Add examples to documentation of common corenetwork interfaces.
This commit is contained in:
parent
a6bafb5a25
commit
4a4436a778
@ -151,8 +151,23 @@ interface(`corenet_server_packet',`
|
||||
## Related interface:
|
||||
## </p>
|
||||
## <ul>
|
||||
## <li>corenet_all_recvfrom_unlabeled()</li>
|
||||
## <li>corenet_tcp_sendrecv_generic_node()</li>
|
||||
## <li>corenet_tcp_sendrecv_all_ports()</li>
|
||||
## <li>corenet_tcp_connect_all_ports()</li>
|
||||
## </ul>
|
||||
## <p>
|
||||
## Example client being able to connect to all ports over
|
||||
## generic nodes, without labeled networking:
|
||||
## </p>
|
||||
## <p>
|
||||
## allow myclient_t self:tcp_socket create_stream_socket_perms;
|
||||
## corenet_tcp_sendrecv_generic_if(myclient_t)
|
||||
## corenet_tcp_sendrecv_generic_node(myclient_t)
|
||||
## corenet_tcp_sendrecv_all_ports(myclient_t)
|
||||
## corenet_tcp_connect_all_ports(myclient_t)
|
||||
## corenet_all_recvfrom_unlabeled(myclient_t)
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@ -256,8 +271,21 @@ interface(`corenet_dontaudit_udp_receive_generic_if',`
|
||||
## Related interface:
|
||||
## </p>
|
||||
## <ul>
|
||||
## <li>corenet_all_recvfrom_unlabeled()</li>
|
||||
## <li>corenet_udp_sendrecv_generic_node()</li>
|
||||
## <li>corenet_udp_sendrecv_all_ports()</li>
|
||||
## </ul>
|
||||
## <p>
|
||||
## Example client being able to send to all ports over
|
||||
## generic nodes, without labeled networking:
|
||||
## </p>
|
||||
## <p>
|
||||
## allow myclient_t self:udp_socket create_socket_perms;
|
||||
## corenet_udp_sendrecv_generic_if(myclient_t)
|
||||
## corenet_udp_sendrecv_generic_node(myclient_t)
|
||||
## corenet_udp_sendrecv_all_ports(myclient_t)
|
||||
## corenet_all_recvfrom_unlabeled(myclient_t)
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@ -525,8 +553,23 @@ interface(`corenet_raw_sendrecv_all_if',`
|
||||
## Related interface:
|
||||
## </p>
|
||||
## <ul>
|
||||
## <li>corenet_all_recvfrom_unlabeled()</li>
|
||||
## <li>corenet_tcp_sendrecv_generic_if()</li>
|
||||
## <li>corenet_tcp_sendrecv_all_ports()</li>
|
||||
## <li>corenet_tcp_connect_all_ports()</li>
|
||||
## </ul>
|
||||
## <p>
|
||||
## Example client being able to connect to all ports over
|
||||
## generic nodes, without labeled networking:
|
||||
## </p>
|
||||
## <p>
|
||||
## allow myclient_t self:tcp_socket create_stream_socket_perms;
|
||||
## corenet_tcp_sendrecv_generic_if(myclient_t)
|
||||
## corenet_tcp_sendrecv_generic_node(myclient_t)
|
||||
## corenet_tcp_sendrecv_all_ports(myclient_t)
|
||||
## corenet_tcp_connect_all_ports(myclient_t)
|
||||
## corenet_all_recvfrom_unlabeled(myclient_t)
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@ -592,8 +635,21 @@ interface(`corenet_udp_receive_generic_node',`
|
||||
## Related interface:
|
||||
## </p>
|
||||
## <ul>
|
||||
## <li>corenet_all_recvfrom_unlabeled()</li>
|
||||
## <li>corenet_udp_sendrecv_generic_if()</li>
|
||||
## <li>corenet_udp_sendrecv_all_ports()</li>
|
||||
## </ul>
|
||||
## <p>
|
||||
## Example client being able to send to all ports over
|
||||
## generic nodes, without labeled networking:
|
||||
## </p>
|
||||
## <p>
|
||||
## allow myclient_t self:udp_socket create_socket_perms;
|
||||
## corenet_udp_sendrecv_generic_if(myclient_t)
|
||||
## corenet_udp_sendrecv_generic_node(myclient_t)
|
||||
## corenet_udp_sendrecv_all_ports(myclient_t)
|
