Changeset 215

Show
Ignore:
Timestamp:
07/21/08 14:09:54 (4 months ago)
Author:
jmowery
Message:

more complete removal of "all" type network access interface calls

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/amanda.te

    r214 r215  
    126126corenet_tcp_sendrecv_generic_port(amanda_t) 
    127127corenet_udp_sendrecv_generic_port(amanda_t) 
    128 corenet_tcp_bind_all_nodes(amanda_t) 
    129 corenet_udp_bind_all_nodes(amanda_t) 
     128corenet_tcp_bind_generic_node(amanda_t) 
     129corenet_udp_bind_generic_node(amanda_t) 
    130130corenet_tcp_bind_all_rpc_ports(amanda_t) 
    131131 
     
    205205corenet_tcp_sendrecv_generic_port(amanda_recover_t) 
    206206corenet_udp_sendrecv_generic_port(amanda_recover_t) 
    207 corenet_tcp_bind_all_nodes(amanda_recover_t) 
    208 corenet_udp_bind_all_nodes(amanda_recover_t) 
     207corenet_tcp_bind_generic_node(amanda_recover_t) 
     208corenet_udp_bind_generic_node(amanda_recover_t) 
    209209corenet_tcp_bind_reserved_port(amanda_recover_t) 
    210210corenet_tcp_connect_amanda_port(amanda_recover_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/apt.te

    r214 r215  
    8989corenet_udp_sendrecv_generic_port(apt_t) 
    9090# TODO: reall allow all these? 
    91 corenet_tcp_bind_all_nodes(apt_t) 
    92 corenet_udp_bind_all_nodes(apt_t) 
    93 corenet_tcp_connect_all_ports(apt_t) 
    94 corenet_sendrecv_all_client_packets(apt_t) 
     91corenet_tcp_bind_generic_node(apt_t) 
     92corenet_udp_bind_generic_node(apt_t) 
     93corenet_tcp_connect_generic_port(apt_t) 
     94corenet_sendrecv_generic_client_packets(apt_t) 
    9595 
    9696dev_read_urand(apt_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/backup.te

    r214 r215  
    4848corenet_tcp_sendrecv_generic_port(backup_t) 
    4949corenet_udp_sendrecv_generic_port(backup_t) 
    50 corenet_tcp_connect_all_ports(backup_t) 
    51 corenet_sendrecv_all_client_packets(backup_t) 
     50corenet_tcp_connect_generic_port(backup_t) 
     51corenet_sendrecv_generic_client_packets(backup_t) 
    5252 
    5353dev_getattr_all_blk_files(backup_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/dpkg.te

    r214 r215  
    101101corenet_tcp_sendrecv_generic_port(dpkg_t) 
    102102corenet_udp_sendrecv_generic_port(dpkg_t) 
    103 corenet_tcp_connect_all_ports(dpkg_t) 
    104 corenet_sendrecv_all_client_packets(dpkg_t) 
     103corenet_tcp_connect_generic_port(dpkg_t) 
     104corenet_sendrecv_generic_client_packets(dpkg_t) 
    105105 
    106106dev_list_sysfs(dpkg_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/mrtg.te

    r214 r215  
    7272corenet_tcp_sendrecv_generic_port(mrtg_t) 
    7373corenet_udp_sendrecv_generic_port(mrtg_t) 
    74 corenet_tcp_connect_all_ports(mrtg_t) 
    75 corenet_sendrecv_all_client_packets(mrtg_t) 
     74corenet_tcp_connect_generic_port(mrtg_t) 
     75corenet_sendrecv_generic_client_packets(mrtg_t) 
    7676 
    7777dev_read_sysfs(mrtg_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/netutils.te

    r214 r215  
    6262corenet_tcp_sendrecv_generic_port(netutils_t) 
    6363corenet_udp_sendrecv_generic_port(netutils_t) 
    64 corenet_tcp_connect_all_ports(netutils_t) 
    65 corenet_sendrecv_all_client_packets(netutils_t) 
     64corenet_tcp_connect_generic_port(netutils_t) 
     65corenet_sendrecv_generic_client_packets(netutils_t) 
    6666corenet_udp_bind_generic_node(netutils_t) 
    6767 
     
