[selinux-policy: 2461/3172] Add examples to documentation of common corenetwork interfaces.
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 22:38:30 UTC 2010
commit 4a4436a7787e3412291c6038179b65d0499ee7f1
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Mar 3 13:42:15 2010 -0500
Add examples to documentation of common corenetwork interfaces.
policy/modules/kernel/corenetwork.if.in | 115 ++++++++++++++++++++++++++++++-
1 files changed, 114 insertions(+), 1 deletions(-)
---
diff --git a/policy/modules/kernel/corenetwork.if.in b/policy/modules/kernel/corenetwork.if.in
index f5a2563..b70e843 100644
--- a/policy/modules/kernel/corenetwork.if.in
+++ b/policy/modules/kernel/corenetwork.if.in
@@ -151,8 +151,23 @@ interface(`corenet_server_packet',`
## Related interface:
## </p>
## <ul>
+## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
+## <li>corenet_tcp_sendrecv_all_ports()</li>
+## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
+## <p>
+## Example client being able to connect to all ports over
+## generic nodes, without labeled networking:
+## </p>
+## <p>
+## allow myclient_t self:tcp_socket create_stream_socket_perms;
+## corenet_tcp_sendrecv_generic_if(myclient_t)
+## corenet_tcp_sendrecv_generic_node(myclient_t)
+## corenet_tcp_sendrecv_all_ports(myclient_t)
+## corenet_tcp_connect_all_ports(myclient_t)
+## corenet_all_recvfrom_unlabeled(myclient_t)
+## </p>
## </desc>
## <param name="domain">
## <summary>
@@ -256,8 +271,21 @@ interface(`corenet_dontaudit_udp_receive_generic_if',`
## Related interface:
## </p>
## <ul>
+## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_node()</li>
+## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
+## <p>
+## Example client being able to send to all ports over
+## generic nodes, without labeled networking:
+## </p>
+## <p>
+## allow myclient_t self:udp_socket create_socket_perms;
+## corenet_udp_sendrecv_generic_if(myclient_t)
+## corenet_udp_sendrecv_generic_node(myclient_t)
+## corenet_udp_sendrecv_all_ports(myclient_t)
+## corenet_all_recvfrom_unlabeled(myclient_t)
+## </p>
## </desc>
## <param name="domain">
## <summary>
@@ -525,8 +553,23 @@ interface(`corenet_raw_sendrecv_all_if',`
## Related interface:
## </p>
## <ul>
+## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
+## <li>corenet_tcp_sendrecv_all_ports()</li>
+## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
+## <p>
+## Example client being able to connect to all ports over
+## generic nodes, without labeled networking:
+## </p>
+## <p>
+## allow myclient_t self:tcp_socket create_stream_socket_perms;
+## corenet_tcp_sendrecv_generic_if(myclient_t)
+## corenet_tcp_sendrecv_generic_node(myclient_t)
+## corenet_tcp_sendrecv_all_ports(myclient_t)
+## corenet_tcp_connect_all_ports(myclient_t)
+## corenet_all_recvfrom_unlabeled(myclient_t)
+## </p>
## </desc>
## <param name="domain">
## <summary>
@@ -592,8 +635,21 @@ interface(`corenet_udp_receive_generic_node',`
## Related interface:
## </p>
## <ul>
+## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_if()</li>
+## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
+## <p>
+## Example client being able to send to all ports over
+## generic nodes, without labeled networking:
+## </p>
+## <p>
+## allow myclient_t self:udp_socket create_socket_perms;
+## corenet_udp_sendrecv_generic_if(myclient_t)
+## corenet_udp_sendrecv_generic_node(myclient_t)
+## corenet_udp_sendrecv_all_ports(myclient_t)
+## corenet_all_recvfrom_unlabeled(myclient_t)
+## </p>
## </desc>
## <param name="domain">
## <summary>
@@ -1199,9 +1255,24 @@ interface(`corenet_tcp_connect_generic_port',`
## Related interfaces:
## </p>
## <ul>
+## <li>corenet_all_recvfrom_unlabeled()</li>
+## <li>corenet_tcp_sendrecv_generic_if()</li>
+## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
+## <p>
+## Example client being able to connect to all ports over
+## generic nodes, without labeled networking:
+## </p>
+## <p>
+## allow myclient_t self:tcp_socket create_stream_socket_perms;
+## corenet_tcp_sendrecv_generic_if(myclient_t)
+## corenet_tcp_sendrecv_generic_node(myclient_t)
+## corenet_tcp_sendrecv_all_ports(myclient_t)
+## corenet_tcp_connect_all_ports(myclient_t)
+## corenet_all_recvfrom_unlabeled(myclient_t)
+## </p>
## </desc>
## <param name="domain">
## <summary>
@@ -1264,8 +1335,22 @@ interface(`corenet_udp_receive_all_ports',`
## Related interfaces:
## </p>
## <ul>
+## <li>corenet_all_recvfrom_unlabeled()</li>
+## <li>corenet_udp_sendrecv_generic_if()</li>
+## <li>corenet_udp_sendrecv_generic_node()</li>
## <li>corenet_udp_bind_all_ports()</li>
## </ul>
+## <p>
+## Example client being able to send to all ports over
+## generic nodes, without labeled networking:
+## </p>
+## <p>
+## allow myclient_t self:udp_socket create_socket_perms;
+## corenet_udp_sendrecv_generic_if(myclient_t)
+## corenet_udp_sendrecv_generic_node(myclient_t)
+## corenet_udp_sendrecv_all_ports(myclient_t)
+## corenet_all_recvfrom_unlabeled(myclient_t)
+## </p>
## </desc>
## <param name="domain">
## <summary>
@@ -1357,11 +1442,39 @@ interface(`corenet_dontaudit_udp_bind_all_ports',`
## <summary>
## Connect TCP sockets to all ports.
## </summary>
+## <desc>
+## <p>
+## Connect TCP sockets to all ports
+## </p>
+## <p>
+## Related interfaces:
+## </p>
+## <ul>
+## <li>corenet_all_recvfrom_unlabeled()</li>
+## <li>corenet_tcp_sendrecv_generic_if()</li>
+## <li>corenet_tcp_sendrecv_generic_node()</li>
+## <li>corenet_tcp_sendrecv_all_ports()</li>
+## <li>corenet_tcp_bind_all_ports()</li>
+## </ul>
+## <p>
+## Example client being able to connect to all ports over
+## generic nodes, without labeled networking:
+## </p>
+## <p>
+## allow myclient_t self:tcp_socket create_stream_socket_perms;
+## corenet_tcp_sendrecv_generic_if(myclient_t)
+## corenet_tcp_sendrecv_generic_node(myclient_t)
+## corenet_tcp_sendrecv_all_ports(myclient_t)
+## corenet_tcp_connect_all_ports(myclient_t)
+## corenet_all_recvfrom_unlabeled(myclient_t)
+## </p>
+## </desc>
## <param name="domain">
## <summary>
-## The type of the process performing this action.
+## Domain allowed access.
## </summary>
## </param>
+## <infoflow type="write" weight="1"/>
#
interface(`corenet_tcp_connect_all_ports',`
gen_require(`
More information about the scm-commits
mailing list