complete corenetwork

2005-04-21 21:53:15 +00:00 · 2005-04-21 21:53:15 +00:00 · 0e730cc8e1
parent 1f7b37c585
commit 0e730cc8e1
4 changed files with 1028 additions and 127 deletions
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@ -156,7 +156,7 @@ tmp/generated_definitions.conf: $(ALL_MODULES) $(ALL_TE_FILES) $(BASE_MODULE)/co
 	$(QUIET) for i in $(notdir $(ALL_TE_FILES)); do \
 		echo "define(\`$$i')" >> $@ ;\
 	done
-	$(QUIET) m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te \
+	$(QUIET) m4 $(M4PARAM) -D interface_pass $(BASE_MODULE)/global.if $(BASE_MODULE)/corenetwork.if $(BASE_MODULE)/corenetwork.te \
 		| sed -e 's/dollarsone/\$$1/g' -e 's/dollarstwo/\$$2/g' >> $@
 tmp/all_interfaces.conf: $(ALL_INTERFACES)
--- a/refpolicy/policy/modules/kernel/corenetwork.if
+++ b/refpolicy/policy/modules/kernel/corenetwork.if
--- a/refpolicy/policy/modules/kernel/kernel.te
+++ b/refpolicy/policy/modules/kernel/kernel.te
@ -26,12 +26,12 @@ allow kernel_t unlabeled_t:dir mounton;
 #can_exec(kernel_t, bin_t.sys)
 # Kernel-generated traffic, e.g. ICMP replies.
-corenetwork_send_raw_on_all_interfaces(kernel_t)
+corenetwork_network_raw_on_all_interfaces(kernel_t)
-corenetwork_receive_raw_on_all_interfaces(kernel_t)
+corenetwork_network_raw_on_all_nodes(kernel_t)
 # Kernel-generated traffic, e.g. TCP resets.
-corenetwork_send_tcp_on_all_interfaces(kernel_t)
+corenetwork_network_tcp_on_all_interfaces(kernel_t)
-corenetwork_receive_tcp_on_all_interfaces(kernel_t)
+corenetwork_network_tcp_on_all_nodes(kernel_t)
 ########################################
 #
--- a/refpolicy/policy/modules/system/init.te
+++ b/refpolicy/policy/modules/system/init.te
@ -187,24 +187,16 @@ filesystem_unmount_all_filesystems(initrc_t)
 # can_network(initrc_t):
 allow initrc_t self:tcp_socket { connect listen accept create ioctl read getattr write setattr append bind getopt setopt shutdown };
 allow initrc_t self:udp_socket { connect create ioctl read getattr write setattr append bind getopt setopt shutdown };
-corenetwork_send_tcp_on_all_interfaces(initrc_t)
+corenetwork_network_tcp_on_all_interfaces(initrc_t)
-corenetwork_send_raw_on_all_interfaces(initrc_t)
+corenetwork_network_raw_on_all_interfaces(initrc_t)
-corenetwork_send_udp_on_all_interfaces(initrc_t)
+corenetwork_network_udp_on_all_interfaces(initrc_t)
-#corenetwork_send_tcp_on_all_nodes(initrc_t)
+corenetwork_network_tcp_on_all_nodes(initrc_t)
-#corenetwork_send_raw_on_all_nodes(initrc_t)
+corenetwork_network_raw_on_all_nodes(initrc_t)
-#corenetwork_send_udp_on_all_nodes(initrc_t)
+corenetwork_network_udp_on_all_nodes(initrc_t)
-#corenetwork_send_tcp_on_all_ports(initrc_t)
+corenetwork_network_tcp_on_all_ports(initrc_t)
-#corenetwork_send_udp_on_all_ports(initrc_t)
+corenetwork_network_udp_on_all_ports(initrc_t)
-corenetwork_receive_tcp_on_all_interfaces(initrc_t)
+corenetwork_bind_tcp_on_all_nodes(initrc_t)
-corenetwork_receive_raw_on_all_interfaces(initrc_t)
+corenetwork_bind_udp_on_all_nodes(initrc_t)
 corenetwork_receive_udp_on_all_interfaces(initrc_t)
 #corenetwork_receive_tcp_on_all_nodes(initrc_t)
 #corenetwork_receive_raw_on_all_nodes(initrc_t)
 #corenetwork_receive_udp_on_all_nodes(initrc_t)
 #corenetwork_receive_tcp_on_all_ports(initrc_t)
 #corenetwork_receive_udp_on_all_ports(initrc_t)
 #corenetwork_bind_tcp_on_all_nodes(initrc_t)
 #corenetwork_bind_udp_on_all_nodes(initrc_t)
 #allow initrc_t net_conf_t:file r_file_perms;
 #sysnetwork_read_network_config(initrc_t)