1 |
commit: b08d56f2b2db5a8683a68cda6af4d723c2824b7c |
2 |
Author: Sven Vermeulen <sven.vermeulen <AT> siphos <DOT> be> |
3 |
AuthorDate: Sat Jun 7 18:19:31 2014 +0000 |
4 |
Commit: Sven Vermeulen <swift <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jun 7 18:19:31 2014 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-refpolicy.git;a=commit;h=b08d56f2 |
7 |
|
8 |
Update corenetwork.if after regeneration |
9 |
|
10 |
--- |
11 |
policy/modules/kernel/corenetwork.if | 1348 ++++++++++++++++++++++++++++++++++ |
12 |
1 file changed, 1348 insertions(+) |
13 |
|
14 |
diff --git a/policy/modules/kernel/corenetwork.if b/policy/modules/kernel/corenetwork.if |
15 |
index 5b6fef3..22e8137 100644 |
16 |
--- a/policy/modules/kernel/corenetwork.if |
17 |
+++ b/policy/modules/kernel/corenetwork.if |
18 |
@@ -1904,6 +1904,25 @@ interface(`corenet_tcp_connect_all_reserved_ports',` |
19 |
|
20 |
######################################## |
21 |
## <summary> |
22 |
+## Do not audit connect attempts to TCP sockets on |
23 |
+## ports greater than 1024. |
24 |
+## </summary> |
25 |
+## <param name="domain"> |
26 |
+## <summary> |
27 |
+## Domain not to audit access to. |
28 |
+## </summary> |
29 |
+## </param> |
30 |
+# |
31 |
+interface(`corenet_dontaudit_tcp_connect_all_unreserved_ports',` |
32 |
+ gen_require(` |
33 |
+ attribute unreserved_port_type; |
34 |
+ ') |
35 |
+ |
36 |
+ dontaudit $1 unreserved_port_type:tcp_socket name_connect; |
37 |
+') |
38 |
+ |
39 |
+######################################## |
40 |
+## <summary> |
41 |
## Connect TCP sockets to all ports > 1024. |
42 |
## </summary> |
43 |
## <param name="domain"> |
44 |
@@ -23963,6 +23982,449 @@ interface(`corenet_relabelto_dns_server_packets',` |
45 |
|
46 |
######################################## |
47 |
## <summary> |
48 |
+## Send and receive TCP traffic on the dropbox port. |
49 |
+## </summary> |
50 |
+## <param name="domain"> |
51 |
+## <summary> |
52 |
+## Domain allowed access. |
53 |
+## </summary> |
54 |
+## </param> |
55 |
+## <infoflow type="both" weight="10"/> |
56 |
+# |
57 |
+interface(`corenet_tcp_sendrecv_dropbox_port',` |
58 |
+ gen_require(` |
59 |
+ type dropbox_port_t; |
60 |
+ ') |
61 |
+ |
62 |
+ allow $1 dropbox_port_t:tcp_socket { send_msg recv_msg }; |
63 |
+') |
64 |
+ |
65 |
+######################################## |
66 |
+## <summary> |
67 |
+## Send UDP traffic on the dropbox port. |
68 |
+## </summary> |
69 |
+## <param name="domain"> |
70 |
+## <summary> |
71 |
+## Domain allowed access. |
72 |
+## </summary> |
73 |
+## </param> |
74 |
+## <infoflow type="write" weight="10"/> |
75 |
+# |
76 |
+interface(`corenet_udp_send_dropbox_port',` |
77 |
+ gen_require(` |
78 |
+ type dropbox_port_t; |
79 |
+ ') |
80 |
+ |
81 |
+ allow $1 dropbox_port_t:udp_socket send_msg; |
82 |
+') |
83 |
+ |
84 |
+######################################## |
85 |
+## <summary> |
86 |
+## Do not audit attempts to send UDP traffic on the dropbox port. |
87 |
+## </summary> |
88 |
+## <param name="domain"> |
89 |
+## <summary> |
90 |
+## Domain to not audit. |
91 |
+## </summary> |
92 |
+## </param> |
93 |
+## <infoflow type="none"/> |
94 |
+# |
95 |
+interface(`corenet_dontaudit_udp_send_dropbox_port',` |
96 |
+ gen_require(` |
97 |
+ type dropbox_port_t; |
98 |
+ ') |
99 |
+ |
100 |
+ dontaudit $1 dropbox_port_t:udp_socket send_msg; |
101 |
+') |
102 |
+ |
103 |
+######################################## |
104 |
+## <summary> |
105 |
+## Receive UDP traffic on the dropbox port. |
106 |
+## </summary> |
107 |
+## <param name="domain"> |
108 |
+## <summary> |
109 |
+## Domain allowed access. |
110 |
+## </summary> |
111 |
+## </param> |
112 |
+## <infoflow type="read" weight="10"/> |
113 |
+# |
114 |
+interface(`corenet_udp_receive_dropbox_port',` |
115 |
+ gen_require(` |
116 |
+ type dropbox_port_t; |
117 |
+ ') |
118 |
+ |
119 |
+ allow $1 dropbox_port_t:udp_socket recv_msg; |
120 |
+') |
121 |
+ |
122 |
+######################################## |
123 |
+## <summary> |
124 |
+## Do not audit attempts to receive UDP traffic on the dropbox port. |
125 |
+## </summary> |
126 |
+## <param name="domain"> |
127 |
+## <summary> |
128 |
+## Domain to not audit. |
129 |
+## </summary> |
130 |
+## </param> |
131 |
+## <infoflow type="none"/> |
132 |
+# |
133 |
+interface(`corenet_dontaudit_udp_receive_dropbox_port',` |
134 |
+ gen_require(` |
135 |
+ type dropbox_port_t; |
136 |
+ ') |
137 |
+ |
138 |
+ dontaudit $1 dropbox_port_t:udp_socket recv_msg; |
139 |
+') |
140 |
+ |
141 |
+######################################## |
142 |
+## <summary> |
143 |
+## Send and receive UDP traffic on the dropbox port. |
144 |
+## </summary> |
145 |
+## <param name="domain"> |
146 |
+## <summary> |
147 |
+## Domain allowed access. |
148 |
+## </summary> |
149 |
+## </param> |
150 |
+## <infoflow type="both" weight="10"/> |
151 |
+# |
152 |
+interface(`corenet_udp_sendrecv_dropbox_port',` |
153 |
+ corenet_udp_send_dropbox_port($1) |
154 |
+ corenet_udp_receive_dropbox_port($1) |
155 |
+') |
156 |
+ |
157 |
+######################################## |
158 |
+## <summary> |
159 |
+## Do not audit attempts to send and receive |
160 |
+## UDP traffic on the dropbox port. |
161 |
+## </summary> |
162 |
+## <param name="domain"> |
163 |
+## <summary> |
164 |
+## Domain to not audit. |
165 |
+## </summary> |
166 |
+## </param> |
