interface review, and remove net_raw from raw node sends. only give
capability for raw send on an interface
This commit is contained in:
parent
c9b7f1a28e
commit
bc1fbab472
|
@ -17,17 +17,14 @@ define(`create_netif_interfaces',``
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_tcp_sendrecv_$1',`
|
define(`corenet_tcp_sendrecv_$1',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_netif_t;
|
||||||
|
class netif { tcp_send tcp_recv };
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_netif_t:netif { tcp_send tcp_recv };
|
allow dollarsone $1_netif_t:netif { tcp_send tcp_recv };
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_tcp_sendrecv_$1_depend',`
|
|
||||||
type $1_netif_t;
|
|
||||||
|
|
||||||
class netif { tcp_send tcp_recv };
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_send_$1">
|
## <interface name="corenet_udp_send_$1">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -40,17 +37,14 @@ define(`corenet_tcp_sendrecv_$1_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_send_$1',`
|
define(`corenet_udp_send_$1',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_netif_t;
|
||||||
|
class netif udp_send;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_netif_t:netif udp_send;
|
allow dollarsone $1_netif_t:netif udp_send;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_send_$1_depend',`
|
|
||||||
type $1_netif_t;
|
|
||||||
|
|
||||||
class netif udp_send;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_receive_$1">
|
## <interface name="corenet_udp_receive_$1">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -63,17 +57,14 @@ define(`corenet_udp_send_$1_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_receive_$1',`
|
define(`corenet_udp_receive_$1',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_netif_t;
|
||||||
|
class netif udp_recv;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_netif_t:netif udp_recv;
|
allow dollarsone $1_netif_t:netif udp_recv;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_receive_$1_depend',`
|
|
||||||
type $1_netif_t;
|
|
||||||
|
|
||||||
class netif udp_recv;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenetwork_sendrecv_udp_on_$1_interface">
|
## <interface name="corenetwork_sendrecv_udp_on_$1_interface">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -102,19 +93,16 @@ define(`corenet_udp_sendrecv_$1',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_raw_send_$1',`
|
define(`corenet_raw_send_$1',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_netif_t;
|
||||||
|
class netif rawip_send;
|
||||||
|
class capability net_raw;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_netif_t:netif rawip_send;
|
allow dollarsone $1_netif_t:netif rawip_send;
|
||||||
allow dollarsone self:capability net_raw;
|
allow dollarsone self:capability net_raw;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_raw_send_$1_depend',`
|
|
||||||
type $1_netif_t;
|
|
||||||
|
|
||||||
class netif rawip_send;
|
|
||||||
class capability net_raw;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_raw_receive_$1">
|
## <interface name="corenet_raw_receive_$1">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -127,17 +115,14 @@ define(`corenet_raw_send_$1_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_raw_receive_$1',`
|
define(`corenet_raw_receive_$1',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_netif_t;
|
||||||
|
class netif rawip_recv;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_netif_t:netif rawip_recv;
|
allow dollarsone $1_netif_t:netif rawip_recv;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_raw_receive_$1_depend',`
|
|
||||||
type $1_netif_t;
|
|
||||||
|
|
||||||
class netif rawip_recv;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_raw_sendrecv_$1">
|
## <interface name="corenet_raw_sendrecv_$1">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -174,17 +159,14 @@ define(`create_node_interfaces',``
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_tcp_sendrecv_$1_node',`
|
define(`corenet_tcp_sendrecv_$1_node',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_node_t;
|
||||||
|
class node { tcp_send tcp_recv };
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_node_t:node { tcp_send tcp_recv };
|
allow dollarsone $1_node_t:node { tcp_send tcp_recv };
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_tcp_sendrecv_$1_node_depend',`
|
|
||||||
type $1_node_t;
|
|
||||||
|
|
||||||
class node { tcp_send tcp_recv };
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_send_$1_node">
|
## <interface name="corenet_udp_send_$1_node">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -197,17 +179,14 @@ define(`corenet_tcp_sendrecv_$1_node_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_send_$1_node',`
|
define(`corenet_udp_send_$1_node',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_node_t;
|
||||||
|
class node udp_send;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_node_t:node udp_send;
|
allow dollarsone $1_node_t:node udp_send;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_send_$1_node_depend',`
|
|
||||||
type $1_node_t;
|
|
||||||
|
|
||||||
class node udp_send;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_receive_$1_node">
|
## <interface name="corenet_udp_receive_$1_node">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -220,17 +199,14 @@ define(`corenet_udp_send_$1_node_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_receive_$1_node',`
|
define(`corenet_udp_receive_$1_node',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_node_t;
|
||||||
|
class node udp_recv;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_node_t:node udp_recv;
|
allow dollarsone $1_node_t:node udp_recv;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_receive_$1_node_depend',`
|
|
||||||
type $1_node_t;
|
|
||||||
|
|
||||||
class node udp_recv;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_sendrecv_$1_node">
|
## <interface name="corenet_udp_sendrecv_$1_node">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -259,17 +235,12 @@ define(`corenet_udp_sendrecv_$1_node',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_raw_send_$1_node',`
|
define(`corenet_raw_send_$1_node',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_node_t;
|
||||||
|
class node rawip_send;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_node_t:node rawip_send;
