78276fc43b
Semodule stopped using this many years ago. The policy_module() macro will continue to support an optional second parameter as version. If it is not specified, a default value of 1 is set. Signed-off-by: Chris PeBenito <pebenito@ieee.org>
51 lines
1.1 KiB
Plaintext
51 lines
1.1 KiB
Plaintext
policy_module(obfs4proxy)
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Determine whether obfs4proxy can bind
|
|
## tcp sockets to all unreserved ports.
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(obfs4proxy_bind_all_unreserved_ports, false)
|
|
|
|
## <desc>
|
|
## <p>
|
|
## Determine whether obfs4proxy can bind
|
|
## tcp sockets to all http ports.
|
|
## </p>
|
|
## </desc>
|
|
gen_tunable(obfs4proxy_bind_http_ports, false)
|
|
|
|
type obfs4proxy_t;
|
|
type obfs4proxy_exec_t;
|
|
init_daemon_domain(obfs4proxy_t, obfs4proxy_exec_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow obfs4proxy_t self:process signal;
|
|
allow obfs4proxy_t self:tcp_socket create_stream_socket_perms;
|
|
|
|
corenet_tcp_bind_generic_node(obfs4proxy_t)
|
|
corenet_tcp_connect_all_unreserved_ports(obfs4proxy_t)
|
|
|
|
files_search_var_lib(obfs4proxy_t)
|
|
fs_getattr_all_dirs(obfs4proxy_t)
|
|
tor_rw_pt_state_var_files(obfs4proxy_t)
|
|
|
|
tunable_policy(`obfs4proxy_bind_all_unreserved_ports',`
|
|
corenet_sendrecv_all_server_packets(obfs4proxy_t)
|
|
corenet_tcp_bind_all_unreserved_ports(obfs4proxy_t)
|
|
')
|
|
|
|
tunable_policy(`obfs4proxy_bind_http_ports',`
|
|
corenet_tcp_bind_http_port(obfs4proxy_t)
|
|
')
|