167 |
+## <infoflow type="none"/> |
168 |
+# |
169 |
+interface(`corenet_dontaudit_udp_sendrecv_dropbox_port',` |
170 |
+ corenet_dontaudit_udp_send_dropbox_port($1) |
171 |
+ corenet_dontaudit_udp_receive_dropbox_port($1) |
172 |
+') |
173 |
+ |
174 |
+######################################## |
175 |
+## <summary> |
176 |
+## Bind TCP sockets to the dropbox port. |
177 |
+## </summary> |
178 |
+## <param name="domain"> |
179 |
+## <summary> |
180 |
+## Domain allowed access. |
181 |
+## </summary> |
182 |
+## </param> |
183 |
+## <infoflow type="none"/> |
184 |
+# |
185 |
+interface(`corenet_tcp_bind_dropbox_port',` |
186 |
+ gen_require(` |
187 |
+ type dropbox_port_t; |
188 |
+ ') |
189 |
+ |
190 |
+ allow $1 dropbox_port_t:tcp_socket name_bind; |
191 |
+ |
192 |
+') |
193 |
+ |
194 |
+######################################## |
195 |
+## <summary> |
196 |
+## Bind UDP sockets to the dropbox port. |
197 |
+## </summary> |
198 |
+## <param name="domain"> |
199 |
+## <summary> |
200 |
+## Domain allowed access. |
201 |
+## </summary> |
202 |
+## </param> |
203 |
+## <infoflow type="none"/> |
204 |
+# |
205 |
+interface(`corenet_udp_bind_dropbox_port',` |
206 |
+ gen_require(` |
207 |
+ type dropbox_port_t; |
208 |
+ ') |
209 |
+ |
210 |
+ allow $1 dropbox_port_t:udp_socket name_bind; |
211 |
+ |
212 |
+') |
213 |
+ |
214 |
+######################################## |
215 |
+## <summary> |
216 |
+## Make a TCP connection to the dropbox port. |
217 |
+## </summary> |
218 |
+## <param name="domain"> |
219 |
+## <summary> |
220 |
+## Domain allowed access. |
221 |
+## </summary> |
222 |
+## </param> |
223 |
+# |
224 |
+interface(`corenet_tcp_connect_dropbox_port',` |
225 |
+ gen_require(` |
226 |
+ type dropbox_port_t; |
227 |
+ ') |
228 |
+ |
229 |
+ allow $1 dropbox_port_t:tcp_socket name_connect; |
230 |
+') |
231 |
+ |
232 |
+ |
233 |
+######################################## |
234 |
+## <summary> |
235 |
+## Send dropbox_client packets. |
236 |
+## </summary> |
237 |
+## <param name="domain"> |
238 |
+## <summary> |
239 |
+## Domain allowed access. |
240 |
+## </summary> |
241 |
+## </param> |
242 |
+## <infoflow type="write" weight="10"/> |
243 |
+# |
244 |
+interface(`corenet_send_dropbox_client_packets',` |
245 |
+ gen_require(` |
246 |
+ type dropbox_client_packet_t; |
247 |
+ ') |
248 |
+ |
249 |
+ allow $1 dropbox_client_packet_t:packet send; |
250 |
+') |
251 |
+ |
252 |
+######################################## |
253 |
+## <summary> |
254 |
+## Do not audit attempts to send dropbox_client packets. |
255 |
+## </summary> |
256 |
+## <param name="domain"> |
257 |
+## <summary> |
258 |
+## Domain to not audit. |
259 |
+## </summary> |
260 |
+## </param> |
261 |
+## <infoflow type="none"/> |
262 |
+# |
263 |
+interface(`corenet_dontaudit_send_dropbox_client_packets',` |
264 |
+ gen_require(` |
265 |
+ type dropbox_client_packet_t; |
266 |
+ ') |
267 |
+ |
268 |
+ dontaudit $1 dropbox_client_packet_t:packet send; |
269 |
+') |
270 |
+ |
271 |
+######################################## |
272 |
+## <summary> |
273 |
+## Receive dropbox_client packets. |
274 |
+## </summary> |
275 |
+## <param name="domain"> |
276 |
+## <summary> |
277 |
+## Domain allowed access. |
278 |
+## </summary> |
279 |
+## </param> |
280 |
+## <infoflow type="read" weight="10"/> |
281 |
+# |
282 |
+interface(`corenet_receive_dropbox_client_packets',` |
283 |
+ gen_require(` |
284 |
+ type dropbox_client_packet_t; |
285 |
+ ') |
286 |
+ |
287 |
+ allow $1 dropbox_client_packet_t:packet recv; |
288 |
+') |
289 |
+ |
290 |
+######################################## |
291 |
+## <summary> |
292 |
+## Do not audit attempts to receive dropbox_client packets. |
293 |
+## </summary> |
294 |
+## <param name="domain"> |
295 |
+## <summary> |
296 |
+## Domain allowed access. |
297 |
+## </summary> |
298 |
+## </param> |
299 |
+## <infoflow type="none"/> |
300 |
+# |
301 |
+interface(`corenet_dontaudit_receive_dropbox_client_packets',` |
302 |
+ gen_require(` |
303 |
+ type dropbox_client_packet_t; |
304 |
+ ') |
305 |
+ |
306 |
+ dontaudit $1 dropbox_client_packet_t:packet recv; |
307 |
+') |
308 |
+ |
309 |
+######################################## |
310 |
+## <summary> |
311 |
+## Send and receive dropbox_client packets. |
312 |
+## </summary> |
313 |
+## <param name="domain"> |
314 |
+## <summary> |
315 |
+## Domain allowed access. |
316 |
+## </summary> |
317 |
+## </param> |
318 |
+## <infoflow type="both" weight="10"/> |
319 |
+# |
320 |
+interface(`corenet_sendrecv_dropbox_client_packets',` |
321 |
+ corenet_send_dropbox_client_packets($1) |
322 |
+ corenet_receive_dropbox_client_packets($1) |
323 |
+') |
324 |
+ |
325 |
+######################################## |
326 |
+## <summary> |
327 |
+## Do not audit attempts to send and receive dropbox_client packets. |
328 |
+## </summary> |
329 |
+## <param name="domain"> |
330 |
+## <summary> |
331 |
+## Domain to not audit. |
332 |
+## </summary> |
333 |
+## </param> |
334 |
+## <infoflow type="none"/> |
335 |
+# |
336 |
+interface(`corenet_dontaudit_sendrecv_dropbox_client_packets',` |
337 |
+ corenet_dontaudit_send_dropbox_client_packets($1) |
338 |
+ corenet_dontaudit_receive_dropbox_client_packets($1) |
339 |
+') |
340 |
+ |
341 |
+######################################## |
342 |
+## <summary> |
343 |
+## Relabel packets to dropbox_client the packet type. |