    183183corenet_tcp_sendrecv_generic_port(traceroute_t) 
    184184corenet_udp_sendrecv_generic_port(traceroute_t) 
    185 corenet_udp_bind_all_nodes(traceroute_t) 
    186 corenet_tcp_bind_all_nodes(traceroute_t) 
     185corenet_udp_bind_generic_node(traceroute_t) 
     186corenet_tcp_bind_generic_node(traceroute_t) 
    187187# traceroute needs this but not tracepath 
    188188corenet_raw_bind_all_nodes(traceroute_t) 
    189189corenet_udp_bind_traceroute_port(traceroute_t) 
    190 corenet_tcp_connect_all_ports(traceroute_t) 
    191 corenet_sendrecv_all_client_packets(traceroute_t) 
     190corenet_tcp_connect_generic_port(traceroute_t) 
     191corenet_sendrecv_generic_client_packets(traceroute_t) 
    192192corenet_sendrecv_traceroute_server_packets(traceroute_t) 
    193193 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/portage.if

    r214 r215  
    165165        corenet_tcp_sendrecv_generic_port($1) 
    166166        corenet_udp_sendrecv_generic_port($1) 
    167         corenet_tcp_connect_all_reserved_ports($1) 
     167        corenet_tcp_connect_reserved_port($1) 
    168168        corenet_tcp_connect_distccd_port($1) 
    169169 
     
    257257        # would rather not connect to unspecified ports, but 
    258258        # it occasionally comes up 
    259         corenet_tcp_connect_all_reserved_ports($1) 
     259        corenet_tcp_connect_reserved_port($1) 
    260260        corenet_tcp_connect_generic_port($1) 
    261261 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/rpm.te

    r214 r215  
    105105corenet_tcp_sendrecv_generic_port(rpm_t) 
    106106corenet_udp_sendrecv_generic_port(rpm_t) 
    107 corenet_tcp_connect_all_ports(rpm_t) 
    108 corenet_sendrecv_all_client_packets(rpm_t) 
     107corenet_tcp_connect_generic_port(rpm_t) 
     108corenet_sendrecv_generic_client_packets(rpm_t) 
    109109 
    110110dev_list_sysfs(rpm_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/admin/vpn.te

    r214 r215  
    5757corenet_tcp_sendrecv_generic_port(vpnc_t) 
    5858corenet_udp_sendrecv_generic_port(vpnc_t) 
    59 corenet_udp_bind_all_nodes(vpnc_t) 
     59corenet_udp_bind_generic_node(vpnc_t) 
    6060corenet_udp_bind_generic_port(vpnc_t) 
    6161corenet_udp_bind_isakmp_port(vpnc_t) 
    6262corenet_udp_bind_ipsecnat_port(vpnc_t) 
    63 corenet_tcp_connect_all_ports(vpnc_t) 
    64 corenet_sendrecv_all_client_packets(vpnc_t) 
     63corenet_tcp_connect_generic_port(vpnc_t) 
     64corenet_sendrecv_generic_client_packets(vpnc_t) 
    6565corenet_sendrecv_isakmp_server_packets(vpnc_t) 
    6666corenet_sendrecv_generic_server_packets(vpnc_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/evolution.if

    r214 r215  
    212212        corenet_sendrecv_ipp_client_packets($1_evolution_t) 
    213213        # not sure about this bind 
    214         corenet_udp_bind_all_nodes($1_evolution_t) 
     214        corenet_udp_bind_generic_node($1_evolution_t) 
    215215        corenet_udp_bind_generic_port($1_evolution_t) 
    216216 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/games.if

    r214 r215  
    100100        corenet_tcp_sendrecv_generic_port($1_games_t) 
    101101        corenet_udp_sendrecv_generic_port($1_games_t) 
    102         corenet_tcp_bind_all_nodes($1_games_t) 
     102        corenet_tcp_bind_generic_node($1_games_t) 
    103103        corenet_tcp_bind_generic_port($1_games_t) 
    104104        corenet_tcp_connect_generic_port($1_games_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/gift.if