||||
## corenet_all_recvfrom_unlabeled(myclient_t)
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@ -1199,9 +1255,24 @@ interface(`corenet_tcp_connect_generic_port',`
|
||||
## Related interfaces:
|
||||
## </p>
|
||||
## <ul>
|
||||
## <li>corenet_all_recvfrom_unlabeled()</li>
|
||||
## <li>corenet_tcp_sendrecv_generic_if()</li>
|
||||
## <li>corenet_tcp_sendrecv_generic_node()</li>
|
||||
## <li>corenet_tcp_connect_all_ports()</li>
|
||||
## <li>corenet_tcp_bind_all_ports()</li>
|
||||
## </ul>
|
||||
## <p>
|
||||
## Example client being able to connect to all ports over
|
||||
## generic nodes, without labeled networking:
|
||||
## </p>
|
||||
## <p>
|
||||
## allow myclient_t self:tcp_socket create_stream_socket_perms;
|
||||
## corenet_tcp_sendrecv_generic_if(myclient_t)
|
||||
## corenet_tcp_sendrecv_generic_node(myclient_t)
|
||||
## corenet_tcp_sendrecv_all_ports(myclient_t)
|
||||
## corenet_tcp_connect_all_ports(myclient_t)
|
||||
## corenet_all_recvfrom_unlabeled(myclient_t)
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@ -1264,8 +1335,22 @@ interface(`corenet_udp_receive_all_ports',`
|
||||
## Related interfaces:
|
||||
## </p>
|
||||
## <ul>
|
||||
## <li>corenet_all_recvfrom_unlabeled()</li>
|
||||
## <li>corenet_udp_sendrecv_generic_if()</li>
|
||||
## <li>corenet_udp_sendrecv_generic_node()</li>
|
||||
## <li>corenet_udp_bind_all_ports()</li>
|
||||
## </ul>
|
||||
## <p>
|
||||
## Example client being able to send to all ports over
|
||||
## generic nodes, without labeled networking:
|
||||
## </p>
|
||||
## <p>
|
||||
## allow myclient_t self:udp_socket create_socket_perms;
|
||||
## corenet_udp_sendrecv_generic_if(myclient_t)
|
||||
## corenet_udp_sendrecv_generic_node(myclient_t)
|
||||
## corenet_udp_sendrecv_all_ports(myclient_t)
|
||||
## corenet_all_recvfrom_unlabeled(myclient_t)
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
@ -1357,11 +1442,39 @@ interface(`corenet_dontaudit_udp_bind_all_ports',`
|
||||
## <summary>
|
||||
## Connect TCP sockets to all ports.
|
||||
## </summary>
|
||||
## <desc>
|
||||
## <p>
|
||||
## Connect TCP sockets to all ports
|
||||
## </p>
|
||||
## <p>
|
||||
## Related interfaces:
|
||||
## </p>
|
||||
## <ul>
|
||||
## <li>corenet_all_recvfrom_unlabeled()</li>
|
||||
## <li>corenet_tcp_sendrecv_generic_if()</li>
|
||||
## <li>corenet_tcp_sendrecv_generic_node()</li>
|
||||
## <li>corenet_tcp_sendrecv_all_ports()</li>
|
||||
## <li>corenet_tcp_bind_all_ports()</li>
|
||||
## </ul>
|
||||
## <p>
|
||||
## Example client being able to connect to all ports over
|
||||
## generic nodes, without labeled networking:
|
||||
## </p>
|
||||
## <p>
|
||||
## allow myclient_t self:tcp_socket create_stream_socket_perms;
|
||||
## corenet_tcp_sendrecv_generic_if(myclient_t)
|
||||
## corenet_tcp_sendrecv_generic_node(myclient_t)
|
||||
## corenet_tcp_sendrecv_all_ports(myclient_t)
|
||||
## corenet_tcp_connect_all_ports(myclient_t)
|
||||
## corenet_all_recvfrom_unlabeled(myclient_t)
|
||||
## </p>
|
||||
## </desc>
|
||||
## <param name="domain">
|
||||
## <summary>
|
||||
## The type of the process performing this action.
|
||||
## Domain allowed access.
|
||||
## </summary>
|
||||
## </param>
|
||||
## <infoflow type="write" weight="1"/>
|
||||
#
|
||||
interface(`corenet_tcp_connect_all_ports',`
|
||||
gen_require(`
|
||||
|
Loading…
Reference in New Issue
Block a user