344 |
+## </summary> |
345 |
+## <param name="domain"> |
346 |
+## <summary> |
347 |
+## Domain allowed access. |
348 |
+## </summary> |
349 |
+## </param> |
350 |
+# |
351 |
+interface(`corenet_relabelto_dropbox_client_packets',` |
352 |
+ gen_require(` |
353 |
+ type dropbox_client_packet_t; |
354 |
+ ') |
355 |
+ |
356 |
+ allow $1 dropbox_client_packet_t:packet relabelto; |
357 |
+') |
358 |
+ |
359 |
+ |
360 |
+######################################## |
361 |
+## <summary> |
362 |
+## Send dropbox_server packets. |
363 |
+## </summary> |
364 |
+## <param name="domain"> |
365 |
+## <summary> |
366 |
+## Domain allowed access. |
367 |
+## </summary> |
368 |
+## </param> |
369 |
+## <infoflow type="write" weight="10"/> |
370 |
+# |
371 |
+interface(`corenet_send_dropbox_server_packets',` |
372 |
+ gen_require(` |
373 |
+ type dropbox_server_packet_t; |
374 |
+ ') |
375 |
+ |
376 |
+ allow $1 dropbox_server_packet_t:packet send; |
377 |
+') |
378 |
+ |
379 |
+######################################## |
380 |
+## <summary> |
381 |
+## Do not audit attempts to send dropbox_server packets. |
382 |
+## </summary> |
383 |
+## <param name="domain"> |
384 |
+## <summary> |
385 |
+## Domain to not audit. |
386 |
+## </summary> |
387 |
+## </param> |
388 |
+## <infoflow type="none"/> |
389 |
+# |
390 |
+interface(`corenet_dontaudit_send_dropbox_server_packets',` |
391 |
+ gen_require(` |
392 |
+ type dropbox_server_packet_t; |
393 |
+ ') |
394 |
+ |
395 |
+ dontaudit $1 dropbox_server_packet_t:packet send; |
396 |
+') |
397 |
+ |
398 |
+######################################## |
399 |
+## <summary> |
400 |
+## Receive dropbox_server packets. |
401 |
+## </summary> |
402 |
+## <param name="domain"> |
403 |
+## <summary> |
404 |
+## Domain allowed access. |
405 |
+## </summary> |
406 |
+## </param> |
407 |
+## <infoflow type="read" weight="10"/> |
408 |
+# |
409 |
+interface(`corenet_receive_dropbox_server_packets',` |
410 |
+ gen_require(` |
411 |
+ type dropbox_server_packet_t; |
412 |
+ ') |
413 |
+ |
414 |
+ allow $1 dropbox_server_packet_t:packet recv; |
415 |
+') |
416 |
+ |
417 |
+######################################## |
418 |
+## <summary> |
419 |
+## Do not audit attempts to receive dropbox_server packets. |
420 |
+## </summary> |
421 |
+## <param name="domain"> |
422 |
+## <summary> |
423 |
+## Domain allowed access. |
424 |
+## </summary> |
425 |
+## </param> |
426 |
+## <infoflow type="none"/> |
427 |
+# |
428 |
+interface(`corenet_dontaudit_receive_dropbox_server_packets',` |
429 |
+ gen_require(` |
430 |
+ type dropbox_server_packet_t; |
431 |
+ ') |
432 |
+ |
433 |
+ dontaudit $1 dropbox_server_packet_t:packet recv; |
434 |
+') |
435 |
+ |
436 |
+######################################## |
437 |
+## <summary> |
438 |
+## Send and receive dropbox_server packets. |
439 |
+## </summary> |
440 |
+## <param name="domain"> |
441 |
+## <summary> |
442 |
+## Domain allowed access. |
443 |
+## </summary> |
444 |
+## </param> |
445 |
+## <infoflow type="both" weight="10"/> |
446 |
+# |
447 |
+interface(`corenet_sendrecv_dropbox_server_packets',` |
448 |
+ corenet_send_dropbox_server_packets($1) |
449 |
+ corenet_receive_dropbox_server_packets($1) |
450 |
+') |
451 |
+ |
452 |
+######################################## |
453 |
+## <summary> |
454 |
+## Do not audit attempts to send and receive dropbox_server packets. |
455 |
+## </summary> |
456 |
+## <param name="domain"> |
457 |
+## <summary> |
458 |
+## Domain to not audit. |
459 |
+## </summary> |
460 |
+## </param> |
461 |
+## <infoflow type="none"/> |
462 |
+# |
463 |
+interface(`corenet_dontaudit_sendrecv_dropbox_server_packets',` |
464 |
+ corenet_dontaudit_send_dropbox_server_packets($1) |
465 |
+ corenet_dontaudit_receive_dropbox_server_packets($1) |
466 |
+') |
467 |
+ |
468 |
+######################################## |
469 |
+## <summary> |
470 |
+## Relabel packets to dropbox_server the packet type. |
471 |
+## </summary> |
472 |
+## <param name="domain"> |
473 |
+## <summary> |
474 |
+## Domain allowed access. |
475 |
+## </summary> |
476 |
+## </param> |
477 |
+# |
478 |
+interface(`corenet_relabelto_dropbox_server_packets',` |
479 |
+ gen_require(` |
480 |
+ type dropbox_server_packet_t; |
481 |
+ ') |
482 |
+ |
483 |
+ allow $1 dropbox_server_packet_t:packet relabelto; |
484 |
+') |
485 |
+ |
486 |
+ |
487 |
+ |
488 |
+ |
489 |
+######################################## |
490 |
+## <summary> |
491 |
## Send and receive TCP traffic on the efs port. |
492 |
## </summary> |
493 |
## <param name="domain"> |
494 |
@@ -27507,6 +27969,449 @@ interface(`corenet_relabelto_gatekeeper_server_packets',` |
495 |
|
496 |
######################################## |
497 |
## <summary> |
498 |
+## Send and receive TCP traffic on the gdomap port. |
499 |
+## </summary> |
500 |
+## <param name="domain"> |
501 |
+## <summary> |
502 |
+## Domain allowed access. |
503 |
+## </summary> |
504 |
+## </param> |
505 |
+## <infoflow type="both" weight="10"/> |
506 |
+# |
507 |
+interface(`corenet_tcp_sendrecv_gdomap_port',` |
508 |
+ gen_require(` |
509 |
+ type gdomap_port_t; |
510 |
+ ') |
511 |
+ |
512 |
+ allow $1 gdomap_port_t:tcp_socket { send_msg recv_msg }; |
513 |
+') |
514 |
+ |
515 |
+######################################## |
516 |
+## <summary> |
517 |
+## Send UDP traffic on the gdomap port. |
518 |