|
allow dollarsone $1_node_t:node rawip_send;
|
||||||
allow dollarsone self:capability net_raw;
|
|
||||||
')
|
|
||||||
|
|
||||||
define(`corenet_raw_send_$1_node_depend',`
|
|
||||||
type $1_node_t;
|
|
||||||
|
|
||||||
class node rawip_send;
|
|
||||||
class capability net_raw;
|
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -284,17 +255,14 @@ define(`corenet_raw_send_$1_node_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_raw_receive_$1_node',`
|
define(`corenet_raw_receive_$1_node',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_node_t;
|
||||||
|
class node rawip_recv;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_node_t:node rawip_recv;
|
allow dollarsone $1_node_t:node rawip_recv;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_raw_receive_$1_node_depend',`
|
|
||||||
type $1_node_t;
|
|
||||||
|
|
||||||
class node rawip_recv;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_raw_sendrecv_$1_node">
|
## <interface name="corenet_raw_sendrecv_$1_node">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -323,17 +291,14 @@ define(`corenet_raw_sendrecv_$1_node',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_tcp_bind_$1_node',`
|
define(`corenet_tcp_bind_$1_node',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_node_t;
|
||||||
|
class tcp_socket node_bind;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_node_t:tcp_socket node_bind;
|
allow dollarsone $1_node_t:tcp_socket node_bind;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_tcp_bind_$1_node_depend',`
|
|
||||||
type $1_node_t;
|
|
||||||
|
|
||||||
class tcp_socket node_bind;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_bind_$1_node">
|
## <interface name="corenet_udp_bind_$1_node">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -346,16 +311,13 @@ define(`corenet_tcp_bind_$1_node_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_bind_$1_node',`
|
define(`corenet_udp_bind_$1_node',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_node_t;
|
||||||
|
class udp_socket node_bind;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_node_t:udp_socket node_bind;
|
allow dollarsone $1_node_t:udp_socket node_bind;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_bind_$1_node_depend',`
|
|
||||||
type $1_node_t;
|
|
||||||
|
|
||||||
class udp_socket node_bind;
|
|
||||||
')
|
|
||||||
'') dnl end create_node_interfaces
|
'') dnl end create_node_interfaces
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -377,17 +339,14 @@ define(`create_port_interfaces',``
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_tcp_sendrecv_$1_port',`
|
define(`corenet_tcp_sendrecv_$1_port',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_port_t;
|
||||||
|
class tcp_socket { send_msg recv_msg };
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg };
|
allow dollarsone $1_port_t:tcp_socket { send_msg recv_msg };
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_tcp_sendrecv_$1_port_depend',`
|
|
||||||
type $1_port_t;
|
|
||||||
|
|
||||||
class tcp_socket { send_msg recv_msg };
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_send_$1_port">
|
## <interface name="corenet_udp_send_$1_port">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -400,17 +359,14 @@ define(`corenet_tcp_sendrecv_$1_port_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_send_$1_port',`
|
define(`corenet_udp_send_$1_port',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_port_t;
|
||||||
|
class udp_socket send_msg;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_port_t:udp_socket send_msg;
|
allow dollarsone $1_port_t:udp_socket send_msg;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_send_$1_port_depend',`
|
|
||||||
type $1_port_t;
|
|
||||||
|
|
||||||
class udp_socket send_msg;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenet_udp_receive_$1_port">
|
## <interface name="corenet_udp_receive_$1_port">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -423,17 +379,14 @@ define(`corenet_udp_send_$1_port_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_receive_$1_port',`
|
define(`corenet_udp_receive_$1_port',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_port_t;
|
||||||
|
class udp_socket recv_msg;
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_port_t:udp_socket recv_msg;
|
allow dollarsone $1_port_t:udp_socket recv_msg;
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_receive_$1_port_depend',`
|
|
||||||
type $1_port_t;
|
|
||||||
|
|
||||||
class udp_socket recv_msg;
|
|
||||||
')
|
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
## <interface name="corenetwork_sendrecv_udp_on_$1_port">
|
## <interface name="corenetwork_sendrecv_udp_on_$1_port">
|
||||||
## <description>
|
## <description>
|
||||||
|
@ -462,16 +415,13 @@ define(`corenet_udp_sendrecv_$1_port',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_tcp_bind_$1_port',`
|
define(`corenet_tcp_bind_$1_port',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
allow dollarsone $1_port_t:tcp_socket name_bind;
|
|
||||||
$2
|
|
||||||
')
|
|
||||||
|
|
||||||
define(`corenet_tcp_bind_$1_port_depend',`
|
|
||||||
type $1_port_t;
|
type $1_port_t;
|
||||||
|
|
||||||
class tcp_socket name_bind;
|
class tcp_socket name_bind;
|
||||||
$3
|
$3
|
||||||
|
')
|
||||||
|
allow dollarsone $1_port_t:tcp_socket name_bind;
|
||||||
|
$2
|
||||||
')
|
')
|
||||||
|
|
||||||
########################################
|
########################################
|
||||||
|
@ -486,18 +436,15 @@ define(`corenet_tcp_bind_$1_port_depend',`
|
||||||
## </interface>
|
## </interface>
|
||||||
#
|
#
|
||||||
define(`corenet_udp_bind_$1_port',`
|
define(`corenet_udp_bind_$1_port',`
|
||||||
gen_require(`dollarszero'_depend)
|
gen_require(`
|
||||||
|
type $1_port_t;
|
||||||
|
class udp_socket name_bind;
|
||||||
|
$3
|
||||||
|
')
|
||||||
|
|
||||||
allow dollarsone $1_port_t:udp_socket name_bind;
|
allow dollarsone $1_port_t:udp_socket name_bind;
|
||||||
$2
|
$2
|
||||||
')
|
')
|
||||||
|
|
||||||
define(`corenet_udp_bind_$1_port_depend',`
|
|
||||||
type $1_port_t;
|
|
||||||
|
|
||||||
class udp_socket name_bind;
|
|
||||||
$3
|
|
||||||
')
|
|
||||||
'') dnl end create_port_interfaces
|
'') dnl end create_port_interfaces
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue