCP network
+## traffic to/from generic network nodes (hostnames/networks).
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corenet_tcp_sendrecv_generic_if()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_generic_node',`
gen_require(`
@@ -545,11 +583,24 @@ interface(`corenet_udp_receive_generic_node',`
## <summary>
## Send and receive UDP network traffic on generic nodes.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to send and receive UDP network
+## traffic to/from generic network nodes (hostnames/networks).
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corenet_udp_sendrecv_generic_if()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_generic_node',`
corenet_udp_send_generic_node($1)
@@ -611,11 +662,26 @@ interface(`corenet_raw_sendrecv_generic_node',`
## <summary>
## Bind TCP sockets to generic nodes.
## </summary>
+## <desc>
+## <p>
+## Bind TCP sockets to generic nodes. This is
+## necessary for binding a socket so it
+## can be used for servers to listen
+## for incoming connections.
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corenet_udp_bind_generic_node()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="read" weight="1"/>
#
interface(`corenet_tcp_bind_generic_node',`
gen_require(`
@@ -629,11 +695,26 @@ interface(`corenet_tcp_bind_generic_node',`
## <summary>
## Bind UDP sockets to generic nodes.
## </summary>
+## <desc>
+## <p>
+## Bind UDP sockets to generic nodes. This is
+## necessary for binding a socket so it
+## can be used for servers to listen
+## for incoming connections.
+## </p>
+## <p>
+## Related interface:
+## </p>
+## <ul>
+## <li>corenet_tcp_bind_generic_node()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="read" weight="1"/>
#
interface(`corenet_udp_bind_generic_node',`
gen_require(`
@@ -1112,11 +1193,22 @@ interface(`corenet_tcp_connect_generic_port',`
## <summary>
## Send and receive TCP network traffic on all ports.
## </summary>
+## <desc>
+## <p>
+## Send and receive TCP network traffic on all ports.
+## Related interfaces:
+## </p>
+## <ul>
+## <li>corenet_tcp_connect_all_ports()</li>
+## <li>corenet_tcp_bind_all_ports()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_tcp_sendrecv_all_ports',`
gen_require(`
@@ -1166,11 +1258,21 @@ interface(`corenet_udp_receive_all_ports',`
## <summary>
## Send and receive UDP network traffic on all ports.
## </summary>
+## <desc>
+## <p>
+## Send and receive UDP network traffic on all ports.
+## Related interfaces:
+## </p>
+## <ul>
+## <li>corenet_udp_bind_all_ports()</li>
+## </ul>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="both" weight="10"/>
#
interface(`corenet_udp_sendrecv_all_ports',`
corenet_udp_send_all_ports($1)
@@ -2207,11 +2309,23 @@ interface(`corenet_dontaudit_raw_recvfrom_unlabeled',`
## <summary>
## Receive packets from an unlabeled connection.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to receive packets from an
+## unlabeled connection. On machines that do not utilize
+## labeled networking, this will be required on all
+## networking domains. On machines tha do utilize
+## labeled networking, this will be required for any
+## networking domain that is allowed to receive
+## network traffic that does not have a label.
+## </p>
+## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_unlabeled',`
kernel_tcp_recvfrom_unlabeled($1)
@@ -2229,11 +2343,22 @@ interface(`corenet_all_recvfrom_unlabeled',`
## <summary>
## Receive packets from a NetLabel connection.
## </summary>
+## <desc>
+## <p>
+## Allow the specified domain to receive NetLabel
+## network traffic, which utilizes the Commercial IP
+## Security Option (CIPSO) to set the MLS level
+## of the network packets. This is required for
+## all networking domains that receive NetLabel
+## network traffic.
+## </p>
+## </desc>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="read" weight="10"/>
#
interface(`corenet_all_recvfrom_netlabel',`
gen_require(`
More information about the scm-commits
mailing list