+## </summary> |
519 |
+## <param name="domain"> |
520 |
+## <summary> |
521 |
+## Domain allowed access. |
522 |
+## </summary> |
523 |
+## </param> |
524 |
+## <infoflow type="write" weight="10"/> |
525 |
+# |
526 |
+interface(`corenet_udp_send_gdomap_port',` |
527 |
+ gen_require(` |
528 |
+ type gdomap_port_t; |
529 |
+ ') |
530 |
+ |
531 |
+ allow $1 gdomap_port_t:udp_socket send_msg; |
532 |
+') |
533 |
+ |
534 |
+######################################## |
535 |
+## <summary> |
536 |
+## Do not audit attempts to send UDP traffic on the gdomap port. |
537 |
+## </summary> |
538 |
+## <param name="domain"> |
539 |
+## <summary> |
540 |
+## Domain to not audit. |
541 |
+## </summary> |
542 |
+## </param> |
543 |
+## <infoflow type="none"/> |
544 |
+# |
545 |
+interface(`corenet_dontaudit_udp_send_gdomap_port',` |
546 |
+ gen_require(` |
547 |
+ type gdomap_port_t; |
548 |
+ ') |
549 |
+ |
550 |
+ dontaudit $1 gdomap_port_t:udp_socket send_msg; |
551 |
+') |
552 |
+ |
553 |
+######################################## |
554 |
+## <summary> |
555 |
+## Receive UDP traffic on the gdomap port. |
556 |
+## </summary> |
557 |
+## <param name="domain"> |
558 |
+## <summary> |
559 |
+## Domain allowed access. |
560 |
+## </summary> |
561 |
+## </param> |
562 |
+## <infoflow type="read" weight="10"/> |
563 |
+# |
564 |
+interface(`corenet_udp_receive_gdomap_port',` |
565 |
+ gen_require(` |
566 |
+ type gdomap_port_t; |
567 |
+ ') |
568 |
+ |
569 |
+ allow $1 gdomap_port_t:udp_socket recv_msg; |
570 |
+') |
571 |
+ |
572 |
+######################################## |
573 |
+## <summary> |
574 |
+## Do not audit attempts to receive UDP traffic on the gdomap port. |
575 |
+## </summary> |
576 |
+## <param name="domain"> |
577 |
+## <summary> |
578 |
+## Domain to not audit. |
579 |
+## </summary> |
580 |
+## </param> |
581 |
+## <infoflow type="none"/> |
582 |
+# |
583 |
+interface(`corenet_dontaudit_udp_receive_gdomap_port',` |
584 |
+ gen_require(` |
585 |
+ type gdomap_port_t; |
586 |
+ ') |
587 |
+ |
588 |
+ dontaudit $1 gdomap_port_t:udp_socket recv_msg; |
589 |
+') |
590 |
+ |
591 |
+######################################## |
592 |
+## <summary> |
593 |
+## Send and receive UDP traffic on the gdomap port. |
594 |
+## </summary> |
595 |
+## <param name="domain"> |
596 |
+## <summary> |
597 |
+## Domain allowed access. |
598 |
+## </summary> |
599 |
+## </param> |
600 |
+## <infoflow type="both" weight="10"/> |
601 |
+# |
602 |
+interface(`corenet_udp_sendrecv_gdomap_port',` |
603 |
+ corenet_udp_send_gdomap_port($1) |
604 |
+ corenet_udp_receive_gdomap_port($1) |
605 |
+') |
606 |
+ |
607 |
+######################################## |
608 |
+## <summary> |
609 |
+## Do not audit attempts to send and receive |
610 |
+## UDP traffic on the gdomap port. |
611 |
+## </summary> |
612 |
+## <param name="domain"> |
613 |
+## <summary> |
614 |
+## Domain to not audit. |
615 |
+## </summary> |
616 |
+## </param> |
617 |
+## <infoflow type="none"/> |
618 |
+# |
619 |
+interface(`corenet_dontaudit_udp_sendrecv_gdomap_port',` |
620 |
+ corenet_dontaudit_udp_send_gdomap_port($1) |
621 |
+ corenet_dontaudit_udp_receive_gdomap_port($1) |
622 |
+') |
623 |
+ |
624 |
+######################################## |
625 |
+## <summary> |
626 |
+## Bind TCP sockets to the gdomap port. |
627 |
+## </summary> |
628 |
+## <param name="domain"> |
629 |
+## <summary> |
630 |
+## Domain allowed access. |
631 |
+## </summary> |
632 |
+## </param> |
633 |
+## <infoflow type="none"/> |
634 |
+# |
635 |
+interface(`corenet_tcp_bind_gdomap_port',` |
636 |
+ gen_require(` |
637 |
+ type gdomap_port_t; |
638 |
+ ') |
639 |
+ |
640 |
+ allow $1 gdomap_port_t:tcp_socket name_bind; |
641 |
+ allow $1 self:capability net_bind_service; |
642 |
+') |
643 |
+ |
644 |
+######################################## |
645 |
+## <summary> |
646 |
+## Bind UDP sockets to the gdomap port. |
647 |
+## </summary> |
648 |
+## <param name="domain"> |
649 |
+## <summary> |
650 |
+## Domain allowed access. |
651 |
+## </summary> |
652 |
+## </param> |
653 |
+## <infoflow type="none"/> |
654 |
+# |
655 |
+interface(`corenet_udp_bind_gdomap_port',` |
656 |
+ gen_require(` |
657 |
+ type gdomap_port_t; |
658 |
+ ') |
659 |
+ |
660 |
+ allow $1 gdomap_port_t:udp_socket name_bind; |
661 |
+ allow $1 self:capability net_bind_service; |
662 |
+') |
663 |
+ |
664 |
+######################################## |
665 |
+## <summary> |
666 |
+## Make a TCP connection to the gdomap port. |
667 |
+## </summary> |
668 |
+## <param name="domain"> |
669 |
+## <summary> |
670 |
+## Domain allowed access. |
671 |
+## </summary> |
672 |
+## </param> |
673 |
+# |
674 |
+interface(`corenet_tcp_connect_gdomap_port',` |
675 |
+ gen_require(` |
676 |
+ type gdomap_port_t; |
677 |
+ ') |
678 |
+ |
679 |
+ allow $1 gdomap_port_t:tcp_socket name_connect; |
680 |
+') |
681 |
+ |
682 |
+ |
683 |
+######################################## |
684 |
+## <summary> |
685 |
+## Send gdomap_client packets. |
686 |
+## </summary> |
687 |
+## <param name="domain"> |
688 |
+## <summary> |
689 |
+## Domain allowed access. |
690 |
+## </summary> |
691 |
+## </param> |
692 |
+## <infoflow type="write" weight="10"/> |
693 |
+# |
694 |
+interface(`corenet_send_gdomap_client_packets',` |
695 |
+ gen_require(` |
696 |
+ type gdomap_client_packet_t; |
697 |
+ ') |
698 |
+ |
699 |
+ allow $1 gdomap_client_packet_t:packet send; |
700 |
+') |
701 |
+ |
702 |
+######################################## |
703 |
+## <summary> |
704 |
+## Do not audit attempts to send gdomap_client packets. |
705 |
+## </summary> |
706 |
+## <param name="domain"> |
707 |
+## <summary> |
708 |
+## Domain to not audit. |
709 |
+## </summary> |
710 |
+## </param> |
711 |
+## <infoflow type="none"/> |
712 |
+# |
713 |
+interface(`corenet_dontaudit_send_gdomap_client_packets',` |
714 |
+ gen_require(` |
715 |
+ type gdomap_client_packet_t; |
716 |
+ ') |
717 |
+ |
718 |
+ dontaudit $1 gdomap_client_packet_t:packet send; |
719 |
+') |
720 |
+ |
721 |
+######################################## |
722 |
+## <summary> |
723 |
+## Receive gdomap_client packets. |
724 |
+## </summary> |
725 |
+## <param name="domain"> |
726 |
+## <summary> |
727 |
+## Domain allowed access. |
728 |
+## </summary> |
729 |
+## </param> |
730 |
+## <infoflow type="read" weight="10"/> |
731 |
+# |
732 |
+interface(`corenet_receive_gdomap_client_packets',` |
733 |
+ gen_require(` |
734 |
+ type gdomap_client_packet_t; |
735 |
+ ') |
736 |
+ |
737 |
+ allow $1 gdomap_client_packet_t:packet recv; |
738 |
+') |
739 |
+ |
740 |
+######################################## |
741 |
+## <summary> |
742 |
+## Do not audit attempts to receive gdomap_client packets. |
743 |
+## </summary> |
744 |
+## <param name="domain"> |
745 |
+## <summary> |
746 |
+## Domain allowed access. |
747 |
+## </summary> |
748 |
+## </param> |
749 |
+## <infoflow type="none"/> |
750 |
+# |
751 |
+interface(`corenet_dontaudit_receive_gdomap_client_packets',` |
752 |
+ gen_require(` |
753 |
+ type gdomap_client_packet_t; |
754 |
+ ') |
755 |
+ |
756 |
+ dontaudit $1 gdomap_client_packet_t:packet recv; |
757 |
+') |
758 |
+ |
759 |
+######################################## |
760 |
+## <summary> |
761 |
+## Send and receive gdomap_client packets. |
762 |
+## </summary> |
763 |
+## <param name="domain"> |
764 |
+## <summary> |
765 |
+## Domain allowed access. |
766 |
+## </summary> |
767 |
+## </param> |
768 |
+## <infoflow type="both" weight="10"/> |
769 |
+# |
770 |
+interface(`corenet_sendrecv_gdomap_client_packets',` |
771 |
+ corenet_send_gdomap_client_packets($1) |
772 |
+ corenet_receive_gdomap_client_packets($1) |
773 |
+') |
774 |
+ |
775 |
+######################################## |
776 |
+## <summary> |
777 |
+## Do not audit attempts to send and receive gdomap_client packets. |
778 |
+## </summary> |
779 |
+## <param name="domain"> |
780 |
+## <summary> |
781 |
+## Domain to not audit. |
782 |
+## </summary> |
783 |
+## </param> |
784 |
+## <infoflow type="none"/> |
785 |
+# |
786 |
+interface(`corenet_dontaudit_sendrecv_gdomap_client_packets',` |
787 |
+ corenet_dontaudit_send_gdomap_client_packets($1) |
788 |
+ corenet_dontaudit_receive_gdomap_client_packets($1) |
789 |
+') |
790 |
+ |
791 |
+######################################## |
792 |
+## <summary> |
793 |
+## Relabel packets to gdomap_client the packet type. |
794 |
+## </summary> |
795 |
+## <param name="domain"> |
796 |
+## <summary> |
797 |
+## Domain allowed access. |
798 |
+## </summary> |
799 |
+## </param> |
800 |
+# |
801 |
+interface(`corenet_relabelto_gdomap_client_packets',` |
802 |
+ gen_require(` |
803 |
+ type gdomap_client_packet_t; |
804 |
+ ') |
805 |
+ |
806 |
+ allow $1 gdomap_client_packet_t:packet relabelto; |
807 |
+') |
808 |
+ |
809 |
+ |
810 |
+######################################## |
811 |
+## <summary> |
812 |
+## Send gdomap_server packets. |
813 |
+## </summary> |
814 |
+## <param name="domain"> |
815 |
+## <summary> |
816 |
+## Domain allowed access. |
817 |
+## </summary> |
818 |
+## </param> |
819 |
+## <infoflow type="write" weight="10"/> |
820 |
+# |
821 |
+interface(`corenet_send_gdomap_server_packets',` |
822 |
+ gen_require(` |
823 |
+ type gdomap_server_packet_t; |
824 |
+ ') |
825 |
+ |
826 |
+ allow $1 gdomap_server_packet_t:packet send; |
827 |
+') |
828 |
+ |
829 |
+######################################## |
830 |
+## <summary> |
831 |
+## Do not audit attempts to send gdomap_server packets. |
832 |
+## </summary> |
833 |
+## <param name="domain"> |
834 |
+## <summary> |
835 |
+## Domain to not audit. |
836 |
+## </summary> |
837 |
+## </param> |
838 |
+## <infoflow type="none"/> |
839 |
+# |
840 |
+interface(`corenet_dontaudit_send_gdomap_server_packets',` |
841 |
+ gen_require(` |
842 |
+ type gdomap_server_packet_t; |
843 |
+ ') |
844 |
+ |
845 |
+ dontaudit $1 gdomap_server_packet_t:packet send; |
846 |
+') |
847 |
+ |
848 |
+######################################## |
849 |
+## <summary> |
850 |
+## Receive gdomap_server packets. |
851 |
+## </summary> |
852 |
+## <param name="domain"> |
853 |
+## <summary> |
854 |
+## Domain allowed access. |
855 |
+## </summary> |
856 |
+## </param> |
857 |
+## <infoflow type="read" weight="10"/> |
858 |
+# |
859 |
+interface(`corenet_receive_gdomap_server_packets',` |
860 |
+ gen_require(` |
861 |
+ type gdomap_server_packet_t; |
862 |
+ ') |
863 |
+ |
864 |
+ allow $1 gdomap_server_packet_t:packet recv; |
865 |
+') |
866 |
+ |
867 |
+######################################## |
868 |
+## <summary> |
869 |
+## Do not audit attempts to receive gdomap_server packets. |
870 |
+## </summary> |
871 |
+## <param name="domain"> |
872 |
+## <summary> |
873 |
+## Domain allowed access. |