    r214 r215  
    163163        corenet_tcp_sendrecv_generic_port($1_giftd_t) 
    164164        corenet_udp_sendrecv_generic_port($1_giftd_t) 
    165         corenet_tcp_bind_all_nodes($1_giftd_t) 
    166         corenet_udp_bind_all_nodes($1_giftd_t) 
    167         corenet_tcp_bind_all_ports($1_giftd_t) 
    168         corenet_udp_bind_all_ports($1_giftd_t) 
    169         corenet_tcp_connect_all_ports($1_giftd_t) 
    170         corenet_sendrecv_all_client_packets($1_giftd_t) 
     165        corenet_tcp_bind_generic_node($1_giftd_t) 
     166        corenet_udp_bind_generic_node($1_giftd_t) 
     167        corenet_tcp_bind_generic_port($1_giftd_t) 
     168        corenet_udp_bind_generic_port($1_giftd_t) 
     169        corenet_tcp_connect_generic_port($1_giftd_t) 
     170        corenet_sendrecv_generic_client_packets($1_giftd_t) 
    171171 
    172172        files_read_usr_files($1_giftd_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/gpg.if

    r214 r215  
    103103        corenet_tcp_sendrecv_generic_port($1_gpg_t) 
    104104        corenet_udp_sendrecv_generic_port($1_gpg_t) 
    105         corenet_tcp_connect_all_ports($1_gpg_t) 
    106         corenet_sendrecv_all_client_packets($1_gpg_t) 
     105        corenet_tcp_connect_generic_port($1_gpg_t) 
     106        corenet_sendrecv_generic_client_packets($1_gpg_t) 
    107107 
    108108        dev_read_rand($1_gpg_t) 
     
    169169        corenet_tcp_sendrecv_generic_port($1_gpg_helper_t) 
    170170        corenet_udp_sendrecv_generic_port($1_gpg_helper_t) 
    171         corenet_tcp_bind_all_nodes($1_gpg_helper_t) 
    172         corenet_udp_bind_all_nodes($1_gpg_helper_t) 
    173         corenet_tcp_connect_all_ports($1_gpg_helper_t) 
     171        corenet_tcp_bind_generic_node($1_gpg_helper_t) 
     172        corenet_udp_bind_generic_node($1_gpg_helper_t) 
     173        corenet_tcp_connect_generic_port($1_gpg_helper_t) 
    174174 
    175175        dev_read_urand($1_gpg_helper_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/irc.if

    r214 r215  
    100100        corenet_sendrecv_ircd_client_packets($1_irc_t) 
    101101        # cjp: this seems excessive: 
    102         corenet_tcp_connect_all_ports($1_irc_t) 
    103         corenet_sendrecv_all_client_packets($1_irc_t) 
     102        corenet_tcp_connect_generic_port($1_irc_t) 
     103        corenet_sendrecv_generic_client_packets($1_irc_t) 
    104104 
    105105        domain_use_interactive_fds($1_irc_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/java.if

    r214 r215  
    105105        corenet_tcp_sendrecv_generic_port($1_javaplugin_t) 
    106106        corenet_udp_sendrecv_generic_port($1_javaplugin_t) 
    107         corenet_tcp_connect_all_ports($1_javaplugin_t) 
    108         corenet_sendrecv_all_client_packets($1_javaplugin_t) 
     107        corenet_tcp_connect_generic_port($1_javaplugin_t) 
     108        corenet_sendrecv_generic_client_packets($1_javaplugin_t) 
    109109 
    110110        dev_read_sound($1_javaplugin_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/qemu.if

    r214 r215  
    168168        corenet_tcp_sendrecv_generic_node($1_t) 
    169169        corenet_tcp_sendrecv_generic_port($1_t) 
    170         corenet_tcp_bind_all_nodes($1_t) 
     170        corenet_tcp_bind_generic_node($1_t) 
    171171        corenet_tcp_bind_vnc_port($1_t) 
    172172        corenet_rw_tun_tap_dev($1_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/qemu.te

    r214 r215  
    3030        corenet_udp_sendrecv_generic_node(qemu_t) 
    3131        corenet_udp_sendrecv_generic_port(qemu_t) 
    32         corenet_udp_bind_all_nodes(qemu_t) 
    33         corenet_udp_bind_all_ports(qemu_t) 
    34         corenet_tcp_bind_all_ports(qemu_t) 
    35         corenet_tcp_connect_all_ports(qemu_t) 
     32        corenet_udp_bind_generic_node(qemu_t) 
     33        corenet_udp_bind_generic_port(qemu_t) 
     34        corenet_tcp_bind_generic_port(qemu_t) 
     35        corenet_tcp_connect_generic_port(qemu_t) 
    3636') 
    3737 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/screen.if

