diff --git a/refpolicy/Changelog b/refpolicy/Changelog index bc02f2f6c..d084d2e5f 100644 --- a/refpolicy/Changelog +++ b/refpolicy/Changelog @@ -1,3 +1,5 @@ + * Corenetwork now supports multiple network interfaces having the + same type. * Doc tool now creates pages for global Booleans and global tunables. * Doc tool now links directly to the interface/template in the module page when it is selected in the interface/template index. diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.in b/refpolicy/policy/modules/kernel/corenetwork.te.in index d4f0251ee..479a208d2 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.in +++ b/refpolicy/policy/modules/kernel/corenetwork.te.in @@ -123,11 +123,11 @@ network_node(unspec, s0, ::, ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) type netif_t, netif_type; sid netif context_template(system_u:object_r:netif_t,s0) -network_interface(lo, s0) -network_interface(eth0, s0) -network_interface(eth1, s0) -network_interface(eth2, s0) -network_interface(ippp0, s0) -network_interface(ipsec0, s0) -network_interface(ipsec1, s0) -network_interface(ipsec2, s0) +network_interface(lo, lo,s0) +network_interface(eth0, eth0,s0) +network_interface(eth1, eth1,s0) +network_interface(eth2, eth2,s0) +network_interface(ippp0, ippp0,s0) +network_interface(ipsec0, ipsec0,s0) +network_interface(ipsec1, ipsec1,s0) +network_interface(ipsec2, ipsec2,s0) diff --git a/refpolicy/policy/modules/kernel/corenetwork.te.m4 b/refpolicy/policy/modules/kernel/corenetwork.te.m4 index 431d71882..80a553108 100644 --- a/refpolicy/policy/modules/kernel/corenetwork.te.m4 +++ b/refpolicy/policy/modules/kernel/corenetwork.te.m4 @@ -1,10 +1,15 @@ +define(`declare_netifs',`dnl +netifcon $2 context_template(system_u:object_r:$1,$3) context_template(system_u:object_r:unlabeled_t,$3) +ifelse(`$4',`',`',`declare_netifs($1,shiftn(3,$*))')dnl +') + # -# network_interface(linux_interfacename,mls_sensitivity) +# network_interface(if_name,linux_interface,mls_sensitivity) # define(`network_interface',` gen_require(`type unlabeled_t') type $1_netif_t alias netif_$1_t, netif_type; -netifcon $1 context_template(system_u:object_r:$1_netif_t,$2) context_template(system_u:object_r:unlabeled_t,$2) +declare_netifs($1_netif_t,shift($*)) ') #