874 |
+## </summary> |
875 |
+## </param> |
876 |
+## <infoflow type="none"/> |
877 |
+# |
878 |
+interface(`corenet_dontaudit_receive_gdomap_server_packets',` |
879 |
+ gen_require(` |
880 |
+ type gdomap_server_packet_t; |
881 |
+ ') |
882 |
+ |
883 |
+ dontaudit $1 gdomap_server_packet_t:packet recv; |
884 |
+') |
885 |
+ |
886 |
+######################################## |
887 |
+## <summary> |
888 |
+## Send and receive gdomap_server packets. |
889 |
+## </summary> |
890 |
+## <param name="domain"> |
891 |
+## <summary> |
892 |
+## Domain allowed access. |
893 |
+## </summary> |
894 |
+## </param> |
895 |
+## <infoflow type="both" weight="10"/> |
896 |
+# |
897 |
+interface(`corenet_sendrecv_gdomap_server_packets',` |
898 |
+ corenet_send_gdomap_server_packets($1) |
899 |
+ corenet_receive_gdomap_server_packets($1) |
900 |
+') |
901 |
+ |
902 |
+######################################## |
903 |
+## <summary> |
904 |
+## Do not audit attempts to send and receive gdomap_server packets. |
905 |
+## </summary> |
906 |
+## <param name="domain"> |
907 |
+## <summary> |
908 |
+## Domain to not audit. |
909 |
+## </summary> |
910 |
+## </param> |
911 |
+## <infoflow type="none"/> |
912 |
+# |
913 |
+interface(`corenet_dontaudit_sendrecv_gdomap_server_packets',` |
914 |
+ corenet_dontaudit_send_gdomap_server_packets($1) |
915 |
+ corenet_dontaudit_receive_gdomap_server_packets($1) |
916 |
+') |
917 |
+ |
918 |
+######################################## |
919 |
+## <summary> |
920 |
+## Relabel packets to gdomap_server the packet type. |
921 |
+## </summary> |
922 |
+## <param name="domain"> |
923 |
+## <summary> |
924 |
+## Domain allowed access. |
925 |
+## </summary> |
926 |
+## </param> |
927 |
+# |
928 |
+interface(`corenet_relabelto_gdomap_server_packets',` |
929 |
+ gen_require(` |
930 |
+ type gdomap_server_packet_t; |
931 |
+ ') |
932 |
+ |
933 |
+ allow $1 gdomap_server_packet_t:packet relabelto; |
934 |
+') |
935 |
+ |
936 |
+ |
937 |
+ |
938 |
+ |
939 |
+######################################## |
940 |
+## <summary> |
941 |
## Send and receive TCP traffic on the gds_db port. |
942 |
## </summary> |
943 |
## <param name="domain"> |
944 |
@@ -69592,6 +70497,449 @@ interface(`corenet_relabelto_razor_server_packets',` |
945 |
|
946 |
######################################## |
947 |
## <summary> |
948 |
+## Send and receive TCP traffic on the redis port. |
949 |
+## </summary> |
950 |
+## <param name="domain"> |
951 |
+## <summary> |
952 |
+## Domain allowed access. |
953 |
+## </summary> |
954 |
+## </param> |
955 |
+## <infoflow type="both" weight="10"/> |
956 |
+# |
957 |
+interface(`corenet_tcp_sendrecv_redis_port',` |
958 |
+ gen_require(` |
959 |
+ type redis_port_t; |
960 |
+ ') |
961 |
+ |
962 |
+ allow $1 redis_port_t:tcp_socket { send_msg recv_msg }; |
963 |
+') |
964 |
+ |
965 |
+######################################## |
966 |
+## <summary> |
967 |
+## Send UDP traffic on the redis port. |
968 |
+## </summary> |
969 |
+## <param name="domain"> |
970 |
+## <summary> |
971 |
+## Domain allowed access. |
972 |
+## </summary> |
973 |
+## </param> |
974 |
+## <infoflow type="write" weight="10"/> |
975 |
+# |
976 |
+interface(`corenet_udp_send_redis_port',` |
977 |
+ gen_require(` |
978 |
+ type redis_port_t; |
979 |
+ ') |
980 |
+ |
981 |
+ allow $1 redis_port_t:udp_socket send_msg; |
982 |
+') |
983 |
+ |
984 |
+######################################## |
985 |
+## <summary> |
986 |
+## Do not audit attempts to send UDP traffic on the redis port. |
987 |
+## </summary> |
988 |
+## <param name="domain"> |
989 |
+## <summary> |
990 |
+## Domain to not audit. |
991 |
+## </summary> |
992 |
+## </param> |
993 |
+## <infoflow type="none"/> |
994 |
+# |
995 |
+interface(`corenet_dontaudit_udp_send_redis_port',` |
996 |
+ gen_require(` |
997 |
+ type redis_port_t; |
998 |
+ ') |
999 |
+ |
1000 |
+ dontaudit $1 redis_port_t:udp_socket send_msg; |
1001 |
+') |
1002 |
+ |
1003 |
+######################################## |
1004 |
+## <summary> |
1005 |
+## Receive UDP traffic on the redis port. |
1006 |
+## </summary> |
1007 |
+## <param name="domain"> |
1008 |
+## <summary> |
1009 |
+## Domain allowed access. |
1010 |
+## </summary> |
1011 |
+## </param> |
1012 |
+## <infoflow type="read" weight="10"/> |
1013 |
+# |
1014 |
+interface(`corenet_udp_receive_redis_port',` |
1015 |
+ gen_require(` |
1016 |
+ type redis_port_t; |
1017 |
+ ') |
1018 |
+ |
1019 |
+ allow $1 redis_port_t:udp_socket recv_msg; |
1020 |
+') |
1021 |
+ |
1022 |
+######################################## |
1023 |
+## <summary> |
1024 |
+## Do not audit attempts to receive UDP traffic on the redis port. |
1025 |
+## </summary> |
1026 |
+## <param name="domain"> |
1027 |
+## <summary> |
1028 |
+## Domain to not audit. |
1029 |
+## </summary> |
1030 |
+## </param> |
1031 |
+## <infoflow type="none"/> |
1032 |
+# |
1033 |
+interface(`corenet_dontaudit_udp_receive_redis_port',` |
1034 |
+ gen_require(` |
1035 |
+ type redis_port_t; |
1036 |
+ ') |
1037 |
+ |
1038 |
+ dontaudit $1 redis_port_t:udp_socket recv_msg; |
1039 |
+') |
1040 |
+ |
1041 |
+######################################## |
1042 |
+## <summary> |
1043 |
+## Send and receive UDP traffic on the redis port. |
1044 |
+## </summary> |
1045 |
+## <param name="domain"> |
1046 |
+## <summary> |
1047 |
+## Domain allowed access. |
1048 |