    r214 r215  
    119119        corenet_tcp_sendrecv_generic_port($1_screen_t) 
    120120        corenet_udp_sendrecv_generic_port($1_screen_t) 
    121         corenet_tcp_connect_all_ports($1_screen_t) 
     121        corenet_tcp_connect_generic_port($1_screen_t) 
    122122 
    123123        dev_dontaudit_getattr_all_chr_files($1_screen_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/uml.if

    r214 r215  
    159159        corenet_tcp_sendrecv_generic_port($1_uml_t) 
    160160        corenet_udp_sendrecv_generic_port($1_uml_t) 
    161         corenet_tcp_connect_all_ports($1_uml_t) 
    162         corenet_sendrecv_all_client_packets($1_uml_t) 
     161        corenet_tcp_connect_generic_port($1_uml_t) 
     162        corenet_sendrecv_generic_client_packets($1_uml_t) 
    163163        corenet_rw_tun_tap_dev($1_uml_t) 
    164164         

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/apps/vmware.te

    r214 r215  
    6464corenet_udp_sendrecv_generic_port(vmware_host_t) 
    6565corenet_raw_bind_all_nodes(vmware_host_t) 
    66 corenet_tcp_bind_all_nodes(vmware_host_t) 
    67 corenet_udp_bind_all_nodes(vmware_host_t) 
    68 corenet_tcp_connect_all_ports(vmware_host_t) 
    69 corenet_sendrecv_all_client_packets(vmware_host_t) 
     66corenet_tcp_bind_generic_node(vmware_host_t) 
     67corenet_udp_bind_generic_node(vmware_host_t) 
     68corenet_tcp_connect_generic_port(vmware_host_t) 
     69corenet_sendrecv_generic_client_packets(vmware_host_t) 
    7070corenet_sendrecv_all_server_packets(vmware_host_t) 
    7171 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/kernel/kernel.te

    r214 r215  
    313313        corenet_udp_sendrecv_generic_node(kernel_t) 
    314314        corenet_udp_sendrecv_generic_port(kernel_t) 
    315         corenet_udp_bind_all_nodes(kernel_t) 
     315        corenet_udp_bind_generic_node(kernel_t) 
    316316        corenet_sendrecv_portmap_client_packets(kernel_t) 
    317317        corenet_sendrecv_generic_server_packets(kernel_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/afs.te

    r214 r215  
    9898corenet_tcp_sendrecv_generic_port(afs_bosserver_t) 
    9999corenet_udp_sendrecv_generic_port(afs_bosserver_t) 
    100 corenet_udp_bind_all_nodes(afs_bosserver_t) 
     100corenet_udp_bind_generic_node(afs_bosserver_t) 
    101101corenet_udp_bind_afs_bos_port(afs_bosserver_t) 
    102102corenet_sendrecv_afs_bos_server_packets(afs_bosserver_t) 
     
    157157corenet_all_recvfrom_unlabeled(afs_fsserver_t) 
    158158corenet_all_recvfrom_netlabel(afs_fsserver_t) 
    159 corenet_tcp_bind_all_nodes(afs_fsserver_t) 
    160 corenet_udp_bind_all_nodes(afs_fsserver_t) 
     159corenet_tcp_bind_generic_node(afs_fsserver_t) 
     160corenet_udp_bind_generic_node(afs_fsserver_t) 
    161161corenet_tcp_bind_afs_fs_port(afs_fsserver_t) 
    162162corenet_udp_bind_afs_fs_port(afs_fsserver_t) 
     
    216216corenet_tcp_sendrecv_generic_port(afs_kaserver_t) 
    217217corenet_udp_sendrecv_generic_port(afs_kaserver_t) 
    218 corenet_udp_bind_all_nodes(afs_kaserver_t) 
     218corenet_udp_bind_generic_node(afs_kaserver_t) 
    219219corenet_udp_bind_afs_ka_port(afs_kaserver_t) 
    220220corenet_udp_bind_kerberos_port(afs_kaserver_t) 
     
    263263corenet_tcp_sendrecv_generic_port(afs_ptserver_t) 
    264264corenet_udp_sendrecv_generic_port(afs_ptserver_t) 
    265 corenet_udp_bind_all_nodes(afs_ptserver_t) 
     265corenet_udp_bind_generic_node(afs_ptserver_t) 
    266266corenet_udp_bind_afs_pt_port(afs_ptserver_t) 
    267267corenet_sendrecv_afs_pt_server_packets(afs_ptserver_t) 
     
