Navigation

← Previous Changeset
Next Changeset →

Changeset 221

Timestamp:

07/28/08 15:26:30 (4 months ago)

Author:

jmowery

Message:

add macro to generate network interfaces controlled by the network enabled boolean

Files:

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/global_booleans

r176	r221
32	32	## <desc>
33	33	## <p>
34		## log all relabels on the system
	34	## log all relabels on the system
35	35	## </p>
36	36	## </desc>
37	37	gen_bool(log_all_relabels,false)
38	38
	39	##
	40	## <desc>
	41	## <p>
	42	## Enable network traffic on all interfaces.
	43	## This does not include the loop back interface.
	44	## </p>
	45	## </desc>
	46	gen_bool(network_enabled,true)

branch/RHEL-5.2-20080702merge/src/selinux-policy-clip/policy/modules/kernel/corenetwork.if.m4

r203	r221
8	8	########################################
9	9	#
10		# Network Interface generated macros
	10	# Network Interface generated macros
11	11	#
12	12	########################################
…	…
141	141	'') dnl end create_netif_interfaces
142	142
143		########################################
144		#
145		# Network node generated macros
	143	# create confined network interfaces controlled by the network_enabled boolean
	144	# do not call this macro for loop back
	145	define(`create_netif_interfaces_controlled',``
	146	########################################
	147	## <summary>
	148	## Send and receive TCP network traffic on the $1 interface.
	149	## </summary>
	150	## <param name="domain">
	151	## <summary>
	152	## Domain allowed access.
	153	## </summary>
	154	## </param>
	155	## <infoflow type="both" weight="10"/>
	156	#
	157	interface(`corenet_tcp_sendrecv_$1_if',`
	158	gen_require(`
	159	$3 $1_$2;
	160	')
	161
	162	if (network_enabled)
	163	{
	164	allow dollarsone $1_$2:netif { tcp_send tcp_recv egress ingress };
	165	}
	166	')
	167
	168	########################################
	169	## <summary>
	170	## Send UDP network traffic on the $1 interface.
	171	## </summary>
	172	## <param name="domain">
	173	## <summary>
	174	## Domain allowed access.
	175	## </summary>
	176	## </param>
	177	## <infoflow type="write" weight="10"/>
	178	#
	179	interface(`corenet_udp_send_$1_if',`
	180	gen_require(`
	181	$3 $1_$2;
	182	')
	183
	184	if (network_enabled)
	185	{
	186	allow dollarsone $1_$2:netif { udp_send egress };
	187	}
	188	')
	189
	190	########################################
	191	## <summary>
	192	## Receive UDP network traffic on the $1 interface.
	193	## </summary>
	194	## <param name="domain">
	195	## <summary>
	196	## Domain allowed access.
	197	## </summary>
	198	## </param>
	199	## <infoflow type="read" weight="10"/>
	200	#
	201	interface(`corenet_udp_receive_$1_if',`
	202	gen_require(`
	203	$3 $1_$2;
	204	')
	205
	206	if (network_enabled)
	207	{
	208	allow dollarsone $1_$2:netif { udp_recv ingress };
	209	}
	210	')
	211
	212	########################################
	213	## <summary>
	214	## Send and receive UDP network traffic on the $1 interface.
	215	## </summary>
	216	## <param name="domain">
	217	## <summary>
	218	## Domain allowed access.
	219	## </summary>
	220	## </param>
	221	## <infoflow type="both" weight="10"/>
	222	#
	223	interface(`corenet_udp_sendrecv_$1_if',`
	224	corenet_udp_send_$1_if(dollarsone)
	225	corenet_udp_receive_$1_if(dollarsone)
	226	')
	227
	228	########################################
	229	## <summary>
	230	## Send raw IP packets on the $1 interface.
	231	## </summary>
	232	## <param name="domain">
	233	## <summary>
	234	## Domain allowed access.
	235	## </summary>
	236	## </param>
	237	## <infoflow type="write" weight="10"/>
	238	#
	239	interface(`corenet_raw_send_$1_if',`
	240	gen_require(`
	241	$3 $1_$2;
	242	')
	243
	244	if (network_enabled)
	245	{
	246	allow dollarsone $1_$2:netif { rawip_send egress };
	247	}
	248	')
	249
	250	########################################
	251	## <summary>
	252	## Receive raw IP packets on the $1 interface.
	253	## </summary>
	254	## <param name="domain">
	255	## <summary>
	256	## Domain allowed access.
	257	## </summary>
	258	## </param>
	259	## <infoflow type="read" weight="10"/>
	260	#
	261	interface(`corenet_raw_receive_$1_if',`
	262	gen_require(`
	263	$3 $1_$2;
	264	')
	265
	266	if (network_enabled)
	267	{
	268	allow dollarsone $1_$2:netif { rawip_recv ingress };
	269	}
	270	')
	271
	272	########################################
	273	## <summary>
	274	## Send and receive raw IP packets on the $1 interface.
	275	## </summary>
	276	## <param name="domain">
	277	## <summary>
	278	## Domain allowed access.
	279	## </summary>
	280	## </param>
	281	## <infoflow type="both" weight="10"/>
	282	#
	283	interface(`corenet_raw_sendrecv_$1_if',`
	284	corenet_raw_send_$1_if(dollarsone)
	285	corenet_raw_receive_$1_if(dollarsone)
	286	')
	287	'') dnl end create_netif_interfaces
	288
	289	########################################
	290	#
	291	# Network node generated macros
146	292	#
147	293	########################################
…	…
316	462	########################################
317	463	#
318		# Network port generated macros
	464	# Network port generated macros
319	465	#
320	466	########################################

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.