+## </summary> |
1049 |
+## </param> |
1050 |
+## <infoflow type="both" weight="10"/> |
1051 |
+# |
1052 |
+interface(`corenet_udp_sendrecv_redis_port',` |
1053 |
+ corenet_udp_send_redis_port($1) |
1054 |
+ corenet_udp_receive_redis_port($1) |
1055 |
+') |
1056 |
+ |
1057 |
+######################################## |
1058 |
+## <summary> |
1059 |
+## Do not audit attempts to send and receive |
1060 |
+## UDP traffic on the redis port. |
1061 |
+## </summary> |
1062 |
+## <param name="domain"> |
1063 |
+## <summary> |
1064 |
+## Domain to not audit. |
1065 |
+## </summary> |
1066 |
+## </param> |
1067 |
+## <infoflow type="none"/> |
1068 |
+# |
1069 |
+interface(`corenet_dontaudit_udp_sendrecv_redis_port',` |
1070 |
+ corenet_dontaudit_udp_send_redis_port($1) |
1071 |
+ corenet_dontaudit_udp_receive_redis_port($1) |
1072 |
+') |
1073 |
+ |
1074 |
+######################################## |
1075 |
+## <summary> |
1076 |
+## Bind TCP sockets to the redis port. |
1077 |
+## </summary> |
1078 |
+## <param name="domain"> |
1079 |
+## <summary> |
1080 |
+## Domain allowed access. |
1081 |
+## </summary> |
1082 |
+## </param> |
1083 |
+## <infoflow type="none"/> |
1084 |
+# |
1085 |
+interface(`corenet_tcp_bind_redis_port',` |
1086 |
+ gen_require(` |
1087 |
+ type redis_port_t; |
1088 |
+ ') |
1089 |
+ |
1090 |
+ allow $1 redis_port_t:tcp_socket name_bind; |
1091 |
+ |
1092 |
+') |
1093 |
+ |
1094 |
+######################################## |
1095 |
+## <summary> |
1096 |
+## Bind UDP sockets to the redis port. |
1097 |
+## </summary> |
1098 |
+## <param name="domain"> |
1099 |
+## <summary> |
1100 |
+## Domain allowed access. |
1101 |
+## </summary> |
1102 |
+## </param> |
1103 |
+## <infoflow type="none"/> |
1104 |
+# |
1105 |
+interface(`corenet_udp_bind_redis_port',` |
1106 |
+ gen_require(` |
1107 |
+ type redis_port_t; |
1108 |
+ ') |
1109 |
+ |
1110 |
+ allow $1 redis_port_t:udp_socket name_bind; |
1111 |
+ |
1112 |
+') |
1113 |
+ |
1114 |
+######################################## |
1115 |
+## <summary> |
1116 |
+## Make a TCP connection to the redis port. |
1117 |
+## </summary> |
1118 |
+## <param name="domain"> |
1119 |
+## <summary> |
1120 |
+## Domain allowed access. |
1121 |
+## </summary> |
1122 |
+## </param> |
1123 |
+# |
1124 |
+interface(`corenet_tcp_connect_redis_port',` |
1125 |
+ gen_require(` |
1126 |
+ type redis_port_t; |
1127 |
+ ') |
1128 |
+ |
1129 |
+ allow $1 redis_port_t:tcp_socket name_connect; |
1130 |
+') |
1131 |
+ |
1132 |
+ |
1133 |
+######################################## |
1134 |
+## <summary> |
1135 |
+## Send redis_client packets. |
1136 |
+## </summary> |
1137 |
+## <param name="domain"> |
1138 |
+## <summary> |
1139 |
+## Domain allowed access. |
1140 |
+## </summary> |
1141 |
+## </param> |
1142 |
+## <infoflow type="write" weight="10"/> |
1143 |
+# |
1144 |
+interface(`corenet_send_redis_client_packets',` |
1145 |
+ gen_require(` |
1146 |
+ type redis_client_packet_t; |
1147 |
+ ') |
1148 |
+ |
1149 |
+ allow $1 redis_client_packet_t:packet send; |
1150 |
+') |
1151 |
+ |
1152 |
+######################################## |
1153 |
+## <summary> |
1154 |
+## Do not audit attempts to send redis_client packets. |
1155 |
+## </summary> |
1156 |
+## <param name="domain"> |
1157 |
+## <summary> |
1158 |
+## Domain to not audit. |
1159 |
+## </summary> |
1160 |
+## </param> |
1161 |
+## <infoflow type="none"/> |
1162 |
+# |
1163 |
+interface(`corenet_dontaudit_send_redis_client_packets',` |
1164 |
+ gen_require(` |
1165 |
+ type redis_client_packet_t; |
1166 |
+ ') |
1167 |
+ |
1168 |
+ dontaudit $1 redis_client_packet_t:packet send; |
1169 |
+') |
1170 |
+ |
1171 |
+######################################## |
1172 |
+## <summary> |
1173 |
+## Receive redis_client packets. |
1174 |
+## </summary> |
1175 |
+## <param name="domain"> |
1176 |
+## <summary> |
1177 |
+## Domain allowed access. |
1178 |
+## </summary> |
1179 |
+## </param> |
1180 |
+## <infoflow type="read" weight="10"/> |
1181 |
+# |
1182 |
+interface(`corenet_receive_redis_client_packets',` |
1183 |
+ gen_require(` |
1184 |
+ type redis_client_packet_t; |
1185 |
+ ') |
1186 |
+ |
1187 |
+ allow $1 redis_client_packet_t:packet recv; |
1188 |
+') |
1189 |
+ |
1190 |
+######################################## |
1191 |
+## <summary> |
1192 |
+## Do not audit attempts to receive redis_client packets. |
1193 |
+## </summary> |
1194 |
+## <param name="domain"> |
1195 |
+## <summary> |
1196 |
+## Domain allowed access. |
1197 |
+## </summary> |
1198 |
+## </param> |
1199 |
+## <infoflow type="none"/> |
1200 |
+# |
1201 |
+interface(`corenet_dontaudit_receive_redis_client_packets',` |
1202 |
+ gen_require(` |
1203 |
+ type redis_client_packet_t; |
1204 |
+ ') |
1205 |
+ |
1206 |
+ dontaudit $1 redis_client_packet_t:packet recv; |
1207 |
+') |
1208 |
+ |
1209 |
+######################################## |
1210 |
+## <summary> |
1211 |
+## Send and receive redis_client packets. |
1212 |
+## </summary> |
1213 |
+## <param name="domain"> |
1214 |
+## <summary> |
1215 |
+## Domain allowed access. |
1216 |
+## </summary> |
1217 |
+## </param> |
1218 |
+## <infoflow type="both" weight="10"/> |
1219 |
+# |
1220 |
+interface(`corenet_sendrecv_redis_client_packets',` |
1221 |
+ corenet_send_redis_client_packets($1) |
1222 |
+ corenet_receive_redis_client_packets($1) |
1223 |
+') |
1224 |
