RepoMirrors
/
selinux-refpolicy
mirror of https://github.com/SELinuxProject/refpolicy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add examples to documentation of common corenetwork interfaces.

This commit is contained in:
Chris PeBenito 2010-03-03 13:42:15 -05:00
parent a6bafb5a25
commit 4a4436a778
1 changed files with 114 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

115
policy/modules/kernel/corenetwork.if.in
View File

@ -151,8 +151,23 @@ interface(`corenet_server_packet',`
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
@ -256,8 +271,21 @@ interface(`corenet_dontaudit_udp_receive_generic_if',`
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_node()</li>
## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
@ -525,8 +553,23 @@ interface(`corenet_raw_sendrecv_all_if',`
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
@ -592,8 +635,21 @@ interface(`corenet_udp_receive_generic_node',`
## Related interface:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_if()</li>
## <li>corenet_udp_sendrecv_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
@ -1199,9 +1255,24 @@ interface(`corenet_tcp_connect_generic_port',`
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_connect_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
@ -1264,8 +1335,22 @@ interface(`corenet_udp_receive_all_ports',`
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_udp_sendrecv_generic_if()</li>
## <li>corenet_udp_sendrecv_generic_node()</li>
## <li>corenet_udp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to send to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:udp_socket create_socket_perms;
## corenet_udp_sendrecv_generic_if(myclient_t)
## corenet_udp_sendrecv_generic_node(myclient_t)
## corenet_udp_sendrecv_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
@ -1357,11 +1442,39 @@ interface(`corenet_dontaudit_udp_bind_all_ports',`
## <summary>
## Connect TCP sockets to all ports.
## </summary>
## <desc>
## <p>
## Connect TCP sockets to all ports
## </p>
## <p>
## Related interfaces:
## </p>
## <ul>
## <li>corenet_all_recvfrom_unlabeled()</li>
## <li>corenet_tcp_sendrecv_generic_if()</li>
## <li>corenet_tcp_sendrecv_generic_node()</li>
## <li>corenet_tcp_sendrecv_all_ports()</li>
## <li>corenet_tcp_bind_all_ports()</li>
## </ul>
## <p>
## Example client being able to connect to all ports over
## generic nodes, without labeled networking:
## </p>
## <p>
## allow myclient_t self:tcp_socket create_stream_socket_perms;
## corenet_tcp_sendrecv_generic_if(myclient_t)
## corenet_tcp_sendrecv_generic_node(myclient_t)
## corenet_tcp_sendrecv_all_ports(myclient_t)
## corenet_tcp_connect_all_ports(myclient_t)
## corenet_all_recvfrom_unlabeled(myclient_t)
## </p>
## </desc>
## <param name="domain">
## <summary>
## The type of the process performing this action.
## Domain allowed access.
## </summary>
## </param>
## <infoflow type="write" weight="1"/>
#
interface(`corenet_tcp_connect_all_ports',`
gen_require(`