2022-01-06 13:55:54 +00:00
|
|
|
policy_module(obfs4proxy)
|
2021-12-01 00:08:03 +00:00
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Declarations
|
|
|
|
#
|
|
|
|
|
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## Determine whether obfs4proxy can bind
|
|
|
|
## tcp sockets to all unreserved ports.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
|
|
|
gen_tunable(obfs4proxy_bind_all_unreserved_ports, false)
|
|
|
|
|
|
|
|
## <desc>
|
|
|
|
## <p>
|
|
|
|
## Determine whether obfs4proxy can bind
|
|
|
|
## tcp sockets to all http ports.
|
|
|
|
## </p>
|
|
|
|
## </desc>
|
|
|
|
gen_tunable(obfs4proxy_bind_http_ports, false)
|
|
|
|
|
|
|
|
type obfs4proxy_t;
|
|
|
|
type obfs4proxy_exec_t;
|
|
|
|
init_daemon_domain(obfs4proxy_t, obfs4proxy_exec_t)
|
|
|
|
|
|
|
|
########################################
|
|
|
|
#
|
|
|
|
# Local policy
|
|
|
|
#
|
|
|
|
|
|
|
|
allow obfs4proxy_t self:process signal;
|
|
|
|
allow obfs4proxy_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
|
|
|
|
corenet_tcp_bind_generic_node(obfs4proxy_t)
|
|
|
|
corenet_tcp_connect_all_unreserved_ports(obfs4proxy_t)
|
|
|
|
|
|
|
|
files_search_var_lib(obfs4proxy_t)
|
|
|
|
fs_getattr_all_dirs(obfs4proxy_t)
|
|
|
|
tor_rw_pt_state_var_files(obfs4proxy_t)
|
|
|
|
|
|
|
|
tunable_policy(`obfs4proxy_bind_all_unreserved_ports',`
|
|
|
|
corenet_sendrecv_all_server_packets(obfs4proxy_t)
|
|
|
|
corenet_tcp_bind_all_unreserved_ports(obfs4proxy_t)
|
|
|
|
')
|
|
|
|
|
|
|
|
tunable_policy(`obfs4proxy_bind_http_ports',`
|
|
|
|
corenet_tcp_bind_http_port(obfs4proxy_t)
|
|
|
|
')
|