    304304corenet_tcp_sendrecv_generic_port(afs_vlserver_t) 
    305305corenet_udp_sendrecv_generic_port(afs_vlserver_t) 
    306 corenet_udp_bind_all_nodes(afs_vlserver_t) 
     306corenet_udp_bind_generic_node(afs_vlserver_t) 
    307307corenet_udp_bind_afs_vl_port(afs_vlserver_t) 
    308308corenet_sendrecv_afs_vl_server_packets(afs_vlserver_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/amavis.te

    r214 r215  
    106106corenet_tcp_sendrecv_generic_if(amavis_t) 
    107107corenet_tcp_sendrecv_generic_node(amavis_t) 
    108 corenet_tcp_bind_all_nodes(amavis_t) 
    109 corenet_udp_bind_all_nodes(amavis_t) 
     108corenet_tcp_bind_generic_node(amavis_t) 
     109corenet_udp_bind_generic_node(amavis_t) 
    110110# amavis uses well-defined ports 
    111111corenet_tcp_sendrecv_amavisd_recv_port(amavis_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/apache.if

    r214 r215  
    210210                corenet_tcp_sendrecv_generic_port(httpd_$1_script_t) 
    211211                corenet_udp_sendrecv_generic_port(httpd_$1_script_t) 
    212                 corenet_tcp_connect_all_ports(httpd_$1_script_t) 
    213                 corenet_sendrecv_all_client_packets(httpd_$1_script_t) 
     212                corenet_tcp_connect_generic_port(httpd_$1_script_t) 
     213                corenet_sendrecv_generic_client_packets(httpd_$1_script_t) 
    214214 
    215215                sysnet_read_config(httpd_$1_script_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/apache.te

    r214 r215  
    299299corenet_tcp_sendrecv_generic_port(httpd_t) 
    300300corenet_udp_sendrecv_generic_port(httpd_t) 
    301 corenet_tcp_bind_all_nodes(httpd_t) 
     301corenet_tcp_bind_generic_node(httpd_t) 
    302302corenet_tcp_bind_http_port(httpd_t) 
    303303corenet_tcp_bind_http_cache_port(httpd_t) 
     
    368368 
    369369tunable_policy(`httpd_can_network_connect',` 
    370         corenet_tcp_connect_all_ports(httpd_t) 
     370        corenet_tcp_connect_generic_port(httpd_t) 
    371371') 
    372372 
     
    631631        corenet_tcp_sendrecv_generic_port(httpd_suexec_t) 
    632632        corenet_udp_sendrecv_generic_port(httpd_suexec_t) 
    633         corenet_tcp_connect_all_ports(httpd_suexec_t) 
    634         corenet_sendrecv_all_client_packets(httpd_suexec_t) 
     633        corenet_tcp_connect_generic_port(httpd_suexec_t) 
     634        corenet_sendrecv_generic_client_packets(httpd_suexec_t) 
    635635') 
    636636 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/apcupsd.te

    r214 r215  
    5757corenet_tcp_sendrecv_generic_node(apcupsd_t) 
    5858corenet_tcp_sendrecv_generic_port(apcupsd_t) 
    59 corenet_tcp_bind_all_nodes(apcupsd_t) 
     59corenet_tcp_bind_generic_node(apcupsd_t) 
    6060corenet_tcp_bind_apcupsd_port(apcupsd_t) 
    6161corenet_sendrecv_apcupsd_server_packets(apcupsd_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/asterisk.te

    r214 r215  
    9191corenet_tcp_sendrecv_generic_port(asterisk_t) 
    9292corenet_udp_sendrecv_generic_port(asterisk_t) 
    93 corenet_tcp_bind_all_nodes(asterisk_t) 
    94 corenet_udp_bind_all_nodes(asterisk_t) 
     93corenet_tcp_bind_generic_node(asterisk_t) 
     94corenet_udp_bind_generic_node(asterisk_t) 
    9595corenet_tcp_bind_asterisk_port(asterisk_t) 
    9696corenet_udp_bind_asterisk_port(asterisk_t) 

  • branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/services/automount.te

    r214 r215  
    8585corenet_tcp_sendrecv_generic_port(automount_t) 
    8686corenet_udp_sendrecv_generic_port(automount_t) 
    87