[selinux-policy: 2461/3172] Add examples to documentation of common corenetwork interfaces.

Daniel J Walsh dwalsh at fedoraproject.org
Thu Oct 7 22:38:30 UTC 2010 

commit 4a4436a7787e3412291c6038179b65d0499ee7f1
Author: Chris PeBenito <cpebenito at tresys.com>
Date:   Wed Mar 3 13:42:15 2010 -0500

    Add examples to documentation of common corenetwork interfaces.

 policy/modules/kernel/corenetwork.if.in |  115 ++++++++++++++++++++++++++++++-
 1 files changed, 114 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index f5a2563..b70e843 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -151,8 +151,23 @@ interface(`corenet_server_packet',`
 ##	Related interface:
 ##	</p>
 ##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
 ##		<li>corenet_tcp_sendrecv_generic_node()</li>
+##		<li>corenet_tcp_sendrecv_all_ports()</li>
+##		<li>corenet_tcp_connect_all_ports()</li>
 ##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
@@ -256,8 +271,21 @@ interface(`corenet_dontaudit_udp_receive_generic_if',`
 ##	Related interface:
 ##	</p>
 ##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
 ##		<li>corenet_udp_sendrecv_generic_node()</li>
+##		<li>corenet_udp_sendrecv_all_ports()</li>
 ##	</ul>
+##	<p>
+##	Example client being able to send to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:udp_socket create_socket_perms;
+##	corenet_udp_sendrecv_generic_if(myclient_t)
+##	corenet_udp_sendrecv_generic_node(myclient_t)
+##	corenet_udp_sendrecv_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
@@ -525,8 +553,23 @@ interface(`corenet_raw_sendrecv_all_if',`
 ##	Related interface:
 ##	</p>
 ##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
 ##		<li>corenet_tcp_sendrecv_generic_if()</li>
+##		<li>corenet_tcp_sendrecv_all_ports()</li>
+##		<li>corenet_tcp_connect_all_ports()</li>
 ##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
@@ -592,8 +635,21 @@ interface(`corenet_udp_receive_generic_node',`
 ##	Related interface:
 ##	</p>
 ##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
 ##		<li>corenet_udp_sendrecv_generic_if()</li>
+##		<li>corenet_udp_sendrecv_all_ports()</li>
 ##	</ul>
+##	<p>
+##	Example client being able to send to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:udp_socket create_socket_perms;
+##	corenet_udp_sendrecv_generic_if(myclient_t)
+##	corenet_udp_sendrecv_generic_node(myclient_t)
+##	corenet_udp_sendrecv_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
@@ -1199,9 +1255,24 @@ interface(`corenet_tcp_connect_generic_port',`
 ##	Related interfaces:
 ##	</p>
 ##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_tcp_sendrecv_generic_if()</li>
+##		<li>corenet_tcp_sendrecv_generic_node()</li>
 ##		<li>corenet_tcp_connect_all_ports()</li>
 ##		<li>corenet_tcp_bind_all_ports()</li>
 ##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
@@ -1264,8 +1335,22 @@ interface(`corenet_udp_receive_all_ports',`
 ##	Related interfaces:
 ##	</p>
 ##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_udp_sendrecv_generic_if()</li>
+##		<li>corenet_udp_sendrecv_generic_node()</li>
 ##		<li>corenet_udp_bind_all_ports()</li>
 ##	</ul>
+##	<p>
+##	Example client being able to send to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:udp_socket create_socket_perms;
+##	corenet_udp_sendrecv_generic_if(myclient_t)
+##	corenet_udp_sendrecv_generic_node(myclient_t)
+##	corenet_udp_sendrecv_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
 ## </desc>
 ## <param name="domain">
 ##	<summary>
@@ -1357,11 +1442,39 @@ interface(`corenet_dontaudit_udp_bind_all_ports',`
 ## <summary>
 ##	Connect TCP sockets to all ports.
 ## </summary>
+## <desc>
+##	<p>
+##	Connect TCP sockets to all ports
+##	</p>
+##	<p>
+##	Related interfaces:
+##	</p>
+##	<ul>
+##		<li>corenet_all_recvfrom_unlabeled()</li>
+##		<li>corenet_tcp_sendrecv_generic_if()</li>
+##		<li>corenet_tcp_sendrecv_generic_node()</li>
+##		<li>corenet_tcp_sendrecv_all_ports()</li>
+##		<li>corenet_tcp_bind_all_ports()</li>
+##	</ul>
+##	<p>
+##	Example client being able to connect to all ports over
+##	generic nodes, without labeled networking:
+##	</p>
+##	<p>
+##	allow myclient_t self:tcp_socket create_stream_socket_perms;
+##	corenet_tcp_sendrecv_generic_if(myclient_t)
+##	corenet_tcp_sendrecv_generic_node(myclient_t)
+##	corenet_tcp_sendrecv_all_ports(myclient_t)
+##	corenet_tcp_connect_all_ports(myclient_t)
+##	corenet_all_recvfrom_unlabeled(myclient_t)
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	The type of the process performing this action.
+##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="write" weight="1"/>
 #
 interface(`corenet_tcp_connect_all_ports',`
 	gen_require(`

More information about the scm-commits mailing list