+ |
1225 |
+######################################## |
1226 |
+## <summary> |
1227 |
+## Do not audit attempts to send and receive redis_client packets. |
1228 |
+## </summary> |
1229 |
+## <param name="domain"> |
1230 |
+## <summary> |
1231 |
+## Domain to not audit. |
1232 |
+## </summary> |
1233 |
+## </param> |
1234 |
+## <infoflow type="none"/> |
1235 |
+# |
1236 |
+interface(`corenet_dontaudit_sendrecv_redis_client_packets',` |
1237 |
+ corenet_dontaudit_send_redis_client_packets($1) |
1238 |
+ corenet_dontaudit_receive_redis_client_packets($1) |
1239 |
+') |
1240 |
+ |
1241 |
+######################################## |
1242 |
+## <summary> |
1243 |
+## Relabel packets to redis_client the packet type. |
1244 |
+## </summary> |
1245 |
+## <param name="domain"> |
1246 |
+## <summary> |
1247 |
+## Domain allowed access. |
1248 |
+## </summary> |
1249 |
+## </param> |
1250 |
+# |
1251 |
+interface(`corenet_relabelto_redis_client_packets',` |
1252 |
+ gen_require(` |
1253 |
+ type redis_client_packet_t; |
1254 |
+ ') |
1255 |
+ |
1256 |
+ allow $1 redis_client_packet_t:packet relabelto; |
1257 |
+') |
1258 |
+ |
1259 |
+ |
1260 |
+######################################## |
1261 |
+## <summary> |
1262 |
+## Send redis_server packets. |
1263 |
+## </summary> |
1264 |
+## <param name="domain"> |
1265 |
+## <summary> |
1266 |
+## Domain allowed access. |
1267 |
+## </summary> |
1268 |
+## </param> |
1269 |
+## <infoflow type="write" weight="10"/> |
1270 |
+# |
1271 |
+interface(`corenet_send_redis_server_packets',` |
1272 |
+ gen_require(` |
1273 |
+ type redis_server_packet_t; |
1274 |
+ ') |
1275 |
+ |
1276 |
+ allow $1 redis_server_packet_t:packet send; |
1277 |
+') |
1278 |
+ |
1279 |
+######################################## |
1280 |
+## <summary> |
1281 |
+## Do not audit attempts to send redis_server packets. |
1282 |
+## </summary> |
1283 |
+## <param name="domain"> |
1284 |
+## <summary> |
1285 |
+## Domain to not audit. |
1286 |
+## </summary> |
1287 |
+## </param> |
1288 |
+## <infoflow type="none"/> |
1289 |
+# |
1290 |
+interface(`corenet_dontaudit_send_redis_server_packets',` |
1291 |
+ gen_require(` |
1292 |
+ type redis_server_packet_t; |
1293 |
+ ') |
1294 |
+ |
1295 |
+ dontaudit $1 redis_server_packet_t:packet send; |
1296 |
+') |
1297 |
+ |
1298 |
+######################################## |
1299 |
+## <summary> |
1300 |
+## Receive redis_server packets. |
1301 |
+## </summary> |
1302 |
+## <param name="domain"> |
1303 |
+## <summary> |
1304 |
+## Domain allowed access. |
1305 |
+## </summary> |
1306 |
+## </param> |
1307 |
+## <infoflow type="read" weight="10"/> |
1308 |
+# |
1309 |
+interface(`corenet_receive_redis_server_packets',` |
1310 |
+ gen_require(` |
1311 |
+ type redis_server_packet_t; |
1312 |
+ ') |
1313 |
+ |
1314 |
+ allow $1 redis_server_packet_t:packet recv; |
1315 |
+') |
1316 |
+ |
1317 |
+######################################## |
1318 |
+## <summary> |
1319 |
+## Do not audit attempts to receive redis_server packets. |
1320 |
+## </summary> |
1321 |
+## <param name="domain"> |
1322 |
+## <summary> |
1323 |
+## Domain allowed access. |
1324 |
+## </summary> |
1325 |
+## </param> |
1326 |
+## <infoflow type="none"/> |
1327 |
+# |
1328 |
+interface(`corenet_dontaudit_receive_redis_server_packets',` |
1329 |
+ gen_require(` |
1330 |
+ type redis_server_packet_t; |
1331 |
+ ') |
1332 |
+ |
1333 |
+ dontaudit $1 redis_server_packet_t:packet recv; |
1334 |
+') |
1335 |
+ |
1336 |
+######################################## |
1337 |
+## <summary> |
1338 |
+## Send and receive redis_server packets. |
1339 |
+## </summary> |
1340 |
+## <param name="domain"> |
1341 |
+## <summary> |
1342 |
+## Domain allowed access. |
1343 |
+## </summary> |
1344 |
+## </param> |
1345 |
+## <infoflow type="both" weight="10"/> |
1346 |
+# |
1347 |
+interface(`corenet_sendrecv_redis_server_packets',` |
1348 |
+ corenet_send_redis_server_packets($1) |
1349 |
+ corenet_receive_redis_server_packets($1) |
1350 |
+') |
1351 |
+ |
1352 |
+######################################## |
1353 |
+## <summary> |
1354 |
+## Do not audit attempts to send and receive redis_server packets. |
1355 |
+## </summary> |
1356 |
+## <param name="domain"> |
1357 |
+## <summary> |
1358 |
+## Domain to not audit. |
1359 |
+## </summary> |
1360 |
+## </param> |
1361 |
+## <infoflow type="none"/> |
1362 |
+# |
1363 |
+interface(`corenet_dontaudit_sendrecv_redis_server_packets',` |
1364 |
+ corenet_dontaudit_send_redis_server_packets($1) |
1365 |
+ corenet_dontaudit_receive_redis_server_packets($1) |
1366 |
+') |
1367 |
+ |
1368 |
+######################################## |
1369 |
+## <summary> |
1370 |
+## Relabel packets to redis_server the packet type. |
1371 |
+## </summary> |
1372 |
+## <param name="domain"> |
1373 |
+## <summary> |
1374 |
+## Domain allowed access. |
1375 |
+## </summary> |
1376 |
+## </param> |
1377 |
+# |
1378 |
+interface(`corenet_relabelto_redis_server_packets',` |
1379 |
+ gen_require(` |
1380 |
+ type redis_server_packet_t; |
1381 |
+ ') |
1382 |
+ |
1383 |
+ allow $1 redis_server_packet_t:packet relabelto; |
1384 |
+') |
1385 |
+ |
1386 |
+ |
1387 |
+ |
1388 |
+ |
1389 |
+######################################## |
1390 |
+## <summary> |
1391 |
## Send and receive TCP traffic on the repository port. |
1392 |
## </summary> |
1393 |
## <param name="domain"> |